Cyber Security News

Microsoft Security Update Fixed an Actively Exploited Zero-day Including 64 New Bugs

Microsoft released a new security update with the fixes for 64 new security vulnerabilities including 2 zero-day in which one is actively exploited in wild.

In this list of Vulnerabilities, 5 Vulnerabilities were marked as “Critical” and, the rest of the 58 vulnerabilities were fixed as “Important”.

Following products have received a patch that is affected by various vulnerabilities in this patch Tuesday update:-

  • .NET and Visual Studio
  • .NET Framework
  • Azure Arc
  • Cache Speculation
  • HTTP.sys
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft Windows ALPC
  • Microsoft Windows Codecs Library
  • Network Device Enrollment Service (NDES)
  • Role: DNS Server
  • Role: Windows Fax Service
  • SPNEGO Extended Negotiation
  • Visual Studio Code
  • Windows Common Log File System Driver
  • Windows Credential Roaming Service
  • Windows Defender
  • Windows Distributed File System (DFS)
  • Windows DPAPI (Data Protection Application Programming Interface)
  • Windows Enterprise App Management
  • Windows Event Tracing
  • Windows Group Policy
  • Windows IKE Extension
  • Windows Kerberos
  • Windows Kernel
  • Windows LDAP – Lightweight Directory Access Protocol
  • Windows ODBC Driver
  • Windows OLE
  • Windows Photo Import API
  • Windows Print Spooler Components
  • Windows Remote Access Connection Manager
  • Windows Remote Procedure Call
  • Windows TCP/IP
  • Windows Transport Security Layer (TLS)

Following categories are the vulnerabilities that are affected the above products:

  1. 30 Remote Code Execution Vulnerabilities
  2. 18 Elevation of Privilege Vulnerabilities
  3. 16 Edge – Chromium Vulnerabilities
  4. 7 Information Disclosure Vulnerabilities
  5. 7 Denial of Service Vulnerabilities
  6. 1 Security Feature Bypass Vulnerabilities

Zero-day Vulnerabilities are Fixed:

Microsoft Fixed 2 Zero-day Vulnerabilities. One (CVE-2022-37969) is Windows Common Log File System Driver Elevation of Privilege Vulnerability that allows attackers to exploit this vulnerability to gain SYSTEM privileges.

“An attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system.” Microsoft says.

Researchers at DBAPPSecurity, Mandiant, CrowdStrike, and Zscaler found this vulnerability and reported it to Microsoft.

 CVE-2022-23960 Cache Speculation Restriction bus is the second 0-day bug which is known as Spectre-BHB. MITRE created this CVE on behalf of Arm Limited.

Here the following notable critical vulnerabilities that was fixed in this September Patch Tuesday Microsoft security updates.

  • CVE-2022-34718 -Windows TCP/IP Remote Code Execution Vulnerability
  • CVE-2022-34721 -Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
  • CVE-2022-34722 – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
  • CVE-2022-34700 – Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
  • CVE-2022-35805 – Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability

Microsoft strongly recommended installing these security updates for all windows users to avoid the security risk and protect your Windows.

You can refer to the complete patch details for the full list of vulnerabilities resolved, and advisories, in the September 2022 Patch here.

Azure Active Directory Security – Download Free E-Book


Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Hackers Using Weaponized Virtual Hard Disk Files to Deliver Remcos RAT

Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious…

7 mins ago

NVIDIA ChatRTX For Windows App Vulnerability Let Attackers Escalate Privilege

A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…

4 hours ago

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

A new threat has emerged, targeting unsuspecting iPhone users through the seemingly secure iMefofferssage platform.…

5 hours ago

2 Chrome Zero-Days Exploited At Pwn2Own 2024 : Patch Now

Google patched seven vulnerabilities in the Chrome browser on Tuesday, including two zero-day exploits that…

6 hours ago

Source Code of Italian anti-piracy Platform Privacy Shield Leaked on GitHub

The source code and documentation of the Italian anti-piracy platform Privacy Shield have reportedly been…

8 hours ago

Wireshark 4.2.4 Released : What’s New!

Wireshark remains the go-to choice for both professionals and enthusiasts due to its unmatched capabilities…

13 hours ago