This month we got patches for 79 vulnerabilities. Of these, 5 are critical, 2 were previously disclosed, and 1 is already being exploited, according to Microsoft.
The exploited vulnerability is an elevation of privilege in Windows Common Log File System Driver (CVE-2022-37969). According to the exploit, an attacker who successfully exploited this vulnerability could gain SYSTEM privileges. The attack vector is local, and requires no user interaction. The CVSS for this vulnerability is 7.8.
Amongst critical vulnerabilities, there is a Remote Code Execution (RCE) affecting Windows Internet Key Exchange (IKE) Protocol Extensions (CVE-2022-34721). An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. Although this vulnerability affects just IKEv1, all Windows Servers versions are affected as V1, and V2 packets are accepted. The attack vector is ‘network’, no user interaction and privileges are required, and the attack complexity is low. This vulnerability brings together the characteristics of a wormable vulnerability that you should give attention to and apply the patch as soon as possible. The CVSS for this vulnerability is 9.80.
Another critical vulnerability is an RCE affecting Windows TCP/IP (CVE-2022-34718). An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine. Only systems with the IPSec service running are vulnerable to this attack. As the previous one, this vulnerability brings together the characteristics of a wormable vulnerability. The CVSS for this vulnerability is 9.80 as well.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/
September 2022 Security Updates
Sep 13th 2022
Sep 13th 2022
3 weeks ago