Post Syndicated from Greg Wiseman original https://blog.rapid7.com/2022/09/13/patch-tuesday-september-2022/
This month’s Patch Tuesday is on the lighter side, with 79 CVEs being fixed by Microsoft (including 16 CVEs affecting Chromium, used by their Edge browser, that were already available). One zero-day was announced: CVE-2022-37969 is an elevation of privilege vulnerability affecting the Log File System Driver in all supported versions of Windows, allowing attackers to gain SYSTEM-level access on an asset they’ve already got an initial foothold in. Interestingly, Microsoft credits four separate researchers/organizations for independently reporting this, which may be indicative of relatively widespread exploitation. Also previously disclosed (in March), though less useful to attackers, Microsoft has released a fix for CVE-2022-23960 (aka Spectre-BHB) for Windows 11 on ARM64.
Some of the more noteworthy vulnerabilities this month affect Windows systems with IPSec enabled. CVE-2022-34718 allows remote code execution (RCE) on any Windows system reachable via IPv6; CVE-2022-34721 and CVE-2022-34722 are RCE vulnerabilities in the Windows Internet Key Exchange (IKE) Protocol Extensions. All three CVEs are ranked Critical and carry a CVSSv3 base score of 9.8. Rounding out the Critical RCEs this month are CVE-2022-35805 and CVE-2022-34700 , both of which affect Microsoft Dynamics (on-premise) and have a CVSSv3 base score of 8.8. Any such systems should be updated immediately.
SharePoint administrators should also be aware of four separate RCEs being addressed this month. They’re ranked Important, meaning Microsoft recommends applying the updates at the earliest opportunity. Finally, a large swath of CVEs affecting OLE DB Provider for SQL Server and the Microsoft ODBC Driver were also fixed. These require some social engineering to exploit, by convincing a user to either connect to a malicious SQL Server or open a maliciously crafted .mdb (Access) file.
Summary charts
Summary tables
Azure vulnerabilities
CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Has FAQ?
CVE-2022-38007 Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability
No
No
7.8
Yes
Browser vulnerabilities
CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Has FAQ?
CVE-2022-38012 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
No
No
7.7
Yes
CVE-2022-3075 Chromium: CVE-2022-3075 Insufficient data validation in Mojo
No
No
N/A
Yes
CVE-2022-3058 Chromium: CVE-2022-3058 Use after free in Sign-In Flow
No
No
N/A
Yes
CVE-2022-3057 Chromium: CVE-2022-3057 Inappropriate implementation in iframe Sandbox
No
No
N/A
Yes
CVE-2022-3056 Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security Policy
No
No
N/A
Yes
CVE-2022-3055 Chromium: CVE-2022-3055 Use after free in Passwords
No
No
N/A
Yes
CVE-2022-3054 Chromium: CVE-2022-3054 Insufficient policy enforcement in DevTools
No
No
N/A
Yes
CVE-2022-3053 Chromium: CVE-2022-3053 Inappropriate implementation in Pointer Lock
No
No
N/A
Yes
CVE-2022-3047 Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions API
No
No
N/A
Yes
CVE-2022-3046 Chromium: CVE-2022-3046 Use after free in Browser Tag
No
No
N/A
Yes
CVE-2022-3045 Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8
No
No
N/A
Yes
CVE-2022-3044 Chromium: CVE-2022-3044 Inappropriate implementation in Site Isolation
No
No
N/A
Yes
CVE-2022-3041 Chromium: CVE-2022-3041 Use after free in WebSQL
No
No
N/A
Yes
CVE-2022-3040 Chromium: CVE-2022-3040 Use after free in Layout
No
No
N/A
Yes
CVE-2022-3039 Chromium: CVE-2022-3039 Use after free in WebSQL
No
No
N/A
Yes
CVE-2022-3038 Chromium: CVE-2022-3038 Use after free in Network Service
No
No
N/A
Yes
CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Has FAQ?
CVE-2022-26929 .NET Framework Remote Code Execution Vulnerability
No
No
7.8
Yes
CVE-2022-38013 .NET Core and Visual Studio Denial of Service Vulnerability
No
No
7.5
No
CVE-2022-38020 Visual Studio Code Elevation of Privilege Vulnerability
No
No
7.3
Yes
ESU vulnerabilities
CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Has FAQ?
CVE-2022-37964 Windows Kernel Elevation of Privilege Vulnerability
No
No
7.8
No
Microsoft Dynamics vulnerabilities
CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Has FAQ?
CVE-2022-35805 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-34700 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
No
No
8.8
Yes
Microsoft Office vulnerabilities
CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Has FAQ?
CVE-2022-38008 Microsoft SharePoint Server Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-38009 Microsoft SharePoint Server Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-37961 Microsoft SharePoint Server Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-35823 Microsoft SharePoint Remote Code Execution Vulnerability
No
No
8.1
Yes
CVE-2022-37962 Microsoft PowerPoint Remote Code Execution Vulnerability
No
No
7.8
Yes
CVE-2022-38010 Microsoft Office Visio Remote Code Execution Vulnerability
No
No
7.8
Yes
CVE-2022-37963 Microsoft Office Visio Remote Code Execution Vulnerability
No
No
7.8
Yes
System Center vulnerabilities
CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Has FAQ?
CVE-2022-35828 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
No
No
7.8
Yes
Windows vulnerabilities
CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Has FAQ?
CVE-2022-35841 Windows Enterprise App Management Service Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-30196 Windows Secure Channel Denial of Service Vulnerability
No
No
8.2
Yes
CVE-2022-37957 Windows Kernel Elevation of Privilege Vulnerability
No
No
7.8
Yes
CVE-2022-37954 DirectX Graphics Kernel Elevation of Privilege Vulnerability
No
No
7.8
Yes
CVE-2022-38019 AV1 Video Extension Remote Code Execution Vulnerability
No
No
7.8
Yes
CVE-2022-35838 HTTP V3 Denial of Service Vulnerability
No
No
7.5
No
CVE-2022-38011 Raw Image Extension Remote Code Execution Vulnerability
No
No
7.3
Yes
CVE-2022-26928 Windows Photo Import API Elevation of Privilege Vulnerability
No
No
7
Yes
CVE-2022-34725 Windows ALPC Elevation of Privilege Vulnerability
No
No
7
Yes
CVE-2022-37959 Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability
No
No
6.5
Yes
CVE-2022-35831 Windows Remote Access Connection Manager Information Disclosure Vulnerability
No
No
5.5
Yes
CVE-2022-34723 Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability
No
No
5.5
Yes
CVE-2022-23960 Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability
No
Yes
N/A
Yes
Windows ESU vulnerabilities
CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Has FAQ?
CVE-2022-34718 Windows TCP/IP Remote Code Execution Vulnerability
No
No
9.8
Yes
CVE-2022-34721 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
No
No
9.8
Yes
CVE-2022-34722 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
No
No
9.8
Yes
CVE-2022-35834 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-35835 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-35836 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-35840 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-34731 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-34733 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-34726 Microsoft ODBC Driver Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-34727 Microsoft ODBC Driver Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-34730 Microsoft ODBC Driver Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-34732 Microsoft ODBC Driver Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-34734 Microsoft ODBC Driver Remote Code Execution Vulnerability
No
No
8.8
Yes
CVE-2022-33679 Windows Kerberos Elevation of Privilege Vulnerability
No
No
8.1
Yes
CVE-2022-33647 Windows Kerberos Elevation of Privilege Vulnerability
No
No
8.1
Yes
CVE-2022-35830 Remote Procedure Call Runtime Remote Code Execution Vulnerability
No
No
8.1
Yes
CVE-2022-38005 Windows Print Spooler Elevation of Privilege Vulnerability
No
No
7.8
Yes
CVE-2022-30200 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
No
No
7.8
Yes
CVE-2022-37956 Windows Kernel Elevation of Privilege Vulnerability
No
No
7.8
Yes
CVE-2022-37955 Windows Group Policy Elevation of Privilege Vulnerability
No
No
7.8
Yes
CVE-2022-34729 Windows GDI Elevation of Privilege Vulnerability
No
No
7.8
Yes
CVE-2022-38004 Windows Fax Service Remote Code Execution Vulnerability
No
No
7.8
Yes
CVE-2022-34719 Windows Distributed File System (DFS) Elevation of Privilege Vulnerability
No
No
7.8
Yes
CVE-2022-37969 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Yes
Yes
7.8
Yes
CVE-2022-35803 Windows Common Log File System Driver Elevation of Privilege Vulnerability
No
No
7.8
Yes
CVE-2022-35833 Windows Secure Channel Denial of Service Vulnerability
No
No
7.5
No
CVE-2022-34720 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
No
No
7.5
No
CVE-2022-34724 Windows DNS Server Denial of Service Vulnerability
No
No
7.5
No
CVE-2022-37958 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability
No
No
7.5
Yes
CVE-2022-30170 Windows Credential Roaming Service Elevation of Privilege Vulnerability
No
No
7.3
Yes
CVE-2022-38006 Windows Graphics Component Information Disclosure Vulnerability
No
No
6.5
Yes
CVE-2022-34728 Windows Graphics Component Information Disclosure Vulnerability
No
No
5.5
Yes
CVE-2022-35832 Windows Event Tracing Denial of Service Vulnerability
No
No
5.5
No
CVE-2022-35837 Windows Graphics Component Information Disclosure Vulnerability
No
No
5
Yes
NEVER MISS A BLOG
Get the latest stories, expertise, and news about security today.
Subscribe
