Post Syndicated from Greg Wiseman original https://blog.rapid7.com/2022/09/13/patch-tuesday-september-2022/

This month’s Patch Tuesday is on the lighter side, with 79 CVEs being fixed by Microsoft (including 16 CVEs affecting Chromium, used by their Edge browser, that were already available). One zero-day was announced: CVE-2022-37969 is an elevation of privilege vulnerability affecting the Log File System Driver in all supported versions of Windows, allowing attackers to gain SYSTEM-level access on an asset they’ve already got an initial foothold in. Interestingly, Microsoft credits four separate researchers/organizations for independently reporting this, which may be indicative of relatively widespread exploitation. Also previously disclosed (in March), though less useful to attackers, Microsoft has released a fix for CVE-2022-23960 (aka Spectre-BHB) for Windows 11 on ARM64.

Some of the more noteworthy vulnerabilities this month affect Windows systems with IPSec enabled. CVE-2022-34718 allows remote code execution (RCE) on any Windows system reachable via IPv6; CVE-2022-34721 and CVE-2022-34722 are RCE vulnerabilities in the Windows Internet Key Exchange (IKE) Protocol Extensions. All three CVEs are ranked Critical and carry a CVSSv3 base score of 9.8. Rounding out the Critical RCEs this month are CVE-2022-35805 and CVE-2022-34700, both of which affect Microsoft Dynamics (on-premise) and have a CVSSv3 base score of 8.8. Any such systems should be updated immediately.

SharePoint administrators should also be aware of four separate RCEs being addressed this month. They’re ranked Important, meaning Microsoft recommends applying the updates at the earliest opportunity. Finally, a large swath of CVEs affecting OLE DB Provider for SQL Server and the Microsoft ODBC Driver were also fixed. These require some social engineering to exploit, by convincing a user to either connect to a malicious SQL Server or open a maliciously crafted .mdb (Access) file.

Summary charts

Summary tables

Azure vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-38007	Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability	No	No	7.8	Yes

Browser vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-38012	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	No	No	7.7	Yes
CVE-2022-3075	Chromium: CVE-2022-3075 Insufficient data validation in Mojo	No	No	N/A	Yes
CVE-2022-3058	Chromium: CVE-2022-3058 Use after free in Sign-In Flow	No	No	N/A	Yes
CVE-2022-3057	Chromium: CVE-2022-3057 Inappropriate implementation in iframe Sandbox	No	No	N/A	Yes
CVE-2022-3056	Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security Policy	No	No	N/A	Yes
CVE-2022-3055	Chromium: CVE-2022-3055 Use after free in Passwords	No	No	N/A	Yes
CVE-2022-3054	Chromium: CVE-2022-3054 Insufficient policy enforcement in DevTools	No	No	N/A	Yes
CVE-2022-3053	Chromium: CVE-2022-3053 Inappropriate implementation in Pointer Lock	No	No	N/A	Yes
CVE-2022-3047	Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions API	No	No	N/A	Yes
CVE-2022-3046	Chromium: CVE-2022-3046 Use after free in Browser Tag	No	No	N/A	Yes
CVE-2022-3045	Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8	No	No	N/A	Yes
CVE-2022-3044	Chromium: CVE-2022-3044 Inappropriate implementation in Site Isolation	No	No	N/A	Yes
CVE-2022-3041	Chromium: CVE-2022-3041 Use after free in WebSQL	No	No	N/A	Yes
CVE-2022-3040	Chromium: CVE-2022-3040 Use after free in Layout	No	No	N/A	Yes
CVE-2022-3039	Chromium: CVE-2022-3039 Use after free in WebSQL	No	No	N/A	Yes
CVE-2022-3038	Chromium: CVE-2022-3038 Use after free in Network Service	No	No	N/A	Yes

Developer Tools vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-26929	.NET Framework Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-38013	.NET Core and Visual Studio Denial of Service Vulnerability	No	No	7.5	No
CVE-2022-38020	Visual Studio Code Elevation of Privilege Vulnerability	No	No	7.3	Yes

ESU vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-37964	Windows Kernel Elevation of Privilege Vulnerability	No	No	7.8	No

Microsoft Dynamics vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-35805	Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-34700	Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability	No	No	8.8	Yes

Microsoft Office vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-38008	Microsoft SharePoint Server Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-38009	Microsoft SharePoint Server Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-37961	Microsoft SharePoint Server Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-35823	Microsoft SharePoint Remote Code Execution Vulnerability	No	No	8.1	Yes
CVE-2022-37962	Microsoft PowerPoint Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-38010	Microsoft Office Visio Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-37963	Microsoft Office Visio Remote Code Execution Vulnerability	No	No	7.8	Yes

System Center vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-35828	Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability	No	No	7.8	Yes

Windows vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-35841	Windows Enterprise App Management Service Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-30196	Windows Secure Channel Denial of Service Vulnerability	No	No	8.2	Yes
CVE-2022-37957	Windows Kernel Elevation of Privilege Vulnerability	No	No	7.8	Yes
CVE-2022-37954	DirectX Graphics Kernel Elevation of Privilege Vulnerability	No	No	7.8	Yes
CVE-2022-38019	AV1 Video Extension Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-35838	HTTP V3 Denial of Service Vulnerability	No	No	7.5	No
CVE-2022-38011	Raw Image Extension Remote Code Execution Vulnerability	No	No	7.3	Yes
CVE-2022-26928	Windows Photo Import API Elevation of Privilege Vulnerability	No	No	7	Yes
CVE-2022-34725	Windows ALPC Elevation of Privilege Vulnerability	No	No	7	Yes
CVE-2022-37959	Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability	No	No	6.5	Yes
CVE-2022-35831	Windows Remote Access Connection Manager Information Disclosure Vulnerability	No	No	5.5	Yes
CVE-2022-34723	Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability	No	No	5.5	Yes
CVE-2022-23960	Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability	No	Yes	N/A	Yes

Windows ESU vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-34718	Windows TCP/IP Remote Code Execution Vulnerability	No	No	9.8	Yes
CVE-2022-34721	Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability	No	No	9.8	Yes
CVE-2022-34722	Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability	No	No	9.8	Yes
CVE-2022-35834	Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-35835	Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-35836	Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-35840	Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-34731	Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-34733	Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-34726	Microsoft ODBC Driver Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-34727	Microsoft ODBC Driver Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-34730	Microsoft ODBC Driver Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-34732	Microsoft ODBC Driver Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-34734	Microsoft ODBC Driver Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-33679	Windows Kerberos Elevation of Privilege Vulnerability	No	No	8.1	Yes
CVE-2022-33647	Windows Kerberos Elevation of Privilege Vulnerability	No	No	8.1	Yes
CVE-2022-35830	Remote Procedure Call Runtime Remote Code Execution Vulnerability	No	No	8.1	Yes
CVE-2022-38005	Windows Print Spooler Elevation of Privilege Vulnerability	No	No	7.8	Yes
CVE-2022-30200	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-37956	Windows Kernel Elevation of Privilege Vulnerability	No	No	7.8	Yes
CVE-2022-37955	Windows Group Policy Elevation of Privilege Vulnerability	No	No	7.8	Yes
CVE-2022-34729	Windows GDI Elevation of Privilege Vulnerability	No	No	7.8	Yes
CVE-2022-38004	Windows Fax Service Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-34719	Windows Distributed File System (DFS) Elevation of Privilege Vulnerability	No	No	7.8	Yes
CVE-2022-37969	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Yes	Yes	7.8	Yes
CVE-2022-35803	Windows Common Log File System Driver Elevation of Privilege Vulnerability	No	No	7.8	Yes
CVE-2022-35833	Windows Secure Channel Denial of Service Vulnerability	No	No	7.5	No
CVE-2022-34720	Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability	No	No	7.5	No
CVE-2022-34724	Windows DNS Server Denial of Service Vulnerability	No	No	7.5	No
CVE-2022-37958	SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability	No	No	7.5	Yes
CVE-2022-30170	Windows Credential Roaming Service Elevation of Privilege Vulnerability	No	No	7.3	Yes
CVE-2022-38006	Windows Graphics Component Information Disclosure Vulnerability	No	No	6.5	Yes
CVE-2022-34728	Windows Graphics Component Information Disclosure Vulnerability	No	No	5.5	Yes
CVE-2022-35832	Windows Event Tracing Denial of Service Vulnerability	No	No	5.5	No
CVE-2022-35837	Windows Graphics Component Information Disclosure Vulnerability	No	No	5	Yes