December 3, 2023

Microsoft patched 62 CVEs (excluding CVEs for chromium bugs) in its September 2022 Patch Tuesday release, with five rated as critical and 57 rated as important. A lighter one when compared to August 2022.

This month’s update includes patches for below products:

  • .NET and Visual Studio
  • .NET Framework
  • Azure
  • Azure Arc
  • Cache Speculation
  • HTTP.sys
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft Windows ALPC
  • Microsoft Windows Codecs Library
  • Network Device Enrollment Service (NDES)
  • Role: DNS Server
  • Role: Windows Fax Service
  • SPNEGO Extended Negotiation
  • Visual Studio Code
  • Windows Common Log File System Driver
  • Windows Credential Roaming Service
  • Windows Defender
  • Windows Distributed File System (DFS)
  • Windows DPAPI (Data Protection Application Programming Interface)
  • Windows Enterprise App Management
  • Windows Event Tracing
  • Windows Group Policy
  • Windows IKE Extension
  • Windows Kerberos
  • Windows Kernel
  • Windows LDAP – Lightweight Directory Access Protocol
  • Windows ODBC Driver
  • Windows OLE
  • Windows Photo Import API
  • Windows Print Spooler Components
  • Windows Remote Access Connection Manager
  • Windows Remote Procedure Call
  • Windows TCP/IP
  • Windows Transport Security Layer (TLS)
Advertisements

Windows Common Log File System Driver EoP  Vulnerability

CVE-2022-37969 is an EoP vulnerability in the Windows Common Log File System (CLFS) Driver. this vulnerability is a post-exploitation bug that has been exploited in the wild and disclosed prior to a patch being available.

CVE-2022-24521, a similar vulnerability in CLFS, was patched earlier this year as part of Microsoft’s April Patch Tuesday release, which was also exploited in the wild. It is unclear currently if CVE-2022-37969 is potentially a patch-bypass for CVE-2022-24521.

Windows TCP/IP RCE Vulnerability

CVE-2022-34718 is an RCE in Windows TCP/IP with a CVSSv3 score of 9.8 and was rated Exploitation More Likely. This vulnerability can only be exploited against systems with Internet Protocol Security (IPsec) enabled. Successful exploitation could grant an unauthenticated attacker remote code execution. Microsoft has released patches for all supported versions of Windows, including Server Core editions.

Windows Internet Key Exchange (IKE) Protocol Extensions RCE Vulnerability

CVE-2022-34721 and CVE-2022-34722 are RCE vulnerabilities in the Windows IKE protocol extensions with a CVSSv3 score of 9.8 and were rated Exploitation Less Likely.

The IKE protocol is a component of IPsec used to set up security associations. These vulnerabilities would allow an unauthenticated, remote attacker to send a specially crafted IP packet to a target with IPsec enabled and achieve remote code execution. IPsec is used to protect sensitive data and is commonly used in virtual private networks. CVE-2022-34720, a DoS flaw in the IKE Protocol Exchange, and CVE-2022-35830, an RCE vulnerability in the Remote Procedure Call runtime.

Advertisements

Windows Kernel EoP Vulnerability

CVE-2022-37956, CVE-2022-37957, and CVE-2022-37964 are EoP vulnerabilities impacting the Windows Kernel. CVSSv3 score is 7.8 for all three vulnerabilities and if exploited, could allow an attacker to gain SYSTEM level privileges. Of the three, only CVE-2022-37957 was rated as Exploitation More Likely. All three impact various versions of Windows.

Microsoft Dynamics 365 Vulnerabilities

Two other critical vulnerabilities, CVE-2022-35805 and CVE-2022-34700 exist in on-premises instances of Microsoft Dynamics 365. An authenticated attacker could exploit these vulnerabilities to run a specially crafted trusted solution package and execute arbitrary SQL commands. The attacker could escalate their privileges further and execute commands as the database owner.

SharePoint Vulnerabilities

Four SharePoint remote code execution vulnerabilities, CVE-2022-35823,  CVE-2022-38008,  CVE-2022-38009, and CVE-2022-37961, would likely be exploited by an attacker that already has initial access to move laterally across the network. The bugs could impact organizations that use SharePoint for internal wikis or document stores, and attackers could exploit them to steal confidential information, replace documents with new versions that contain malicious code or inject macros to infect other systems.

Other notable bugs

  • CVE-2022-34724 – Windows DNS Server Denial of Service Vulnerability
  • CVE-2022-3075 – Chromium: CVE-2022-3075 Insufficient data validation in Mojo
Advertisements

Vulnerabilities summary

CVETitleCVSSv3 base score
CVE-2022-38013.NET Core and Visual Studio Denial of Service Vulnerability7.5
CVE-2022-26929.NET Framework Remote Code Execution Vulnerability7.8
CVE-2022-23960Arm: CVE-2022-23960 Cache Speculation Restriction VulnerabilityN/A
CVE-2022-38019AV1 Video Extension Remote Code Execution Vulnerability7.8
CVE-2022-38007Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability7.8
CVE-2022-3038Chromium: CVE-2022-3038 Use after free in Network ServiceN/A
CVE-2022-3039Chromium: CVE-2022-3039 Use after free in WebSQLN/A
CVE-2022-3040Chromium: CVE-2022-3040 Use after free in LayoutN/A
CVE-2022-3041Chromium: CVE-2022-3041 Use after free in WebSQLN/A
CVE-2022-3044Chromium: CVE-2022-3044 Inappropriate implementation in Site IsolationN/A
CVE-2022-3045Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8N/A
CVE-2022-3046Chromium: CVE-2022-3046 Use after free in Browser TagN/A
CVE-2022-3047Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions APIN/A
CVE-2022-3053Chromium: CVE-2022-3053 Inappropriate implementation in Pointer LockN/A
CVE-2022-3054Chromium: CVE-2022-3054 Insufficient policy enforcement in DevToolsN/A
CVE-2022-3055Chromium: CVE-2022-3055 Use after free in PasswordsN/A
CVE-2022-3056Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security PolicyN/A
CVE-2022-3057Chromium: CVE-2022-3057 Inappropriate implementation in iframe SandboxN/A
CVE-2022-3058Chromium: CVE-2022-3058 Use after free in Sign-In FlowN/A
CVE-2022-3075Chromium: CVE-2022-3075 Insufficient data validation in MojoN/A
CVE-2022-37954DirectX Graphics Kernel Elevation of Privilege Vulnerability7.8
CVE-2022-35838HTTP V3 Denial of Service Vulnerability7.5
CVE-2022-35828Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability7.8
CVE-2022-35805Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability8.8
CVE-2022-34700Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability8.8
CVE-2022-38012Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability7.7
CVE-2022-34726Microsoft ODBC Driver Remote Code Execution Vulnerability8.8
CVE-2022-34727Microsoft ODBC Driver Remote Code Execution Vulnerability8.8
CVE-2022-34730Microsoft ODBC Driver Remote Code Execution Vulnerability8.8
CVE-2022-34732Microsoft ODBC Driver Remote Code Execution Vulnerability8.8
CVE-2022-34734Microsoft ODBC Driver Remote Code Execution Vulnerability8.8
CVE-2022-38010Microsoft Office Visio Remote Code Execution Vulnerability7.8
CVE-2022-37963Microsoft Office Visio Remote Code Execution Vulnerability7.8
CVE-2022-35834Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability8.8
CVE-2022-35835Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability8.8
CVE-2022-35836Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability8.8
CVE-2022-35840Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability8.8
CVE-2022-34731Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability8.8
CVE-2022-34733Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability8.8
CVE-2022-37962Microsoft PowerPoint Remote Code Execution Vulnerability7.8
CVE-2022-35823Microsoft SharePoint Remote Code Execution Vulnerability8.1
CVE-2022-38008Microsoft SharePoint Server Remote Code Execution Vulnerability8.8
CVE-2022-38009Microsoft SharePoint Server Remote Code Execution Vulnerability8.8
CVE-2022-37961Microsoft SharePoint Server Remote Code Execution Vulnerability8.8
CVE-2022-37959Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability6.5
CVE-2022-38011Raw Image Extension Remote Code Execution Vulnerability7.3
CVE-2022-35830Remote Procedure Call Runtime Remote Code Execution Vulnerability8.1
CVE-2022-37958SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability7.5
CVE-2022-38020Visual Studio Code Elevation of Privilege Vulnerability7.3
CVE-2022-34725Windows ALPC Elevation of Privilege Vulnerability7
CVE-2022-37969Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8
CVE-2022-35803Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8
CVE-2022-30170Windows Credential Roaming Service Elevation of Privilege Vulnerability7.3
CVE-2022-34719Windows Distributed File System (DFS) Elevation of Privilege Vulnerability7.8
CVE-2022-34724Windows DNS Server Denial of Service Vulnerability7.5
CVE-2022-34723Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability5.5
CVE-2022-35841Windows Enterprise App Management Service Remote Code Execution Vulnerability8.8
CVE-2022-35832Windows Event Tracing Denial of Service Vulnerability5.5
CVE-2022-38004Windows Fax Service Remote Code Execution Vulnerability7.8
CVE-2022-34729Windows GDI Elevation of Privilege Vulnerability7.8
CVE-2022-38006Windows Graphics Component Information Disclosure Vulnerability6.5
CVE-2022-34728Windows Graphics Component Information Disclosure Vulnerability5.5
CVE-2022-35837Windows Graphics Component Information Disclosure Vulnerability5
CVE-2022-37955Windows Group Policy Elevation of Privilege Vulnerability7.8
CVE-2022-34720Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability7.5
CVE-2022-34721Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability9.8
CVE-2022-34722Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability9.8
CVE-2022-33679Windows Kerberos Elevation of Privilege Vulnerability8.1
CVE-2022-33647Windows Kerberos Elevation of Privilege Vulnerability8.1
CVE-2022-37964Windows Kernel Elevation of Privilege Vulnerability7.8
CVE-2022-37957Windows Kernel Elevation of Privilege Vulnerability7.8
CVE-2022-37956Windows Kernel Elevation of Privilege Vulnerability7.8
CVE-2022-30200Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability7.8
CVE-2022-26928Windows Photo Import API Elevation of Privilege Vulnerability7
CVE-2022-38005Windows Print Spooler Elevation of Privilege Vulnerability7.8
CVE-2022-35831Windows Remote Access Connection Manager Information Disclosure Vulnerability5.5
CVE-2022-30196Windows Secure Channel Denial of Service Vulnerability8.2
CVE-2022-35833Windows Secure Channel Denial of Service Vulnerability7.5
CVE-2022-34718Windows TCP/IP Remote Code Execution Vulnerability9.8

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: