This week, Microsoft has rolled out its month-to-month Patch Tuesday replace bundle for September 2022. The replace bundle addresses 84 safety vulnerabilities however consists of fewer critical-severity bugs. Home windows customers ought to guarantee they replace their units on the earliest.
4 Vital Vulnerability Fixes
With September Patch Tuesday, Microsoft has two essential distant code execution vulnerabilities within the Home windows Community File System. An authenticated attacker may exploit these vulnerabilities, CVE-2022-22029 and CVE-2022-22039, by making a specifically crafted name to the NFS.
Microsoft has labeled them essential severity flaws that achieved CVSS scores of 8.1 and seven.5, respectively. For CVE-2022-22029, the tech big has additionally shared detailed mitigations to deal with the flaw when a direct system replace isn’t potential.
Microsoft has additionally patched two different essential safety bugs that might permit RCE assaults. These embrace,
- CVE-2022-22038 (CVSS 8.1): RCE vulnerability in Distant Process Name Runtime. Exploiting the flaw required an attacker to ship fixed knowledge for repeated exploitation makes an attempt.
- CVE-2022-30221 (CVSS 8.8): RCE flaw in Home windows Graphics Element. An attacker may exploit the vulnerability by tricking the goal consumer into connecting to a malicious RDP server.
Different Microsoft September Patch Tuesday
Alongside the 4 essential severity vulnerabilities, Microsoft has fastened 80 different vital severity vulnerabilities throughout numerous merchandise.
These embrace an actively exploited vulnerability, CVE-2022-22047, within the Home windows Consumer Server Runtime Subsystem (CSRSS). The tech big has described it as a privilege escalation flaw (CVSS 7.8), giving SYSTEM privileges to an attacker.
Microsoft has confirmed detecting lively exploitation of the vulnerability sans public disclosure. Nonetheless, they haven’t defined something in regards to the nature of assaults, the goal programs, and different particulars.
As well as, Microsoft has additionally addressed two different privilege escalation flaws in Home windows CSRSS. Nonetheless, each the vulnerabilities, CVE-2022-22026 and CVE-2022-22049, remained underneath the radar, ditching lively exploits.
The opposite weak elements receiving safety fixes with the September replace embrace Microsoft Defender for Endpoint, Microsoft Workplace, Skype for Enterprise, Home windows BitLocker, Boot Supervisor, Hyper-V, Home windows DNS Server, Home windows IIS Server, and extra.
Whereas the updates ought to robotically attain the respective units, it’s nonetheless advisable for the customers to examine for system updates manually to keep away from delayed patches.
Tell us your ideas within the feedback.