Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws

Microsoft’s September 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 63 flaws.

Five of the 63 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution, one of the most severe types of vulnerabilities.

The number of bugs in each vulnerability category is listed below:

  • 18 Elevation of Privilege Vulnerabilities
  • 1 Security Feature Bypass Vulnerabilities
  • 30 Remote Code Execution Vulnerabilities
  • 7 Information Disclosure Vulnerabilities
  • 7 Denial of Service Vulnerabilities
  • 16 Edge – Chromium Vulnerabilities

The above counts do not include sixteen vulnerabilities fixed in Microsoft Edge before Patch Tuesday.

Two zero-days fixed, one actively exploited

This month’s Patch Tuesday fixes two publicly disclosed zero-day vulnerabilities, with one actively exploited in attacks.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The actively exploited zero-day vulnerability fixed today is tracked as ‘CVE-2022-37969 – Windows Common Log File System Driver Elevation of Privilege Vulnerability.’

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” reads Microsoft’s advisory.

The exploited vulnerability was discovered by researchers at DBAPPSecurity, Mandiant, CrowdStrike, and Zscaler.

Mandiant told BleepingComputer that they discovered the zero-day during a proactive Offensive Task Force exploit hunting mission.

“We found this 0Day bug during a proactive Offensive Task Force exploit hunting mission. An escalation of privilege (EOP) exploit was found in the wild, exploiting this Common Log File System (CLFS) vulnerability,” explained Dhanesh Kizhakkinan, Senior Principal Vulnerability Engineer at Mandiant.

“The exploit seems to stand-alone and not part of a chain (like browser + EOP).”

The other publicly disclosed vulnerability is tracked as ‘CVE-2022-23960 – Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability.’

Recent updates from other companies

Other vendors who released updates in September 2022 include:

The September 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the September 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2022-38013.NET Core and Visual Studio Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2022-26929.NET Framework Remote Code Execution VulnerabilityImportant
Azure ArcCVE-2022-38007Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege VulnerabilityImportant
Cache SpeculationCVE-2022-23960Arm: CVE-2022-23960 Cache Speculation Restriction VulnerabilityImportant
HTTP.sysCVE-2022-35838HTTP V3 Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2022-35805Microsoft Dynamics CRM (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft DynamicsCVE-2022-34700Microsoft Dynamics CRM (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based)CVE-2022-3053Chromium: CVE-2022-3053 Inappropriate implementation in Pointer LockUnknown
Microsoft Edge (Chromium-based)CVE-2022-3047Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-3054Chromium: CVE-2022-3054 Insufficient policy enforcement in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2022-3041Chromium: CVE-2022-3041 Use after free in WebSQLUnknown
Microsoft Edge (Chromium-based)CVE-2022-3040Chromium: CVE-2022-3040 Use after free in LayoutUnknown
Microsoft Edge (Chromium-based)CVE-2022-3046Chromium: CVE-2022-3046 Use after free in Browser TagUnknown
Microsoft Edge (Chromium-based)CVE-2022-3039Chromium: CVE-2022-3039 Use after free in WebSQLUnknown
Microsoft Edge (Chromium-based)CVE-2022-3045Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-3044Chromium: CVE-2022-3044 Inappropriate implementation in Site IsolationUnknown
Microsoft Edge (Chromium-based)CVE-2022-3057Chromium: CVE-2022-3057 Inappropriate implementation in iframe SandboxUnknown
Microsoft Edge (Chromium-based)CVE-2022-3075Chromium: CVE-2022-3075 Insufficient data validation in MojoUnknown
Microsoft Edge (Chromium-based)CVE-2022-3058Chromium: CVE-2022-3058 Use after free in Sign-In FlowUnknown
Microsoft Edge (Chromium-based)CVE-2022-3038Chromium: CVE-2022-3038 Use after free in Network ServiceUnknown
Microsoft Edge (Chromium-based)CVE-2022-3056Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security PolicyUnknown
Microsoft Edge (Chromium-based)CVE-2022-3055Chromium: CVE-2022-3055 Use after free in PasswordsUnknown
Microsoft Edge (Chromium-based)CVE-2022-38012Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityLow
Microsoft Graphics ComponentCVE-2022-37954DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-38006Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-34729Windows GDI Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-34728Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-35837Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-37962Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-35823Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-38009Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-38008Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-37961Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-37963Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-38010Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Windows ALPCCVE-2022-34725Windows ALPC Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-38011Raw Image Extension Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-38019AV1 Video Extension Remote Code Execution VulnerabilityImportant
Network Device Enrollment Service (NDES)CVE-2022-37959Network Device Enrollment Service (NDES) Security Feature Bypass VulnerabilityImportant
Role: DNS ServerCVE-2022-34724Windows DNS Server Denial of Service VulnerabilityImportant
Role: Windows Fax ServiceCVE-2022-38004Windows Fax Service Remote Code Execution VulnerabilityImportant
SPNEGO Extended NegotiationCVE-2022-37958SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure VulnerabilityImportant
Visual Studio CodeCVE-2022-38020Visual Studio Code Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-35803Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-37969Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Credential Roaming ServiceCVE-2022-30170Windows Credential Roaming Service Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2022-35828Microsoft Defender for Endpoint for Mac Elevation of Privilege VulnerabilityImportant
Windows Distributed File System (DFS)CVE-2022-34719Windows Distributed File System (DFS) Elevation of Privilege VulnerabilityImportant
Windows DPAPI (Data Protection Application Programming Interface)CVE-2022-34723Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure VulnerabilityImportant
Windows Enterprise App ManagementCVE-2022-35841Windows Enterprise App Management Service Remote Code Execution VulnerabilityImportant
Windows Event TracingCVE-2022-35832Windows Event Tracing Denial of Service VulnerabilityImportant
Windows Group PolicyCVE-2022-37955Windows Group Policy Elevation of Privilege VulnerabilityImportant
Windows IKE ExtensionCVE-2022-34722Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution VulnerabilityCritical
Windows IKE ExtensionCVE-2022-34720Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-34721Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution VulnerabilityCritical
Windows KerberosCVE-2022-33647Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2022-33679Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-37964Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-37956Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-37957Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30200Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34726Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34730Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34727Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34732Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2022-34734Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35834Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35835Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35836Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-35840Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-34733Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows OLECVE-2022-34731Microsoft OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Windows Photo Import APICVE-2022-26928Windows Photo Import API Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-38005Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-35831Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Procedure CallCVE-2022-35830Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows TCP/IPCVE-2022-34718Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows Transport Security Layer (TLS)CVE-2022-35833Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Transport Security Layer (TLS)CVE-2022-30196Windows Secure Channel Denial of Service VulnerabilityImportant

Original Posts: Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws