Reading:
September Patch Tuesday Fixes Actively Exploited Zero Day and RCE Flaws

September Patch Tuesday Fixes Actively Exploited Zero Day and RCE Flaws

September 14, 2022

Microsoft’s September Patch Tuesday update includes fixes for 63 vulnerabilities. There are five high-severity remote code execution vulnerabilities along with an actively exploited zero-day vulnerability. 

Products that include the critical RCE vulnerabilities are as follows: 

There are a total of 30 RCE and 18 privilege escalation flaws on the complete list. For a list of updated products, see Microsoft’s release note.

Details of the Zero-Day 

The currently patched active zero-day vulnerability is identified as “Windows Common Log File System Driver Elevation of Privilege Vulnerability” (CVE-2022-37969). System privileges might be obtained by an attacker who successfully exploited this vulnerability. 

The target system must already be accessible to an attacker who is able to run code on it. If the attacker does not already have that capability on the target machine, this method does not permit remote code execution. 

Microsoft did not share information about the attacks that took use of this vulnerability. It is currently unclear if it was applied manually by threat actors or malware. 

For reporting this vulnerability, Microsoft credited Quan Jin with DBAPPSecurity, Genwei Jiang with Mandiant, Flare OTF, CrowdStrike, and Zscaler ThreatLabz. 

The other publicly disclosed vulnerability is an Arm Cache Speculation Restriction problem, identified as CVE-2022-23960

Apply the Patches 

Update your Microsoft products with the latest security patches to avoid any risks.

Microsoft also released Windows updates KB5017308KB5017315, and KB5017328 for additional non-security-related fixes and enhanced performance. 

Check Microsoft’s Security Update Guide to see all updates available.

The list of vulnerabilities in September Patch Tuesday:

Tag

CVE ID

.NET and Visual Studio

CVE-2022-38013

.NET Framework

CVE-2022-26929

Azure Arc

CVE-2022-38007

Cache Speculation

CVE-2022-23960

HTTP.sys

CVE-2022-35838

Microsoft Dynamics

CVE-2022-35805

Microsoft Dynamics

CVE-2022-34700

Microsoft Edge (Chromium-based)

CVE-2022-3053

Microsoft Edge (Chromium-based)

CVE-2022-3047

Microsoft Edge (Chromium-based)

CVE-2022-3054

Microsoft Edge (Chromium-based)

CVE-2022-3041

Microsoft Edge (Chromium-based)

CVE-2022-3040

Microsoft Edge (Chromium-based)

CVE-2022-3046

Microsoft Edge (Chromium-based)

CVE-2022-3039

Microsoft Edge (Chromium-based)

CVE-2022-3045

Microsoft Edge (Chromium-based)

CVE-2022-3044

Microsoft Edge (Chromium-based)

CVE-2022-3057

Microsoft Edge (Chromium-based)

CVE-2022-3075

Microsoft Edge (Chromium-based)

CVE-2022-3058

Microsoft Edge (Chromium-based)

CVE-2022-3038

Microsoft Edge (Chromium-based)

CVE-2022-3056

Microsoft Edge (Chromium-based)

CVE-2022-3055

Microsoft Edge (Chromium-based)

CVE-2022-38012

Microsoft Graphics Component

CVE-2022-37954

Microsoft Graphics Component

CVE-2022-38006

Microsoft Graphics Component

CVE-2022-34729

Microsoft Graphics Component

CVE-2022-34728

Microsoft Graphics Component

CVE-2022-35837

Microsoft Office

CVE-2022-37962

Microsoft Office SharePoint

CVE-2022-35823

Microsoft Office SharePoint

CVE-2022-38009

Microsoft Office SharePoint

CVE-2022-38008

Microsoft Office SharePoint

CVE-2022-37961

Microsoft Office Visio

CVE-2022-37963

Microsoft Office Visio

CVE-2022-38010

Microsoft Windows ALPC

CVE-2022-34725

Microsoft Windows Codecs Library

CVE-2022-38011

Microsoft Windows Codecs Library

CVE-2022-38019

Network Device Enrollment Service (NDES)

CVE-2022-37959

Role: DNS Server

CVE-2022-34724

Role: Windows Fax Service

CVE-2022-38004

SPNEGO Extended Negotiation

CVE-2022-37958

Visual Studio Code

CVE-2022-38020

Windows Common Log File System Driver

CVE-2022-35803

Windows Common Log File System Driver

CVE-2022-37969

Windows Credential Roaming Service

CVE-2022-30170

Windows Defender

CVE-2022-35828

Windows Distributed File System (DFS)

CVE-2022-34719

Windows Data Protection Application Programming Interface

CVE-2022-34723

Windows Enterprise App Management

CVE-2022-35841

Windows Event Tracing

CVE-2022-35832

Windows Group Policy

CVE-2022-37955

Windows IKE Extension

CVE-2022-34722

Windows IKE Extension

CVE-2022-34720

Windows IKE Extension

CVE-2022-34721

Windows Kerberos

CVE-2022-33647

Windows Kerberos

CVE-2022-33679

Windows Kernel

CVE-2022-37964

Windows Kernel

CVE-2022-37956

Windows Kernel

CVE-2022-37957

Windows LDAP – Lightweight Directory Access Protocol

CVE-2022-30200

Windows ODBC Driver

CVE-2022-34726

Windows ODBC Driver

CVE-2022-34730

Windows ODBC Driver

CVE-2022-34727

Windows ODBC Driver

CVE-2022-34732

Windows ODBC Driver

CVE-2022-34734

Windows OLE

CVE-2022-35834

Windows OLE

CVE-2022-35835

Windows OLE

CVE-2022-35836

Windows OLE

CVE-2022-35840

Windows OLE

CVE-2022-34733

Windows OLE

CVE-2022-34731

Windows Photo Import API

CVE-2022-26928

Windows Print Spooler Components

CVE-2022-38005

Windows Remote Access Connection Manager

CVE-2022-35831

Windows Remote Procedure Call

CVE-2022-35830

Windows TCP/IP

CVE-2022-34718

Windows Transport Security Layer (TLS)

CVE-2022-35833

Windows Transport Security Layer (TLS)

CVE-2022-30196