Microsoft has released security patches to address multiple vulnerabilities in their software and products.
The vulnerabilities that have been classified as Critical in severity are listed in the table below.
Among the vulnerabilities addressed by Microsoft, two vulnerabilities require closer attention, namely:
- CVE-2022-37969: A privilege escalation vulnerability in the Windows Common Log File System Driver could allow an authenticated attacker to gain SYSTEM privilgeges. This vulnerability is reportedly being actively exploited.
- CVE-2022-34718: An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, possibly allowing the attacker to perform remote code execution on that machine.
For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2022-Sep.