September 2022 Monthly Patch

Published on 14 Sep 2022

Updated on 14 Sep 2022

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

Among the vulnerabilities addressed by Microsoft, two vulnerabilities require closer attention, namely:

  • CVE-2022-37969: A privilege escalation vulnerability in the Windows Common Log File System Driver could allow an authenticated attacker to gain SYSTEM privilgeges. This vulnerability is reportedly being actively exploited. 
  • CVE-2022-34718: An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, possibly allowing the attacker to perform remote code execution on that machine.

 

For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2022-Sep.

CRITICAL VULNERABILITIES
CVE Number CVE Name Base Score Reference
CVE-2022-34718 Windows TCP/IP Remote Code Execution Vulnerability 9.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34718
CVE-2022-34722 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability 9.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34722
CVE-2022-34721 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability 9.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34721
CVE-2022-35805 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability 8.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35805
CVE-2022-34700 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability 8.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34700