WARNING: MICROSOFT PATCH TUESDAY SEPTEMBER 2022 PATCHES 62 VULNERABILITIES (5 CRITICAL, 57 IMPORTANT)
Microsoft patched 62 CVEs in its June 2022 Patch Tuesday release, 5 rated as critical and 57 rated as important.
Number of CVE's per type
- Remote Code Execution: 30
- Elevation of Privileges: 18
- Denial of Service: 7
- Information Disclosure: 6
- Security Feature Bypass: 1
This month’s Patch Tuesday includes 3 critical and 53 important vulnerabilities for a wide range of Microsoft products, impacting Microsoft Server and Workstations.
- Windows Common Log File System Driver Elevation of Privilege Vulnerability
This is a critical EoP vulnerability in the Windows Common Log File System (CLFS) Driver through publicly available exploit code. The vulnerability was disclosed before a patch was made available (0-Day).
The flaw is a privilege-escalation vulnerability that can be exploited after an attacker has gained access to a vulnerable target system by exploiting a separate vulnerability or through social engineering.
- Cache Speculation Restriction Vulnerability
This vulnerability, which is is a data-leaking speculation execution side-channel bug in ARM processors known a Spectre-BHB.
This CVE is a discovered in March, which can be abused by malware to steal data from memory that should otherwise be off limits.
- Windows TCP/IP Remote Code Execution Vulnerability
This vulnerability is a Remote Code Execution (RCE) in Windows TCP/IP that could allow a remote, unauthenticated attacker to run code without any user interaction required.
However, only systems with IPv6 enabled and IPSec configured are vulnerable.
& - Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could lead to a remote code execution exploitation.
This vulnerability only impacts IKEv1. IKEv2 is not impacted.
However, all Windows Servers are affected because they accept both V1 and V2 packets.
- Microsoft SharePoint Server Remote Code Execution Vulnerability
An authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server.
The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.
The CCB recommends installing updates for vulnerable devices with the highest priority, after thorough testing.