Patch Tuesday – September 2022

By Bryson Medlock, September 13, 2022

Today, September 13, is Patch Tuesday. Patch Tuesday is the second Tuesday of each month when Microsoft and other vendors, such as Adobe, release security updates to their products to patch discovered vulnerabilities. This month there was patches released for 64 new vulnerabilities with five rated with a severity of Critical, 57 Important, and two Moderate.

One of the vulnerabilities patched this month includes CVE-2022-37969, a privilege escalation vulnerability in the Windows Common Log File System Driver. The Common Log File System (CLFS) API provides a general-purpose log file subsystem that client applications can use to Windows to optimize log access. This vulnerability does require an attacker to already have local access to run application on the targeted system; however, it stands out from the rest in that according to Microsoft, CVE-2022-37969 has already been exploited in the wild. Details are still sparse, but this seems similar to previous CLFS privilege escalation vulnerabilities such as CVE-2022-22000 which was patched in February 2022, CVE-2017-8624 which was patched in August 2017, and others. Microsoft acknowledged Zscalar, CrowdStrike, Mandiant, and DBAPPSecurity for providing information on CVE-2022-37969.

The five critical vulnerabilities patched this month are all remote code execution (RCE) vulnerabilities. CVE-2022-34700 and CVE-2022-35805 are RCE vulnerabilities in Microsoft Dynamics 365. According to Microsoft, both vulnerabilities require an already authenticated user to run a maliciously crafted trust solution package that would then be able to execute arbitrary SQL commands which would include the ability to execute commands as “db_owner” within their database. Both vulnerabilities have a base CVSS score of 8.8 and are considered “less likely” to be exploited. CVE-2022-34721 and CVE-2022-34722 are both RCE vulnerabilities in the Windows Internet Key Exchange (IDE) protocol extensions. These vulnerabilities only affect Windows systems with IPSec enabled, and then it only impacts IKEv1, IKEv2 is not impacted. IPSec is a suite of network protocols commonly used for security connections, such as VPNs. Details are also sparse on these vulnerabilities, but we do know that they require an attacker to craft a malicious IP packet targeting a Windows host with IPSec using IKEv1. Microsoft gave both vulnerabilities a base CVSS score of 9.8 and marked them both, “Exploitation Less Likely.” CVE-2022-34718 is an RCE in the Windows TCP/IP stack. This vulnerability has been given a base CVSS score of 9.8 and Microsoft marked it, “Exploitation More Likely.” CVE-2022-34718 allows an unauthenticated attacker to send a maliciously crafted IPv6 packet to a Windows host with IPSec enabled that could allow the attacker to remotely execute code on the target.

For a full break down of all the patches released this month, we recommend you check out the Patch Tuesday Dashboard by Morphus Labs. Also refer to the table below for all the relevant Microsoft KB articles.


KB Article Applies To
5002142 SharePoint Enterprise Server 2016
5002159 SharePoint Foundation 2013
5002257 SharePoint Server 2019
5002258 SharePoint Server 2019
5002267 SharePoint Foundation 2013
5002269 SharePoint Enterprise Server 2016
5002270 SharePoint Server Subscription Edition Language Pack
5002271 SharePoint Server Subscription Edition Core
5017305 Windows 10, version 1607, Windows Server 2016
5017308 Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
5017315 Windows Server 2019
5017316 Windows Server 2022
5017327 Windows 10
5017328 Windows 11
5017358 Windows Server 2008 (Monthly Rollup)
5017361 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5017365 Windows 8.1, Windows Server 2012 R2 (Security-only update)
5017367 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5017370 Windows Server 2012 (Monthly Rollup)
5017371 Windows Server 2008 (Security-only update)
5017373 Windows 7, Windows Server 2008 R2 (Security-only update)
5017377 Windows Server 2012 (Security-only update)