-
EDR / MDRIdentify, contain, respond, and stop malicious activity on endpoints
-
SIEMCentralize threat visibility and analysis, backed by cutting-edge threat intelligence
-
Risk Assessment & Vulnerability ManagementIdentify unknown cyber risks and routinely scan for vulnerabilities
-
Identity ManagementSecure and streamline client access to devices and applications with strong authentication and SSO
-
Cloud App SecurityMonitor and manage security risk for SaaS apps
-
SASEZero trust secure access for users, locations, and devices
-
SOC ServicesProvide 24/7 threat monitoring and response backed by ConnectWise SOC experts
-
Policy ManagementCreate, deploy, and manage client security policies and profiles
-
Incident Response ServiceOn-tap cyber experts to address critical security incidents
-
Cybersecurity GlossaryGuide to the most common, important terms in the industry
Patch Tuesday – September 2022
By Bryson Medlock, September 13, 2022
Today, September 13, is Patch Tuesday. Patch Tuesday is the second Tuesday of each month when Microsoft and other vendors, such as Adobe, release security updates to their products to patch discovered vulnerabilities. This month there was patches released for 64 new vulnerabilities with five rated with a severity of Critical, 57 Important, and two Moderate.
One of the vulnerabilities patched this month includes CVE-2022-37969, a privilege escalation vulnerability in the Windows Common Log File System Driver. The Common Log File System (CLFS) API provides a general-purpose log file subsystem that client applications can use to Windows to optimize log access. This vulnerability does require an attacker to already have local access to run application on the targeted system; however, it stands out from the rest in that according to Microsoft, CVE-2022-37969 has already been exploited in the wild. Details are still sparse, but this seems similar to previous CLFS privilege escalation vulnerabilities such as CVE-2022-22000 which was patched in February 2022, CVE-2017-8624 which was patched in August 2017, and others. Microsoft acknowledged Zscalar, CrowdStrike, Mandiant, and DBAPPSecurity for providing information on CVE-2022-37969.
The five critical vulnerabilities patched this month are all remote code execution (RCE) vulnerabilities. CVE-2022-34700 and CVE-2022-35805 are RCE vulnerabilities in Microsoft Dynamics 365. According to Microsoft, both vulnerabilities require an already authenticated user to run a maliciously crafted trust solution package that would then be able to execute arbitrary SQL commands which would include the ability to execute commands as “db_owner” within their database. Both vulnerabilities have a base CVSS score of 8.8 and are considered “less likely” to be exploited. CVE-2022-34721 and CVE-2022-34722 are both RCE vulnerabilities in the Windows Internet Key Exchange (IDE) protocol extensions. These vulnerabilities only affect Windows systems with IPSec enabled, and then it only impacts IKEv1, IKEv2 is not impacted. IPSec is a suite of network protocols commonly used for security connections, such as VPNs. Details are also sparse on these vulnerabilities, but we do know that they require an attacker to craft a malicious IP packet targeting a Windows host with IPSec using IKEv1. Microsoft gave both vulnerabilities a base CVSS score of 9.8 and marked them both, “Exploitation Less Likely.” CVE-2022-34718 is an RCE in the Windows TCP/IP stack. This vulnerability has been given a base CVSS score of 9.8 and Microsoft marked it, “Exploitation More Likely.” CVE-2022-34718 allows an unauthenticated attacker to send a maliciously crafted IPv6 packet to a Windows host with IPSec enabled that could allow the attacker to remotely execute code on the target.
For a full break down of all the patches released this month, we recommend you check out the Patch Tuesday Dashboard by Morphus Labs. Also refer to the table below for all the relevant Microsoft KB articles.
KB Article | Applies To |
---|---|
5002142 | SharePoint Enterprise Server 2016 |
5002159 | SharePoint Foundation 2013 |
5002257 | SharePoint Server 2019 |
5002258 | SharePoint Server 2019 |
5002267 | SharePoint Foundation 2013 |
5002269 | SharePoint Enterprise Server 2016 |
5002270 | SharePoint Server Subscription Edition Language Pack |
5002271 | SharePoint Server Subscription Edition Core |
5017305 | Windows 10, version 1607, Windows Server 2016 |
5017308 | Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2 |
5017315 | Windows Server 2019 |
5017316 | Windows Server 2022 |
5017327 | Windows 10 |
5017328 | Windows 11 |
5017358 | Windows Server 2008 (Monthly Rollup) |
5017361 | Windows 7, Windows Server 2008 R2 (Monthly Rollup) |
5017365 | Windows 8.1, Windows Server 2012 R2 (Security-only update) |
5017367 | Windows 8.1, Windows Server 2012 R2 (Monthly Rollup) |
5017370 | Windows Server 2012 (Monthly Rollup) |
5017371 | Windows Server 2008 (Security-only update) |
5017373 | Windows 7, Windows Server 2008 R2 (Security-only update) |
5017377 | Windows Server 2012 (Security-only update) |