Following its routine, Microsoft released security updates to a bunch of its offerings – securing them from potential cyberattacks.
The update on Patch Tuesday covers 64 vulnerabilities that, includes five critical bugs and one that has been exploited. Thanking the security researchers who helped Microsoft spot and mitigate them, the company urged users to apply this update for good.
Microsoft Patch Tuesday, September 2022
Microsoft is one of the few OEMs in the tech industry that strictly follows its update timeline – to secure the community whenever needed. As per its routine, the company released the Patch Tuesday update on the second Tuesday of every month, which secures 64 vulnerabilities in several Microsoft offerings.
These include Microsoft Windows and Windows Components; Azure and Azure Arc; .NET and Visual Studio and .NET Framework; Microsoft Edge (Chromium-based); Office and Office Components; Windows Defender; and Linux Kernel.
Microsoft says one of the noted vulnerabilities has been under-exploited, impacting the Common Log File System Driver in Windows. Well, a hacker does need to have access to the target system already to exploit the flaw and run arbitrary code in it.
Warning that allows attackers to gain deeper privileges, Microsoft said there are five RCE vulnerabilities patched in the Tuesday update too. Two of which impact the on-premise versions of Microsoft Dynamics 365, letting an authenticated user run a specially-crafted trusted solution package to execute arbitrary SQL commands.
Two more bugs impact the Windows Internet Key Exchange (IKE) Protocol Extensions – letting an unauthenticated attacker send a specially-crafted IP packet to a target machine, while the last one of five is aimed at Windows TCP/IP – which allows an unauthenticated attacker to send a specially-crafted IPv6 packet to a Windows node.
Exploiting either of these will let an attacker gain more control privileges – as that of system administrators – thus being more dangerous. Thanking the researchers who contributed to the findings of these bugs – DBAPPSecurity, Mandiant, CrowdStrike, and Zscaler – Microsoft advised users to update to secure their machines.
