Home Just In Microsoft’s September Patch Tuesday Release: Comment from Tenable

Microsoft’s September Patch Tuesday Release: Comment from Tenable

by CIO AXIS

Microsoft patched 62 CVEs in its September 2022 Patch Tuesday release, with five rated as critical and 57 rated as important. This count omits CVE-2022-23960, a cache speculation restriction vulnerability as it was issued by MITRE and applies to Arm CPUs.  Below is a comment from Satnam Narang, Sr. Staff Research Engineer at Tenable and a full analysis here.

“This month’s Patch Tuesday release includes fixes for 62 CVEs — five that are rated critical, 57 rated important and one rated as moderate (one CVE was omitted from our count).

“Microsoft patched CVE-2022-37969, an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver. According to Microsoft, this flaw has been exploited in the wild as a zero-day. However, exploiting this vulnerability requires an attacker to have already gained access to a vulnerable target system via other means, such as exploiting a separate vulnerability or social engineering. Post-exploitation flaws such as this one are often exploited through a specially crafted application. CVE-2022-24521, a similar vulnerability in CLFS, was patched earlier this year as part of Microsoft’s April Patch Tuesday release and was also exploited in the wild. CVE-2022-37969 was disclosed by several groups, though it’s unclear if CVE-2022-37969 is a patch-bypass for CVE-2022-24521 at this point. — Satnam Narang, Sr. Staff Research Engineer at Tenable

 

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads