Issued: Tuesday, 20 September, 2022 |
Last Revision: Tuesday, 20 September, 2022 |
Vendor: |
Product: |
Severity Level: |
Microsoft has released patches for 64 vulnerabilities with five (05) classified as critical among one is zero day which is exploitable.
September 2022 patch is addressing vulnerabilities in Microsoft windows and its component, Azure, .NET and .NET Framework, Microsoft Edge (Chromium based), MS Office and Windows Defender.
In September 2022 Microsoft has fixed problems of Privilege Elevation, Remote Code Execution and Denial of Service.
One exploited vulnerability is impacting windows common log file system driver, in which attacker must already have access to system and the ability to code on it.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-34718 | Windows TCP/IP Remote Code Execution Vulnerability | 9.8 |
CVE-2022-34721 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 9.8 |
CVE-2022-34726 | Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
CVE-2022-38008 | Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
CVE-2022-34731 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
CVE-2022-35805 | Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | 8.8 |
CVE-2022-35830 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
CVE-2022-30196 | Windows Secure Channel Denial of Service Vulnerability | 8.2 |
CVE-2022-35841 | Windows Enterprise App Management Service Remote Code Execution Vulnerability | 8.8
|
CVE-2022-37969 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
CVE-2022-34729 | Windows GDI Elevation of Privilege Vulnerability | 7.8 |
CVE-2022-37962 | Microsoft PowerPoint Remote Code Execution Vulnerability | 7.8 |
| Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability
| 7.8 |
Table 1: Vulnerability details
Update Types | Affected Product(s) |
Security Updates | All supported versions of Windows Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 Windows 11 Windows 10 Version 21H2 Windows 10 Version 21H1 Windows 10 Version 20H2 Windows 8.1 Microsoft SharePoint Server 2019 SharePoint Enterprise Server 2016 SharePoint Enterprise Server 2013 SharePoint Foundation 2013 SharePoint Server Subscription Edition SharePoint Server Subscription Edition Language Pack Microsoft 365 Apps for Enterprise Microsoft Office LTSC 2021 Microsoft Office 2019 Microsoft Office 2016 Microsoft Office 2013 |
Table 2: Vulnerable versions
Microsoft has released patches to address these vulnerabilities, organizations are encouraged to apply patches as soon as possible, particularly patches for exploited vulnerability and other critical vulnerabilities.