One Article Review
| Source |  CISCO Talos |
|---|---|
| Identifiant | 6872564 |
| Date de publication | 2022-09-13 14:24:22 (vue: 2022-09-13 19:06:08) |
| Titre | Microsoft Patch Tuesday for September 2022 - Snort rules and prominent vulnerabilities |
| Texte |  By Jon Munshaw and Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company's hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month. September's security update features five critical vulnerabilities, 10 fewer than were included in last month's Patch Tuesday. There are two moderate-severity vulnerabilities in this release and a low-security issue that's already been patched as a part of a recent Google Chromium update. The remainder is considered “important.” The most serious vulnerability exists in several versions of Windows Server and Windows 10 that could allow an attacker to gain the ability to execute remote code (RCE) by sending a singular, specially crafted IPv6 packet to a Windows node where IPSec is enabled. CVE-2022-34718 only affects instances that have IPSec enabled. This vulnerability has a severity score of 9.8 out of 10 and is considered “more likely” to be exploited by Microsoft. Microsoft disclosed one vulnerability that's being actively exploited in the wild - CVE-2022-37969. Microsoft's advisory states this vulnerability is already circulating in the wild and could allow an attacker to gain SYSTEM-level privileges by exploiting the Windows Common Log File System Driver. The adversary must first have the access to the targeted system and then run specific code, though no user interaction is required.CVE-2022-34721 and CVE-2022-34722 also have severity scores of 9.8, though they are “less likely” to be exploited, according to Microsoft. These are remote code execution vulnerabilities in the Windows Internet Key Exchange protocol that could be triggered if an attacker sends a specially crafted IP packet.Two other critical vulnerabilities, CVE-2022-35805 and CVE-2022-34700 exist in on-premises instances of Microsoft Dynamics 365. An authenticated attacker could exploit these vulnerabilities to run a specially crafted trusted solution package and execute arbitrary SQL commands. The attacker could escalate their privileges further and execute commands as the database owner. Talos would also like to highlight five important vulnerabilities that Microsoft considers to be “more likely” to be exploited: CVE-2022-37957 - Windows Kernel Elevation of Privilege |
| Envoyé | Oui |
| Condensat | in microsoft september talos the 2022 300270 34700 34718 34721 34722 34725 34729 35803 35805 365 37954 37957 37969 60546 60547 60549 60550 60552 60554 ability access according across actively additional adversary advisory affects against all allow alpc already also arbitrary are asheer attacker attempts authenticated available been being can change chromium circulating cisco code commands common company complete considered considers could crafted critical current customers cve database date decline detects directx disclosed disclosing disclosures downloading driver dynamics elevation enabled escalate exchange execute execution exist exists exploit exploitation exploited exploited: cve exploiting features fewer file firewall first five from further future gain gdi google graphics hardware has have highlight important included information instances interaction internet ipsec ipv6 issue issues its jon kernel key last latest level like likely” line list log low malhotra many may microsoft moderate month monthly most munshaw must new node note number one only open org other out owner pack package packet page part patch patched pending please premises privilege privileges prominent protect protocol purchase rce recent record release released releasing remainder remote required response rule rules rules 300266 ruleset run score scores secure security sending sends september serious server set several severity sharp should singular snort software solution some source specially specific sql sru states stay subject subscriber system talos targeted than that them then these though triggered trusted tuesday two update updating use user versions vulnerabilities vulnerability vulnerability a vulnerability cve where wild windows would “important “less “more ” the |
| Tags | Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.