September 2022 Monthly Patch

14 September 2022

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

Among the vulnerabilities addressed by Microsoft, two vulnerabilities require closer attention, namely:

CVE-2022-37969: A privilege escalation vulnerability in the Windows Common Log File System Driver could allow an authenticated attacker to gain SYSTEM privilgeges. This vulnerability is reportedly being actively exploited.

CVE-2022-34718: An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, possibly allowing the attacker to perform remote code execution on that machine.

Critical vulnerabilities

CVE Number	CVE Name	Base Score	Reference
CVE-2022-34718	Windows TCP/IP Remote Code Execution Vulnerability	9.8	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34718
CVE-2022-34722	Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability	9.8	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34722
CVE-2022-34721	Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability	9.8	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34721
CVE-2022-35805	Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability	8.8	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35805
CVE-2022-34700	Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability	8.8	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34700

Public advisory of scammers impersonating CSA and the SPF