Share this article
Improve this guide
Microsoft fixes 64 CVEs through the September 2022 Patch Tuesday rollout
7 min. read
Updated onSeptember 14, 2022
updated onSeptember 14, 2022
Share this article
Improve this guide
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Key notes
We’ve already reached September and the temperatures are slowly but surely starting to drop, so we can turn off the fans and air conditioning units and simply relax.
It’s the second Tuesday of the month, which means that Windows users are looking towards Microsoft in hopes that some of the flaws they’ve been struggling with will finally get fixed.
We’ve already provided thedirect download linksfor the cumulative updates released today forWindows 7, 8.1, 10, and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again.
For September, Microsoft released 64 new patches, which is a lot more than some people were expecting right as the summer ended.
These software updates address CVEs in:
September comes with 64 new security updates
We consider that it’s safe to say that this wasn’t either the busiest or the lightest month for Redmond-based security experts.
You might like to know that, out of the 64 new CVEs released, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity.
Out of all these vulnerabilities, one CVE is listed as publicly known and under active attack at the time of this Patch Tuesday release.
The one under active attack, meaning the bug in the Common Log File System (CLFS), allows an authenticated attacker to execute code with elevated privileges.
Keep in mind that this type of bug is often wrapped into some form of social engineering attack, such as convincing someone to open a file or click a link.
And, once they take the bait, additional code executes with elevated privileges to take over a system, and it’s basically checkmate.
Microsoft mentioned that out of the Critical-rated updates, there are two for Windows Internet Key Exchange (IKE) Protocol Extensions that could also be classified as wormable.
In both cases, only users that are working on systems running IPSec are affected, so make sure you remember that.
Furthermore, we are also looking at two Critical-rated vulnerabilities in Dynamics 365 that could allow an authenticated user to perform SQL injection attacks and execute commands as db_owner within their Dynamics 356 database.
Let’s move on and look at the seven different DoS vulnerabilities patched this month, including the DNS bug previously mentioned above.
The tech giant said that two bugs in the secure channel would allow an attacker to crash a TLS by sending specially crafted packets.
Let’s not forget about the DoS in IKE, but unlike the code execution bugs listed above, no IPSec requirements are listed here.
The September 2022 rollout includes a fix for a lone security feature bypass in Network Device Enrollment (NDES) Service, where an attacker could bypass the service’s cryptographic service provider.
Looking forward, the next Patch Tuesday security update rollout will be on the 11th of October, which is a bit sooner than some expected it.
Have you found any other issues after installing this month’s security updates? Share your opinion in the comments section below.
More about the topics:Cybersecurity,patch tuesday,windows 10
Milan Stanojevic
Windows Toubleshooting Expert
Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He’s a PC enthusiast and he spends most of his time learning about computers and technology.
Before joining WindowsReport, he worked as a front-end web developer. Now, he’s one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Milan Stanojevic
Windows Toubleshooting Expert
Before joining WindowsReport, he worked as a front-end web developer. Now, he’s specialized in Windows errors & software issues.
