Security News > 2022 > September > Microsoft fixes Windows security hole likely widely exploited by miscreants
September's Patch Tuesday is here and it brings, among other things, fixes from Microsoft for one security bug that miscreants have used to fully take over Windows systems along with details of a second vulnerability that, while not yet under attack, has already been publicly disclosed.
"Seeing as this vulnerability was reported to Microsoft by four different cybersecurity companies, it is highly likely that it is being leveraged extensively in the wild - specifically by APT groups and malware authors - to gain elevated privileges," Bharat Jogi, director of vulnerability and threat research at Qualys, told The Register.
Back to the other critical vulnerabilities: Microsoft patched two more RCE bugs in Windows Internet Key Exchange Protocol that seem to be related to CVE-2022-34718.
The final two critical RCE vulnerabilities fixed today, CVE-2022-34700 and CVE-2022-35805, plug holes in on-premises versions of Microsoft Dynamics CRM. Adobe's fixes 63 flaws.
Adobe patched 63 vulnerabilities across seven of its products running on both Windows and macOS machines, and noted it's not aware of any of these being exploited in the wild.
A security update for Photoshop, running on both Windows and macOS machines, fixes nine critical and one important vulnerability that could also lead to arbitrary code execution and memory leak.
News URL
Related news
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Microsoft announces new and improved Windows 11 security features (source)
- Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- Microsoft warns of Windows 11 24H2 gaming performance issues (source)
- Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft: Windows 11 22H2 Home and Pro reached end of servicing (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-35805 | Unspecified vulnerability in Microsoft Dynamics 365 9.0/9.1 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | 0.0 |
| 2022-09-13 | CVE-2022-34718 | Unspecified vulnerability in Microsoft products Windows TCP/IP Remote Code Execution Vulnerability | 0.0 |
| 2022-09-13 | CVE-2022-34700 | SQL Injection vulnerability in Microsoft Dynamics 365 9.0/9.1 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | 0.0 |