Security News > 2022 > September > Microsoft fixes Windows security hole likely widely exploited by miscreants

September's Patch Tuesday is here and it brings, among other things, fixes from Microsoft for one security bug that miscreants have used to fully take over Windows systems along with details of a second vulnerability that, while not yet under attack, has already been publicly disclosed.
"Seeing as this vulnerability was reported to Microsoft by four different cybersecurity companies, it is highly likely that it is being leveraged extensively in the wild - specifically by APT groups and malware authors - to gain elevated privileges," Bharat Jogi, director of vulnerability and threat research at Qualys, told The Register.
Back to the other critical vulnerabilities: Microsoft patched two more RCE bugs in Windows Internet Key Exchange Protocol that seem to be related to CVE-2022-34718.
The final two critical RCE vulnerabilities fixed today, CVE-2022-34700 and CVE-2022-35805, plug holes in on-premises versions of Microsoft Dynamics CRM. Adobe's fixes 63 flaws.
Adobe patched 63 vulnerabilities across seven of its products running on both Windows and macOS machines, and noted it's not aware of any of these being exploited in the wild.
A security update for Photoshop, running on both Windows and macOS machines, fixes nine critical and one important vulnerability that could also lead to arbitrary code execution and memory leak.
News URL
Related news
- Microsoft: Windows 'inetpub' folder created by security fix, don’t delete (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
- Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-13 | CVE-2022-35805 | Unspecified vulnerability in Microsoft Dynamics 365 9.0/9.1 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | 0.0 |
2022-09-13 | CVE-2022-34718 | Unspecified vulnerability in Microsoft products Windows TCP/IP Remote Code Execution Vulnerability | 0.0 |
2022-09-13 | CVE-2022-34700 | SQL Injection vulnerability in Microsoft Dynamics 365 9.0/9.1 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | 0.0 |