Security News > 2022 > September > Microsoft fixes Windows security hole likely widely exploited by miscreants
September's Patch Tuesday is here and it brings, among other things, fixes from Microsoft for one security bug that miscreants have used to fully take over Windows systems along with details of a second vulnerability that, while not yet under attack, has already been publicly disclosed.
"Seeing as this vulnerability was reported to Microsoft by four different cybersecurity companies, it is highly likely that it is being leveraged extensively in the wild - specifically by APT groups and malware authors - to gain elevated privileges," Bharat Jogi, director of vulnerability and threat research at Qualys, told The Register.
Back to the other critical vulnerabilities: Microsoft patched two more RCE bugs in Windows Internet Key Exchange Protocol that seem to be related to CVE-2022-34718.
The final two critical RCE vulnerabilities fixed today, CVE-2022-34700 and CVE-2022-35805, plug holes in on-premises versions of Microsoft Dynamics CRM. Adobe's fixes 63 flaws.
Adobe patched 63 vulnerabilities across seven of its products running on both Windows and macOS machines, and noted it's not aware of any of these being exploited in the wild.
A security update for Photoshop, running on both Windows and macOS machines, fixes nine critical and one important vulnerability that could also lead to arbitrary code execution and memory leak.
News URL
Related news
- Microsoft shares workaround for Windows security update issues (source)
- Microsoft has finally fixed Date & Time bug in Windows 11 (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft to remove the Location History feature in Windows (source)
- Microsoft testing fix for Windows 11 bug breaking SSH connections (source)
- Microsoft launches ad-supported Office apps for Windows users (source)
- Microsoft tests ad-supported Office apps for Windows users (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-35805 | Unspecified vulnerability in Microsoft Dynamics 365 9.0/9.1 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | 0.0 |
| 2022-09-13 | CVE-2022-34718 | Unspecified vulnerability in Microsoft products Windows TCP/IP Remote Code Execution Vulnerability | 0.0 |
| 2022-09-13 | CVE-2022-34700 | SQL Injection vulnerability in Microsoft Dynamics 365 9.0/9.1 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | 0.0 |