Security News > 2022 > September > Microsoft fixes Windows security hole likely widely exploited by miscreants
September's Patch Tuesday is here and it brings, among other things, fixes from Microsoft for one security bug that miscreants have used to fully take over Windows systems along with details of a second vulnerability that, while not yet under attack, has already been publicly disclosed.
"Seeing as this vulnerability was reported to Microsoft by four different cybersecurity companies, it is highly likely that it is being leveraged extensively in the wild - specifically by APT groups and malware authors - to gain elevated privileges," Bharat Jogi, director of vulnerability and threat research at Qualys, told The Register.
Back to the other critical vulnerabilities: Microsoft patched two more RCE bugs in Windows Internet Key Exchange Protocol that seem to be related to CVE-2022-34718.
The final two critical RCE vulnerabilities fixed today, CVE-2022-34700 and CVE-2022-35805, plug holes in on-premises versions of Microsoft Dynamics CRM. Adobe's fixes 63 flaws.
Adobe patched 63 vulnerabilities across seven of its products running on both Windows and macOS machines, and noted it's not aware of any of these being exploited in the wild.
A security update for Photoshop, running on both Windows and macOS machines, fixes nine critical and one important vulnerability that could also lead to arbitrary code execution and memory leak.
News URL
Related news
- Microsoft delays Windows Recall amid privacy and security concerns (source)
- Microsoft delays Windows Recall rollout, more security testing needed (source)
- Microsoft says April Windows updates break VPN connections (source)
- Microsoft: April Windows Server updates cause NTLM auth failures (source)
- Microsoft won't fix Windows 0x80070643 errors, manual fix required (source)
- Microsoft tests using MT/s for memory speed in Windows 11 Task Manager (source)
- Microsoft: April Windows Server updates also cause crashes, reboots (source)
- Microsoft's Brad Smith summoned by Homeland Security committee over 'cascade' of infosec failures (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Microsoft fixes Windows Server bug causing crashes, NTLM auth failures (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-35805 | Unspecified vulnerability in Microsoft Dynamics 365 9.0/9.1 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. | 0.0 |
| 2022-09-13 | CVE-2022-34718 | Unspecified vulnerability in Microsoft products Windows TCP/IP Remote Code Execution Vulnerability. | 0.0 |
| 2022-09-13 | CVE-2022-34700 | SQL Injection vulnerability in Microsoft Dynamics 365 9.0/9.1 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. | 0.0 |