Security News > 2022 > September > Microsoft fixes Windows security hole likely widely exploited by miscreants
September's Patch Tuesday is here and it brings, among other things, fixes from Microsoft for one security bug that miscreants have used to fully take over Windows systems along with details of a second vulnerability that, while not yet under attack, has already been publicly disclosed.
"Seeing as this vulnerability was reported to Microsoft by four different cybersecurity companies, it is highly likely that it is being leveraged extensively in the wild - specifically by APT groups and malware authors - to gain elevated privileges," Bharat Jogi, director of vulnerability and threat research at Qualys, told The Register.
Back to the other critical vulnerabilities: Microsoft patched two more RCE bugs in Windows Internet Key Exchange Protocol that seem to be related to CVE-2022-34718.
The final two critical RCE vulnerabilities fixed today, CVE-2022-34700 and CVE-2022-35805, plug holes in on-premises versions of Microsoft Dynamics CRM. Adobe's fixes 63 flaws.
Adobe patched 63 vulnerabilities across seven of its products running on both Windows and macOS machines, and noted it's not aware of any of these being exploited in the wild.
A security update for Photoshop, running on both Windows and macOS machines, fixes nine critical and one important vulnerability that could also lead to arbitrary code execution and memory leak.
News URL
Related news
- Microsoft announces new and improved Windows 11 security features (source)
- Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- Microsoft confirms game audio issues on Windows 11 24H2 PCs (source)
- Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls (source)
- Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs (source)
- Microsoft testing Windows 11 support for third-party passkeys (source)
- Microsoft asks Windows Insiders to try out the controversial Recall feature (source)
- Microsoft blocks Windows 11 24H2 on some PCs with USB scanners (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-35805 | Unspecified vulnerability in Microsoft Dynamics 365 9.0/9.1 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | 0.0 |
| 2022-09-13 | CVE-2022-34718 | Unspecified vulnerability in Microsoft products Windows TCP/IP Remote Code Execution Vulnerability | 0.0 |
| 2022-09-13 | CVE-2022-34700 | SQL Injection vulnerability in Microsoft Dynamics 365 9.0/9.1 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | 0.0 |