Security News > 2022 > September > Microsoft's Latest Security Update Fixes 64 New Flaws, Including a Zero-Day
Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks.
The patches are in addition to 16 vulnerabilities that Microsoft addressed in its Chromium-based Edge browser earlier this month.
"An attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system," Microsoft said in an advisory.
"An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation," Microsoft said about CVE-2022-34721 and CVE-2022-34722.
Also resolved by Microsoft are 15 remote code execution flaws in Microsoft ODBC Driver, Microsoft OLE DB Provider for SQL Server, and Microsoft SharePoint Server and five privilege escalation bugs spanning Windows Kerberos and Windows Kernel.
Aside from Microsoft, security updates have also been released by other vendors since the start of the month to rectify dozens of vulnerabilities, including -.
News URL
https://thehackernews.com/2022/09/microsofts-latest-security-update-fixes.html
Related news
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- ‘Sneaky Log’ Microsoft Spoofing Scheme Sidesteps Two-Factor Security (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Microsoft: January Windows security updates break audio playback (source)
- Microsoft shares workaround for Windows security update issues (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-34722 | Unspecified vulnerability in Microsoft products Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 0.0 |
| 2022-09-13 | CVE-2022-34721 | Unspecified vulnerability in Microsoft products Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 0.0 |