Elain Brown Tech 09.13.2022 23:Sep PM EDT

Microsoft’s Patch Tuesday September 2022 Release Fixes for 63 Vulnerabilities

Microsoft's Patch for Tuesday September 2022 rolls out fixes for numerous bugs.

Microsoft rolls out an update to Patch Tuesday that includes fixes for 63 vulnerabilities that have been detected in the system.

The patch also includes fixes for the five vulnerabilities that have been classified as critical to users. Additionally, it also remedies the actively exploited weaknesses in the system.

Leaving these vulnerabilities unattended in the software leaves the large user base of Microsoft susceptible to malicious threats and attacks from bad actors.

Patch Tuesday is the term that Microsoft has coined for the monthly update it rolls out to its users. Usually, the patches involve security improvements, enhanced features, and tweaks to how the system functions on the back end.

Microsoft schedules the release of security updates on "Patch Tuesday," the second Tuesday of each month at 10:00 AM PST.

In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

Microsoft's Patch Tuesday September 2022

Microsoft's Patch Tuesday September 2022 rolls out fixes for 63 flaws, including a Windows vulnerability that is actively being exploited in the wild.

The most recent patch incorporates additional security measures to address the vulnerabilities. These updates include defense-in-depth updates, which will assist in improving features that are related to security.

Below is the list BleepingComputer composed that represents the number of bugs in each category of vulnerability:

1 Security Feature Bypass Vulnerabilities
7 Denial of Service Vulnerabilities
7 Information Disclosure Vulnerabilities
16 Edge - Chromium Vulnerabilities
18 Elevation of Privilege Vulnerabilities
30 Remote Code Execution Vulnerabilities

The list does not include the previous 16 vulnerabilities that were patched by Microsoft before Patch Tuesday.

Prior to today's Patch Tuesday, Microsoft released Windows 10 KB5017308 and KB5017315, which addressed twenty different bugs in addition to performance problems.

This update was for Windows 10 users with version 1809, version 21H1, and version 21H2.

This update includes a variety of different safety enhancements to the internal functionality of the operating system. In addition to that, it included two brand new functions.

The new features include an enhanced level of protection in Microsoft Defender against ransomware and other forms of malicious attack, as well as the capability for IT administrators to remotely control language-related features on Windows 10.

Microsoft Fixes Zero-Day Vulnerabilities

Microsoft's Patch Tuesday September 2022 fixes two zero-day vulnerabilities that have been publicly disclosed by the company. One of them has been reported to have been used by malicious actors.

As reported by BleepingComputer, the zero-day vulnerability that was being actively exploited was patched today and is being tracked as "CVE-2022-37969 - Windows Common Log File System Driver Elevation of Privilege Vulnerability."

According to Microsoft, malicious actors who successfully exploited this vulnerability would be able to gain SYSTEM privileges on the target system.

However, in situations in which the hacker does not already have the ability to execute code remotely on the target system, this tactic does not make it possible for them to do so remotely.

Researchers from Zscaler, Mandiant, DBAPPSecurity, and CrowdStrike, were the ones who uncovered the vulnerability that was exploited.

In addition, the other vulnerability that has been made public is referred to as the "CVE-2022-23960 - Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability."

Spectre-BHB is the name of the vulnerability that is being addressed by CVE-2022-23960. Researchers at VUSec disclosed in March a vulnerability known as Branch History Injection (BHI), which allows for speculative execution.