Home / About / Threat Intelligence / Microsoft releases 64 fixes as part of their monthly update cycle

Target Industry

Most industries will be affected by this patching cycle due to the scope and diversity of patching.

Overview

Severity levels:

  • Five Critical – these vulnerabilities include remote code execution
  • 58 Important (High) – vulnerabilities could result in adversary-elevated privileges and significant data loss
  • One Low – these vulnerabilities will likely pose little impact to business security.

As part of the Microsoft monthly patching cycle that occurs on the second Tuesday of each month, 64 vulnerabilities, including five critical, have received updates to protect against known flaws.

Flaws within the CVEs are as follows:

  • 30 Remote Code Execution
  • 18 Elevation of Privilege
  • 16 Edge/Chromium
  • seven Denial of Service
  • seven Denial Information Disclosure
  • one Security Feature Bypass.

Impact

Critical vulnerabilities pose significant threats to business security as they can cause root-level compromise of servers and infrastructure devices. The most concerning CVE released by this Microsoft update is CVE-2022-34718. This vulnerability can enable an unauthenticated attacker to send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on the targeted machine.

CVE-2022-37969 – Windows Common Log File System Driver Elevation of Privilege Vulnerability is an actively exploited zero-day vulnerability, now fixed with this patching cycle. An attacker who successfully exploited this vulnerability could have gained heightened system privileges.

All additional CVEs including those at critical severity are found below.

Affected Products

Critical:

Important (High):

Low:

Containment, Mitigations & Remediations

Update installation: Microsoft has released several security updates for the above vulnerabilities. Customers are strongly advised to install these updates to protect their network and system environment.

Indicators of Compromise

None published at this time.

Threat Landscape

Vulnerabilities such as these continue to be exploited by threat actors of all sizes and capabilities. Malicious actors are highly likely to target businesses that are slow to implement regular patching cycles, or inconsistent with them, thus allowing the compromise of sensitive systems, networks and data for the ultimate goal of financial gain.

Threat Group

Attacks using the above CVEs will likely be implemented by opportunistic threat actors.

Mitre Methodologies

T1190 – Exploit Public-Facing Application

T1068 – Exploitation for Privilege Escalation

T1210 – Exploitation of Remote Services

Further Information

Microsoft Vulnerability Blog

Intelligence Terminology Yardstick