Get in Touch
Most industries will be affected by this patching cycle due to the scope and diversity of patching.
- Five Critical – these vulnerabilities include remote code execution
- 58 Important (High) – vulnerabilities could result in adversary-elevated privileges and significant data loss
- One Low – these vulnerabilities will likely pose little impact to business security.
As part of the Microsoft monthly patching cycle that occurs on the second Tuesday of each month, 64 vulnerabilities, including five critical, have received updates to protect against known flaws.
Flaws within the CVEs are as follows:
- 30 Remote Code Execution
- 18 Elevation of Privilege
- 16 Edge/Chromium
- seven Denial of Service
- seven Denial Information Disclosure
- one Security Feature Bypass.
Critical vulnerabilities pose significant threats to business security as they can cause root-level compromise of servers and infrastructure devices. The most concerning CVE released by this Microsoft update is CVE-2022-34718. This vulnerability can enable an unauthenticated attacker to send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on the targeted machine.
CVE-2022-37969 – Windows Common Log File System Driver Elevation of Privilege Vulnerability is an actively exploited zero-day vulnerability, now fixed with this patching cycle. An attacker who successfully exploited this vulnerability could have gained heightened system privileges.
All additional CVEs including those at critical severity are found below.
- Microsoft Dynamics – CVE-2022-35805
- Microsoft Dynamics – CVE-2022-34700
- Windows IKE Extension – CVE-2022-34722
- Windows IKE Extension – CVE-2022-34721
- Windows TCP/IP – CVE-2022-34718
- .NET and Visual Studio – CVE-2022-38013
- .NET Framework – CVE-2022-26929
- Azure Arc – CVE-2022-38007
- Cache Speculation – CVE-2022-23960
- HTTP.sys – CVE-2022-35838
- Microsoft Graphics – CVE-2022-37954, CVE-2022-38006, CVE-2022-34729, CVE-2022-34728, CVE-2022-35837
- Microsoft Office – CVE-2022-37962
- Microsoft Office SharePoint – CVE-2022-35823, CVE-2022-38009, CVE-2022-38008, CVE-2022-37961
- Microsoft Office Visio – CVE-2022-37963, CVE-2022-38010
- Microsoft Windows ALPC – CVE-2022-34725
- Microsoft Windows Codecs Library – CVE-2022-38011, CVE-2022-38019
- Network Device Enrollment Service (NDES) – CVE-2022-37959
- Role: DNS Server – CVE-2022-34724
- Role: Windows Fax Service – CVE-2022-38004
- SPNEGO Extended Negotiation – CVE-2022-37958
- Visual Studio Code – CVE-2022-38020
- Windows Common Log File System Driver – CVE-2022-35803, CVE-2022-37969
- Windows Credential Roaming Service – CVE-2022-30170
- Windows Defender – CVE-2022-35828
- Windows Distributed File System (DFS) – CVE-2022-34719
- Windows DPAPI (Data Protection Application Programming Interface) – CVE-2022-34723
- Windows Enterprise App Management – CVE-2022-35841
- Windows Event Tracing – CVE-2022-35832
- Windows Group Policy – CVE-2022-37955
- Windows IKE Extension – CVE-2022-34720
- Windows Kerberos – CVE-2022-33647, CVE-2022-33679
- Windows Kernel – CVE-2022-37964, CVE-2022-37956, CVE-2022-37957
- Windows LDAP – Lightweight Directory Access Protocol – CVE-2022-30200
- Windows ODBC Driver – CVE-2022-34726, CVE-2022-34730, CVE-2022-34727, CVE-2022-34732, CVE-2022-34734
- Windows OLE – CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840, CVE-2022-34733, CVE-2022-34731
- Windows Photo Import API – CVE-2022-26928
- Windows Print Spooler Components – CVE-2022-38005
- Windows Remote Access Connection Manager – CVE-2022-35831
- Windows Remote Procedure Call – CVE-2022-35830
- Windows Transport Security Layer (TLS) – CVE-2022-35833, CVE-2022-30196
- Microsoft Edge (Chromium-based) – CVE-2022-38012
Containment, Mitigations & Remediations
Update installation: Microsoft has released several security updates for the above vulnerabilities. Customers are strongly advised to install these updates to protect their network and system environment.
Indicators of Compromise
None published at this time.
Vulnerabilities such as these continue to be exploited by threat actors of all sizes and capabilities. Malicious actors are highly likely to target businesses that are slow to implement regular patching cycles, or inconsistent with them, thus allowing the compromise of sensitive systems, networks and data for the ultimate goal of financial gain.
Attacks using the above CVEs will likely be implemented by opportunistic threat actors.
T1190 – Exploit Public-Facing Application
T1068 – Exploitation for Privilege Escalation
T1210 – Exploitation of Remote Services