September 14, 2022
Microsoft only announced a small number of patched threats (63) for September’s Patch Tuesday. At the outset, that might seem like a time for everyone to breathe a sigh of relief. However, there is 1 zero day and 5 critical vulnerabilities that we need to pay attention to.
The zero-day issue, which has been actively exploited, deals with an Elevation of Privilege vulnerability in the Windows Common Log File System Driver. This local attack, identified as CVE-2022-37969, could result in the attacker gaining system level privileges. The Microsoft FAQ also states that an attacker looking to exploit this vulnerability must already have access and the ability to run code on the target system. The vulnerability does not allow for remote code execution in cases where the attacker does not already have access to the target system.
Of the 5 critical vulnerabilities, Microsoft rates CVE-2022-34718 in the “More Likely” category. This one is categorized as Windows TCP/IP Remote Code Execution Vulnerability.
As always, Balbix can identify all affected assets within 1 hour of release. There are no scans to run. Balbix customers simply search for the CVE name in their Balbix dashboard to view the list of affected assets. Users can also use the filtered search functionality to search for the CVE by site, subnet, location, or other distinguishing factors.