Microsoft\u2019s vulnerability hunters have presented a fresh catch: 64 vulnerabilities in its various products and services \u2014 five of which are critical. Two vulnerabilities were publicly disclosed before the patch was released (which technically makes them zero-days), and one is being actively exploited by attackers. As usual, we recommend installing updates with no delay. In the meantime, we\u2019ll briefly talk about the vulnerabilities that deserve special attention.<\/p>\n
CVE-2022-37969<\/a> is a zero-day vulnerability in the Common Log File System driver. This is not the most dangerous bug of those that were patched by the latest update (its CVSS rating is only 7.8), since, in order to take advantage of it, attackers need to somehow gain access to the victim\u2019s computer. However, successful exploitation will allow them to elevate their privileges to SYSTEM. According to Microsoft some attackers are already using the exploit for this vulnerability in the wild; therefore, it should be patched as soon as possible.<\/p>\n All five newly fixed critical vulnerabilities belong to the remote code execution (RCE)<\/a> class; that is, they can be used to run arbitrary code on victim computers.<\/p>\n CVE-2022-23960<\/a> is the second vulnerability that was publicly disclosed before the patch. Theoretically, this could have meant that attackers could have started using it before it was patched, but it doesn\u2019t seem to have been the case. In fact, CVE-2022-23960 is yet another variation of the Spectre<\/a> vulnerability, which interferes with a processor\u2019s speculative execution of instructions mechanism. In other words, the probability of its use in real attacks is extremely small \u2014 the danger is somewhat theoretical. What\u2019s more, this vulnerability is only relevant for the Windows 11 on ARM64-based systems, which makes exploitation even less practical.<\/p>\n There are surprisingly few non-dangerous vulnerabilities in the September Patch Tuesday update \u2014 only one has a low severity rating and another has a medium rating. The remaining 57, although not as dangerous as the five aforementioned critical ones, still belong to the \u201cimportant\u201d category. Therefore, as we already recommended at the beginning of this post, it\u2019s better to update without delay.<\/p>\n First of all, you should fix the already patched vulnerabilities<\/a>. In addition, we recommend protecting all computers and servers connected to the internet with security solutions<\/a> equipped with technologies for vulnerability detection and exploit prevention. This will help defend your company against both known and yet unknown vulnerabilities.<\/p>\n\n","protected":false},"excerpt":{"rendered":" It\u2019s time to update! Microsoft patches 64 vulnerabilities in a variety of products and components \u2014 from Windows and Office to Defender and Azure.<\/p>\n","protected":false},"author":2698,"featured_media":24943,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1836,2360,2361,2026],"tags":[1353,38,893,268,113],"class_list":{"0":"post-24942","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"category-threats","11":"tag-0days","12":"tag-microsoft","13":"tag-office","14":"tag-vulnerabilities","15":"tag-windows"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/microsoft-patch-tuesday-september-2022\/24942\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/microsoft-patch-tuesday-september-2022\/24585\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/microsoft-patch-tuesday-september-2022\/20051\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/microsoft-patch-tuesday-september-2022\/27042\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/microsoft-patch-tuesday-september-2022\/25288\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/microsoft-patch-tuesday-september-2022\/27622\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/microsoft-patch-tuesday-september-2022\/27203\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/microsoft-patch-tuesday-september-2022\/33988\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/microsoft-patch-tuesday-september-2022\/11031\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/microsoft-patch-tuesday-september-2022\/45501\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/microsoft-patch-tuesday-september-2022\/19427\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/microsoft-patch-tuesday-september-2022\/20018\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/microsoft-patch-tuesday-september-2022\/29252\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/microsoft-patch-tuesday-september-2022\/28468\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/microsoft-patch-tuesday-september-2022\/25458\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/microsoft-patch-tuesday-september-2022\/30992\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/microsoft-patch-tuesday-september-2022\/30687\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/vulnerabilities\/","name":"vulnerabilities"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/24942","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/2698"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=24942"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/24942\/revisions"}],"predecessor-version":[{"id":24944,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/24942\/revisions\/24944"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/24943"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=24942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=24942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=24942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Critical vulnerabilities<\/h2>\n
\n
A vulnerability relevant to ARM processors \u2014 CVE-2022-23960<\/h2>\n
Other vulnerabilities<\/h2>\n
How to stay safe<\/h2>\n