Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month. September’s security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday. There are two moderate-severity vulnerabilities in this release and a low-security issue that’s already been patched as a part of a recent Google Chromium update. The remainder is considered “important.” The most serious vulnerability exists in several versions of Windows Server and Windows 10 that could allow an attacker to gain the ability to execute remote code (RCE) by sending a singular, specially crafted IPv6 packet to a Windows node where IPSec is enabled. CVE-2022-34718 only affects instances that have IPSec enabled. This vulnerability has a severity score of 9.8 out of 10 and is considered “more likely” to be exploited by Microsoft. Microsoft disclosed one vulnerability that’s being actively exploited in the wild — CVE-2022-37969. Microsoft’s advisory states this vulnerability is already circulating in the wild and could allow an attacker to gain SYSTEM-level privileges by exploiting the Windows Common Log File System Driver. The adversary must first have the access to the targeted system and then run specific code, though no user interaction is required.

CVE-2022-34721 and CVE-2022-34722 also have severity scores of 9.8, though they are “less likely” to be exploited, according to Microsoft. These are remote code execution vulnerabilities in the Windows Internet Key Exchange protocol that could be triggered if an attacker sends a specially crafted IP packet.

Two other critical vulnerabilities, CVE-2022-35805 and CVE-2022-34700 exist in on-premises instances of Microsoft Dynamics 365. An authenticated attacker could exploit these vulnerabilities to run a specially crafted trusted solution package and execute arbitrary SQL commands. The attacker could escalate their privileges further and execute commands as the database owner. Talos would also like to highlight five important vulnerabilities that Microsoft considers to be “more likely” to be exploited:

CVE-2022-37957 — Windows Kernel Elevation of Privilege Vulnerability CVE-2022-35803 — Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2022-37954 — DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2022-34725 — Windows ALPC Elevation of Privilege Vulnerability CVE-2022-34729 — Windows GDI Elevation of Privilege Vulnerability

A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page. In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. The rules included in this release that protect against the exploitation of many of these vulnerabilities are 60546, 60547, 60549, 60550 and 60552 - 60554. We’ve also released Snort 3 rules 300266 - 300270.

TALOS
#sql#vulnerability#windows#google#microsoft#cisco#rce#auth#chrome

By Jon Munshaw and Asheer Malhotra.

Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month.

September’s security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday. There are two moderate-severity vulnerabilities in this release and a low-security issue that’s already been patched as a part of a recent Google Chromium update. The remainder is considered “important.”

The most serious vulnerability exists in several versions of Windows Server and Windows 10 that could allow an attacker to gain the ability to execute remote code (RCE) by sending a singular, specially crafted IPv6 packet to a Windows node where IPSec is enabled. CVE-2022-34718 only affects instances that have IPSec enabled. This vulnerability has a severity score of 9.8 out of 10 and is considered “more likely” to be exploited by Microsoft.

Microsoft disclosed one vulnerability that’s being actively exploited in the wild — CVE-2022-37969. Microsoft’s advisory states this vulnerability is already circulating in the wild and could allow an attacker to gain SYSTEM-level privileges by exploiting the Windows Common Log File System Driver. The adversary must first have the access to the targeted system and then run specific code, though no user interaction is required.

CVE-2022-34721 and CVE-2022-34722 also have severity scores of 9.8, though they are “less likely” to be exploited, according to Microsoft. These are remote code execution vulnerabilities in the Windows Internet Key Exchange protocol that could be triggered if an attacker sends a specially crafted IP packet.

Two other critical vulnerabilities, CVE-2022-35805 and CVE-2022-34700 exist in on-premises instances of Microsoft Dynamics 365. An authenticated attacker could exploit these vulnerabilities to run a specially crafted trusted solution package and execute arbitrary SQL commands. The attacker could escalate their privileges further and execute commands as the database owner.

Talos would also like to highlight five important vulnerabilities that Microsoft considers to be “more likely” to be exploited:

  • CVE-2022-37957 — Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2022-35803 — Windows Common Log File System Driver Elevation of Privilege Vulnerability
  • CVE-2022-37954 — DirectX Graphics Kernel Elevation of Privilege Vulnerability
  • CVE-2022-34725 — Windows ALPC Elevation of Privilege Vulnerability
  • CVE-2022-34729 — Windows GDI Elevation of Privilege Vulnerability

A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 60546, 60547, 60549, 60550 and 60552 - 60554. We’ve also released Snort 3 rules 300266 - 300270.

Related news

Carbanak Banking Malware Resurfaces with New Ransomware Tactics

The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. "Carbanak returned last month through new

Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20

Microsoft (& Apple) Patch Tuesday, April 2023 Edition

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones, iPads and Macs.

Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs

The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.

Microsoft Patch Tuesday for April 2023 — Snort rules and prominent vulnerabilities

April is the third month in a row in which at least one of the vulnerabilities Microsoft released in a Patch Tuesday had been exploited in the wild prior to disclosure.

Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are

CVE-2022-45103: DSA-2022-340: Dell Unisphere for PowerMax, Dell Unisphere for PowerMax vApp, Dell Solutions Enabler vApp, Dell Unisphere 360, Dell VASA Provider vApp, and Dell PowerMax EMB Mgmt Security Update for Mu

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.

4 over-hyped security vulnerabilities of 2022

Categories: Exploits and vulnerabilities Categories: News Tags: wormable Tags: zero-day Tags: spring4shell Tags: cve-2022-34718 Tags: log4j Tags: openssl Tags: cve-2022-36934 Tags: cve-2022-27492 Tags: cve-2022-22965 Tags: cve-2022-22963 What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022? (Read more...) The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.

Cyber-Threat Group Targets Critical RCE Vulnerability in 'Bleed You' Campaign

More than 1,000 systems are exposed to a campaign hunting weak Windows servers and more.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Researchers Reveal Detail for Windows Zero-Day Vulnerability Patched Last Month

Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that it was being actively exploited in the wild. "

Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws

Plus: WhatsApp plugs holes that could be used for remote execution attacks, Microsoft patches a zero-day vulnerability, and more.

Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB

Hello everyone! Let’s take a look at Microsoft’s September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual. Alternative […]

Update now! Microsoft patches two zero-days

Categories: News Tags: CVE-2022-37969 Tags: CVE-2022-23960 Tags: CVE-2022-35805 Tags: CVE-2022-34700 Tags: CVE-2022-34718 Tags: CVE-2022-34721 Tags: CVE-2022-34722 Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Cisco Tags: Google Tags: Samsung Tags: SAP Tags: VMWare The September 2022 Patch Tuesday updates includes two zero-day vulnerabilities, one of which is known to be used in attacks (Read more...) The post Update now! Microsoft patches two zero-days appeared first on Malwarebytes Labs.

Microsoft's Latest Security Update Fixes 64 New Flaws, Including a Zero-Day

Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

This month's Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which includes a nifty new privacy and security feature called "Lockdown Mode." And Adobe axed 63 vulnerabilities in a range of products.

Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs

In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.

CVE-2022-37957

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37964.

CVE-2022-35805

Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34700.

CVE-2022-34729

Windows GDI Elevation of Privilege Vulnerability.

CVE-2022-37969

Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.

CVE-2022-34700

Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35805.

CVE-2022-34722

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34721.

CVE-2022-34721

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722.

CVE-2022-37954

DirectX Graphics Kernel Elevation of Privilege Vulnerability.

CVE-2022-34718

Windows TCP/IP Remote Code Execution Vulnerability.

CVE-2022-34725

Windows ALPC Elevation of Privilege Vulnerability.

TALOS: Latest News

Malicious QR Codes: How big of a problem is it, really?