Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

September, 2022: Patch Tuesday - Two Zero Days; Five Critical

Welcome to my September Patch Tuesday newsletter. It's an average month with Microsoft releasing patches for 90 different CVE's of which 5 are rated as critical. There are two zero days (highlighted in bold) in the chart below. One of them (highlighted with ***) has been detected as already being actively exploited in the wild. So you will want to apply these updates as soon as possible and make sure the pending reboots happen ASAP. You will notice that I have also highlighted some CVE's with orange in italics. These have been given an exploitability assessment by Microsoft rated "Exploitation More Likely". So please make sure these get applied as soon as possible. If you have Dynamics 9.0 or 9.1 installed on-prem, then you'll want to make sure both critical updates get applied very soon. Microsoft reports that an attacker could run specially crafted trusted solution packages to gain db_owner to your Dyanmics database. Keep in mind that the OS updates in the chart below also apply to Server Core installations. Make sure those don't get looked over.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 7, 8.1, RT 8.1, 10, 11 Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations 2022 Azure Edition Hotpatch AV1 Video Extension Raw Image Extension	Critical	CVE-2022-23960 CVE-2022-26928 CVE-2022-30170 CVE-2022-30196 CVE-2022-30200 CVE-2022-33647 CVE-2022-33679 CVE-2022-34711 *CVE-2022-34718* CVE-2022-34719 CVE-2022-34720 CVE-2022-34721 CVE-2022-34722 CVE-2022-34723 CVE-2022-34724 *CVE-2022-34725* CVE-2022-34726 CVE-2022-34727 CVE-2022-34728 CVE-2022-34729 CVE-2022-34730 CVE-2022-34731 CVE-2022-34732 CVE-2022-34733 CVE-2022-34734 CVE-2022-35803 CVE-2022-35822 CVE-2022-35830 CVE-2022-35831 CVE-2022-35832 CVE-2022-35833 CVE-2022-35834 CVE-2022-35835 CVE-2022-35836 CVE-2022-35837 CVE-2022-35838 CVE-2022-35840 CVE-2022-35841 CVE-2022-37954 CVE-2022-37955 CVE-2022-37956 CVE-2022-37957 CVE-2022-37958 CVE-2022-37959 CVE-2022-37964 CVE-2022-37969*** CVE-2022-38004 CVE-2022-38005 CVE-2022-38006 CVE-2022-38011 CVE-2022-38019	Workaround: No Exploited: Yes* Public: Yes**	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass
Edge	Chromium-based	Low	CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2860 CVE-2022-2861 CVE-2022-3038 CVE-2022-3039 CVE-2022-3040 CVE-2022-3041 CVE-2022-3044 CVE-2022-3045 CVE-2022-3046 CVE-2022-3047 CVE-2022-3053 CVE-2022-3054 CVE-2022-3055 CVE-2022-3056 CVE-2022-3057 CVE-2022-3058 CVE-2022-3075 CVE-2022-38012	Workaround: No Exploited: No Public: No	Remote Code Execution
Office	365 Apps for Enterprise Office 2013 RT SP1, 2013 SP1, 2016, 2019, LTSC 2021 2019 for Mac, LTSC Mac 2021 Visio 2013 SP1, 2016	Important	CVE-2022-37962 CVE-2022-37963 CVE-2022-38010	Workaround: No Exploited: No Public: No	Remote Code Execution
SharePoint	Enterprise Server 2013 SP1, 2016 Foundation 2013 SP1 Server 2019 Server Subscription Edition including Language Pack	Important	CVE-2022-35823 CVE-2022-37961 CVE-2022-38008 CVE-2022-38009	Workaround: No Exploited: No Public: No	Remote Code Execution
Azure	Arc Guest Configuration	Important	CVE-2022-38007	Workaround: No Exploited: No Public: No	Elevation of Privilege
Visual Studio	2019 16.11 and earlier 2022 17.3, 17.2, 17.0 2022 for Mac 17.3 VS Code	Important	CVE-2022-38013 CVE-2022-38020	Workaround: No Exploited: No Public: No	Denial of Service Elevation of Privilege
.NET	Core 3.1 6.0 Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1	Important	CVE-2022-26929 CVE-2022-38013	Workaround: No Exploited: No Public: No	Denial of Service Remote Code Execution
Dynamics	CRM 9.0/9.1 on-prem	Critical	CVE-2022-34700 CVE-2022-35805	Workaround: No Exploited: No Public: No	Remote Code Execution
System Center	Defender for Endpoint for Mac	Important	CVE-2022-35828	Workaround: No Exploited: No Public: No	Elevation of Privilege

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

September 2022 Patch Monday	"Patch Tuesday - Two Zero Days; Five Critical "

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2022 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.