December 10, 2022

M-Dudes

Your Partner in The Digital Era

Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws

Tag CVE ID CVE Title Severity .NET and Visual Studio CVE-2022-38013 .NET Core and Visual Studio Denial of Service Vulnerability Important .NET Framework CVE-2022-26929 .NET Framework Remote Code Execution Vulnerability Important Azure Arc CVE-2022-38007 Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability Important Cache Speculation CVE-2022-23960 Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability Important HTTP.sys CVE-2022-35838 HTTP V3 Denial of Service Vulnerability Important Microsoft Dynamics CVE-2022-35805 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability Critical Microsoft Dynamics CVE-2022-34700 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability Critical Microsoft Edge (Chromium-based) CVE-2022-3053 Chromium: CVE-2022-3053 Inappropriate implementation in Pointer Lock Unknown Microsoft Edge (Chromium-based) CVE-2022-3047 Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions API Unknown Microsoft Edge (Chromium-based) CVE-2022-3054 Chromium: CVE-2022-3054 Insufficient policy enforcement in DevTools Unknown Microsoft Edge (Chromium-based) CVE-2022-3041 Chromium: CVE-2022-3041 Use after free in WebSQL Unknown Microsoft Edge (Chromium-based) CVE-2022-3040 Chromium: CVE-2022-3040 Use after free in Layout Unknown Microsoft Edge (Chromium-based) CVE-2022-3046 Chromium: CVE-2022-3046 Use after free in Browser Tag Unknown Microsoft Edge (Chromium-based) CVE-2022-3039 Chromium: CVE-2022-3039 Use after free in WebSQL Unknown Microsoft Edge (Chromium-based) CVE-2022-3045 Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8 Unknown Microsoft Edge (Chromium-based) CVE-2022-3044 Chromium: CVE-2022-3044 Inappropriate implementation in Site Isolation Unknown Microsoft Edge (Chromium-based) CVE-2022-3057 Chromium: CVE-2022-3057 Inappropriate implementation in iframe Sandbox Unknown Microsoft Edge (Chromium-based) CVE-2022-3075 Chromium: CVE-2022-3075 Insufficient data validation in Mojo Unknown Microsoft Edge (Chromium-based) CVE-2022-3058 Chromium: CVE-2022-3058 Use after free in Sign-In Flow Unknown Microsoft Edge (Chromium-based) CVE-2022-3038 Chromium: CVE-2022-3038 Use after free in Network Service Unknown Microsoft Edge (Chromium-based) CVE-2022-3056 Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security Policy Unknown Microsoft Edge (Chromium-based) CVE-2022-3055 Chromium: CVE-2022-3055 Use after free in Passwords Unknown Microsoft Edge (Chromium-based) CVE-2022-38012 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Low Microsoft Graphics Component CVE-2022-37954 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important Microsoft Graphics Component CVE-2022-38006 Windows Graphics Component Information Disclosure Vulnerability Important Microsoft Graphics Component CVE-2022-34729 Windows GDI Elevation of Privilege Vulnerability Important Microsoft Graphics Component CVE-2022-34728 Windows Graphics Component Information Disclosure Vulnerability Important Microsoft Graphics Component CVE-2022-35837 Windows Graphics Component Information Disclosure Vulnerability Important Microsoft Office CVE-2022-37962 Microsoft PowerPoint Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2022-35823 Microsoft SharePoint Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2022-38009 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2022-38008 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2022-37961 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Office Visio CVE-2022-37963 Microsoft Office Visio Remote Code Execution Vulnerability Important Microsoft Office Visio CVE-2022-38010 Microsoft Office Visio Remote Code Execution Vulnerability Important Microsoft Windows ALPC CVE-2022-34725 Windows ALPC Elevation of Privilege Vulnerability Important Microsoft Windows Codecs Library CVE-2022-38011 Raw Image Extension Remote Code Execution Vulnerability Important Microsoft Windows Codecs Library CVE-2022-38019 AV1 Video Extension Remote Code Execution Vulnerability Important Network Device Enrollment Service (NDES) CVE-2022-37959 Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability Important Role: DNS Server CVE-2022-34724 Windows DNS Server Denial of Service Vulnerability Important Role: Windows Fax Service CVE-2022-38004 Windows Fax Service Remote Code Execution Vulnerability Important SPNEGO Extended Negotiation CVE-2022-37958 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability Important Visual Studio Code CVE-2022-38020 Visual Studio Code Elevation of Privilege Vulnerability Important Windows Common Log File System Driver CVE-2022-35803 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important Windows Common Log File System Driver CVE-2022-37969 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important Windows Credential Roaming Service CVE-2022-30170 Windows Credential Roaming Service Elevation of Privilege Vulnerability Important Windows Defender CVE-2022-35828 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability Important Windows Distributed File System (DFS) CVE-2022-34719 Windows Distributed File System (DFS) Elevation of Privilege Vulnerability Important Windows DPAPI (Data Protection Application Programming Interface) CVE-2022-34723 Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability Important Windows Enterprise App Management CVE-2022-35841 Windows Enterprise App Management Service Remote Code Execution Vulnerability Important Windows Event Tracing CVE-2022-35832 Windows Event Tracing Denial of Service Vulnerability Important Windows Group Policy CVE-2022-37955 Windows Group Policy Elevation of Privilege Vulnerability Important Windows IKE Extension CVE-2022-34722 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Critical Windows IKE Extension CVE-2022-34720 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important Windows IKE Extension CVE-2022-34721 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Critical Windows Kerberos CVE-2022-33647 Windows Kerberos Elevation of Privilege Vulnerability Important Windows Kerberos CVE-2022-33679 Windows Kerberos Elevation of Privilege Vulnerability Important Windows Kernel CVE-2022-37964 Windows Kernel Elevation of Privilege Vulnerability Important Windows Kernel CVE-2022-37956 Windows Kernel Elevation of Privilege Vulnerability Important Windows Kernel CVE-2022-37957 Windows Kernel Elevation of Privilege Vulnerability Important Windows LDAP – Lightweight Directory Access Protocol CVE-2022-30200 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important Windows ODBC Driver CVE-2022-34726 Microsoft ODBC Driver Remote Code Execution Vulnerability Important Windows ODBC Driver CVE-2022-34730 Microsoft ODBC Driver Remote Code Execution Vulnerability Important Windows ODBC Driver CVE-2022-34727 Microsoft ODBC Driver Remote Code Execution Vulnerability Important Windows ODBC Driver CVE-2022-34732 Microsoft ODBC Driver Remote Code Execution Vulnerability Important Windows ODBC Driver CVE-2022-34734 Microsoft ODBC Driver Remote Code Execution Vulnerability Important Windows OLE CVE-2022-35834 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability Important Windows OLE CVE-2022-35835 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability Important Windows OLE CVE-2022-35836 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability Important Windows OLE CVE-2022-35840 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability Important Windows OLE CVE-2022-34733 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability Important Windows OLE CVE-2022-34731 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability Important Windows Photo Import API CVE-2022-26928 Windows Photo Import API Elevation of Privilege Vulnerability Important Windows Print Spooler Components CVE-2022-38005 Windows Print Spooler Elevation of Privilege Vulnerability Important Windows Remote Access Connection Manager CVE-2022-35831 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important Windows Remote Procedure Call CVE-2022-35830 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important Windows TCP/IP CVE-2022-34718 Windows TCP/IP Remote Code Execution Vulnerability Critical Windows Transport Security Layer (TLS) CVE-2022-35833 Windows Secure Channel Denial of Service Vulnerability Important Windows Transport Security Layer (TLS) CVE-2022-30196 Windows Secure Channel Denial of Service Vulnerability Important