{"id":26530,"date":"2022-09-13T22:54:47","date_gmt":"2022-09-13T20:54:47","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=26530"},"modified":"2022-09-14T23:36:56","modified_gmt":"2022-09-14T21:36:56","slug":"microsoft-security-update-summary-13-september-2022","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/09\/13\/microsoft-security-update-summary-13-september-2022\/","title":{"rendered":"Microsoft Security Update Summary (September 13, 2022)"},"content":{"rendered":"<p><img decoding=\"async\" style=\"margin: 0px 10px 0px 0px;\" title=\"Update\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/06\/Update-01.jpg\" alt=\"Update\" align=\"left\" border=\"0\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/09\/13\/microsoft-security-update-summary-13-september-2022\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]On September 13, 2022, Microsoft released security updates for Windows clients and servers, for Office, etc. &#8211; as well as for other products &#8211; were released. The security updates also eliminate 63 vulnerabilities, 5 of which are critical and one 0-day vulnerability. Below is a compact overview of these updates released on patchday.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg01.met.vgwort.de\/na\/0808958f7ac64c8c98198d3917dc181b\" alt=\"\" width=\"1\" height=\"1\" \/>A list of the updates can be found on <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-us\" target=\"_blank\" rel=\"noopener\">this Microsoft page<\/a>. Details about the update packages for Windows, Office, etc. are available in separate blog posts.<\/p>\n<h2>Notes on the updates<\/h2>\n<p>Windows 10 version 20H2 to 21H2 use a common core and have an identical set of system files. Therefore, the same security update will be delivered for these Windows 10 versions. Information on how to enable the features of Windows 10, which is done through an Enablement Package update, can be found in <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Windows-IT-Pro-Blog\/Windows-10-version-1909-delivery-options\/ba-p\/1002660\" target=\"_blank\" rel=\"noopener\">this Techcommunity post<\/a>.<\/p>\n<p>All Windows 10 updates are cumulative. The monthly patchday update includes all security fixes for Windows 10 and all non-security fixes through patchday. In addition to vulnerability security patches, the updates include security enhancement measures. Microsoft is integrating the Servicing Stack Updates (SSUs) into the Latest Cumulative Updates (LCUs) for newer versions of Windows 10. A list of the latest SSUs can be found at <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/ADV990001\">ADV990001<\/a> (although the list is not always up-to-date).<\/p>\n<p>Windows 7 SP1 is no longer supported as of January 2020. Only customers with a 3rd year ESU license (or bypass measures) will still receive updates. With the current ESU bypass lets install the update. Updates can also be downloaded from the Microsoft Update Catalog. The updates for Windows RT 8.1 and Microsoft Office RT are only available via Windows Update.<\/p>\n<h2>Vulnerabilities fixed<\/h2>\n<p>The September 2022 security updates fix 63 vulnerabilities, including 5 critical and one 0-day vulnerability. A list of all covered CVEs can be found on <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/\" target=\"_blank\" rel=\"noopener\">this Microsoft page<\/a>. Tenable also has <a href=\"https:\/\/www.tenable.com\/blog\/microsofts-september-2022-patch-tuesday-addresses-62-cves-cve-2022-37969\" target=\"_blank\" rel=\"noopener\">this blog post<\/a> with an overview of the fixed vulnerabilities. Here are some important and critical vulnerabilities:<\/p>\n<ul>\n<li><u><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-37969\" target=\"_blank\" rel=\"noopener\">CVE-2022-37969<\/a><\/u>: Windows Common Log File System Driver Elevation of Privilege Vulnerability, Important,\u00a0 EoP vulnerability in the Windows Common Log File System (CLFS) driver. According to Microsoft, this vulnerability has already been exploited. They also point out that it was publicly disclosed before a patch was available.<\/li>\n<li><u><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-24521\" target=\"_blank\" rel=\"noopener\">CVE-2022-24521<\/a>:<\/u> Important, a similar vulnerability in CLFS, was patched earlier this year as part of Microsoft's Patch Tuesday release in April. The CVE-2022-24521 vulnerability was reported to Microsoft by the National Security Agency (NSA) and CrowdStrike, which has also been exploited in the wild. CVE-2022-37969 has been attributed to multiple groups, including CrowdStrike, although it is currently unclear whether CVE-2022-37969 may be a workaround for patching CVE-2022-24521.<\/li>\n<li><u><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-34718\" target=\"_blank\" rel=\"noopener\">CVE-2022-34718<\/a><\/u>: an RCE in Windows TCP\/IP that received a CVSSv3 score of 9.8 and was rated \"Exploitation More Likely\" according to Microsoft's Exploitability Index. This vulnerability can only be exploited against systems with Internet Protocol Security (IPsec) enabled. If successfully exploited, an unauthenticated attacker could gain remote code execution. Microsoft has released patches for all supported versions of Windows, including Server Core editions.<\/li>\n<li><u><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-34721\" target=\"_blank\" rel=\"noopener\">CVE-2022-34721<\/a><\/u> und <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-34722\" target=\"_blank\" rel=\"noopener\">CVE-2022-34722<\/a><u><\/u>: Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability, Critical, RCE vulnerabilities in the Windows IKE protocol extensions, which received a CVSSv3 score of 9.8 and were rated as Exploitation Less Likely. The IKE protocol is a component of IPsec used to establish security connections (relationships between devices based on shared security attributes). These vulnerabilities would allow an unauthenticated, remote attacker to send a specially crafted IP packet to a target with IPsec enabled and achieve remote code execution. IPsec is used to protect sensitive data and is often used in virtual private networks. Below is the list of critical and important security updates &#8211; details of which will be reported in separate blog posts.<\/li>\n<li><u><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-37956\" target=\"_blank\" rel=\"noopener\">CVE-2022-37956<\/a><\/u>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-37957\" target=\"_blank\" rel=\"noopener\">CVE-2022-37957<\/a><u><\/u> und <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-37964\" target=\"_blank\" rel=\"noopener\">CVE-2022-37964<\/a>: Windows Kernel Elevation of Privilege Vulnerability, Important, EoP vulnerabilities affecting the Windows kernel. All three vulnerabilities received CVSSv3 scores of 7.8 and could allow an attacker to gain SYSTEM-level privileges if exploited. Of the three vulnerabilities, only CVE-2022-37957 was rated as Exploitation More Likely. Oddly enough, all three affect different versions of Windows. For example, CVE-2022-37964 only affects Windows 7, Windows Server 2008 and 2008 R2. CVE-2022-37956 affects all supported versions of Windows and Windows Server, while CVE-2022-37957 affects only Windows 10 and later, including Windows Server versions 2016, 2019 and 2022.<\/li>\n<\/ul>\n<p>The colleagues from Bleeping Computer have <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-september-2022-patch-tuesday-fixes-zero-day-used-in-attacks-63-flaws\/\" target=\"_blank\" rel=\"noopener\">published<\/a> a complete list of all patched CVE vulnerabilities here. Below is the list of patched products:<\/p>\n<h3>Critical Security Updates<\/h3>\n<p>Windows 10 for 32-bit Systems<br \/>\nWindows 10 for x64-based Systems<br \/>\nWindows 10 Version 1607 for 32-bit Systems<br \/>\nWindows 10 Version 1607 for x64-based Systems<br \/>\nWindows 10 Version 1809 for 32-bit Systems<br \/>\nWindows 10 Version 1809 for ARM64-based Systems<br \/>\nWindows 10 Version 1809 for x64-based Systems<br \/>\nWindows 10 Version 20H2 for 32-bit Systems<br \/>\nWindows 10 Version 20H2 for ARM64-based Systems<br \/>\nWindows 10 Version 20H2 for x64-based Systems<br \/>\nWindows 10 Version 21H1 for 32-bit Systems<br \/>\nWindows 10 Version 21H1 for ARM64-based Systems<br \/>\nWindows 10 Version 21H1 for x64-based Systems<br \/>\nWindows 10 Version 21H2 for 32-bit Systems<br \/>\nWindows 10 Version 21H2 for ARM64-based Systems<br \/>\nWindows 10 Version 21H2 for x64-based Systems<br \/>\nWindows 11 for ARM64-based Systems<br \/>\nWindows 11 for x64-based Systems<br \/>\nWindows 8.1 for 32-bit systems<br \/>\nWindows 8.1 for x64-based systems<br \/>\nWindows RT 8.1<br \/>\nWindows Server 2012<br \/>\nWindows Server 2012 (Server Core installation)<br \/>\nWindows Server 2012 R2<br \/>\nWindows Server 2012 R2 (Server Core installation)<br \/>\nWindows Server 2016<br \/>\nWindows Server 2016 (Server Core installation)<br \/>\nWindows Server 2019<br \/>\nWindows Server 2019 (Server Core installation)<br \/>\nWindows Server 2022<br \/>\nWindows Server 2022 (Server Core installation)<br \/>\nWindows Server 2022 Azure Edition Core Hotpatch<br \/>\nMicrosoft Dynamics CRM (on-premises) 9.0<br \/>\nMicrosoft Dynamics CRM (on-premises) 9.1<\/p>\n<h3>Important Security Updates<\/h3>\n<p>Microsoft 365 Apps for Enterprise for 32-bit Systems<br \/>\nMicrosoft 365 Apps for Enterprise for 64-bit Systems<br \/>\nMicrosoft Office 2013 RT Service Pack 1<br \/>\nMicrosoft Office 2013 Service Pack 1 (32-bit editions)<br \/>\nMicrosoft Office 2013 Service Pack 1 (64-bit editions)<br \/>\nMicrosoft Office 2016 (32-bit edition)<br \/>\nMicrosoft Office 2016 (64-bit edition)<br \/>\nMicrosoft Office 2019 for 32-bit editions<br \/>\nMicrosoft Office 2019 for 64-bit editions<br \/>\nMicrosoft Office 2019 for Mac<br \/>\nMicrosoft Office LTSC 2021 for 32-bit editions<br \/>\nMicrosoft Office LTSC 2021 for 64-bit editions<br \/>\nMicrosoft Office LTSC for Mac 2021<br \/>\nMicrosoft SharePoint Enterprise Server 2013 Service Pack 1<br \/>\nMicrosoft SharePoint Enterprise Server 2016<br \/>\nMicrosoft SharePoint Foundation 2013 Service Pack 1<br \/>\nMicrosoft SharePoint Server 2019<br \/>\nMicrosoft SharePoint Server Subscription Edition<br \/>\nSharePoint Server Subscription Edition Language Pack<br \/>\nMicrosoft Visio 2013 Service Pack 1 (32-bit editions)<br \/>\nMicrosoft Visio 2013 Service Pack 1 (64-bit editions)<br \/>\nMicrosoft Visio 2016 (32-bit edition)<br \/>\nMicrosoft Visio 2016 (64-bit edition)<br \/>\nVisual Studio 2022 for Mac version 17.3<br \/>\nVisual Studio Code<br \/>\n.NET 6.0<br \/>\n.NET Core 3.1<br \/>\nMicrosoft .NET Framework 2.0 Service Pack 2<br \/>\nMicrosoft .NET Framework 3.0 Service Pack 2<br \/>\nMicrosoft .NET Framework 3.5<br \/>\nMicrosoft .NET Framework 3.5 AND 4.6.2\/4.7\/4.7.1\/4.7.2<br \/>\nMicrosoft .NET Framework 3.5 AND 4.7.2<br \/>\nMicrosoft .NET Framework 3.5 AND 4.8<br \/>\nMicrosoft .NET Framework 3.5 AND 4.8.1<br \/>\nMicrosoft .NET Framework 3.5.1<br \/>\nMicrosoft .NET Framework 4.6<br \/>\nMicrosoft .NET Framework 4.6\/4.6.1\/4.6.2\/4.7\/4.7.1\/4.7.2<br \/>\nMicrosoft .NET Framework 4.8<br \/>\nMicrosoft .NET Framework 4.8.1<br \/>\nMicrosoft Visual Studio 2019 version 16.11 (includes 16.0 &#8211; 16.10)<br \/>\nMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 &#8211; 16.8)<br \/>\nMicrosoft Visual Studio 2022 version 17.0<br \/>\nMicrosoft Visual Studio 2022 version 17.2<br \/>\nMicrosoft Visual Studio 2022 version 17.3<br \/>\nAV1 Video Extension<br \/>\nRaw Image Extension<br \/>\nAzure ARC<br \/>\nAzure Guest Configuration<br \/>\nMicrosoft Defender for Endpoint for Mac<\/p>\n<p><strong>Similar articles:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2022\/09\/07\/microsoft-office-updates-mit-fix-fr-excel-bug-6-september-2022\/\">Microsoft Office Updates with fix for Excel bug (September 6, 2022)<\/a><strong><br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2022\/09\/13\/microsoft-security-update-summary-13-september-2022\/\">Microsoft Security Update Summary (September 13, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/09\/14\/patchday-windows-10-updates-13-september-2022\/\">Patchday: Windows 10-Updates (September 13, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/09\/14\/patchday-windows-11-server-2022-updates-13-september-2022\/\">Patchday: Windows 11\/Server 2022-Updates (September 13, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/09\/14\/windows-7-server-2008r2-windows-8-1-server-2012r2-updates-13-september-2022\/\">Windows 7\/Server 2008R2; Windows 8.1\/Server 2012R2: Updates (September 13, 2022)<\/a><br \/>\nPatchday: Microsoft Office Updates (September 13, 2022)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]On September 13, 2022, Microsoft released security updates for Windows clients and servers, for Office, etc. &#8211; as well as for other products &#8211; were released. The security updates also eliminate 63 vulnerabilities, 5 of which are critical and one &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/09\/13\/microsoft-security-update-summary-13-september-2022\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,580,1547,22,2],"tags":[125,2740,69,194],"class_list":["post-26530","post","type-post","status-publish","format-standard","hentry","category-office","category-security","category-software","category-update","category-windows","tag-office","tag-patchday-9-2022","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/26530","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=26530"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/26530\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=26530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=26530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=26530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}