September’s Patch Tuesday is upon us, giving Microsoft the opportunity to, among other things, fix two zero-day vulnerabilities that are being actively exploited in the wild.
According to the company’s security advisory, the two errors are tracked as CVE-2022-37969 and CVE-2022-23960. The first is a Windows Common Log File System Driver Elevation or Privilege Vulnerability, and allows remote code execution. It has a severity score of 7.8.
“An attacker who successfully exploits this vulnerability could gain SYSTEM privileges,” Microsoft’s advisory warns.
Fix dozens of flaws
The second flaw is described as Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability and it allows an attacker to use the shared branch history in the Branch History Buffer (BHB) to affect mispredicted branches and obtain sensitive information through cache allocation. It has a severity score of 5.6.
In addition to these two vulnerabilities, Microsoft has released a patch (opens in new tab) a total of 61 bugs, excluding the 16 bugs that were fixed in Microsoft Edge prior to the release of this cumulative update. These vulnerabilities included 18 elevation of privilege vulnerabilities, 1 security feature bypass vulnerability, 30 remote code execution vulnerabilities, seven information disclosure vulnerabilities, seven denial of service vulnerabilities, as well as 16 Edge – Chromium vulnerabilities ( excluding the 16 previously mentioned).
Microsoft has had a busy year resolving zero-day vulnerabilities in its tools and services. In early July 2022, it fixed a zero-day found in its Edge browser. Tracked as CVE-2022-2294, it is a very serious heap-based buffer overflow weakness.
A month earlier, in June, the company fixed two flaws that allowed threat actors to run malware on target endpoints (opens in new tab), one in Windows Search and one in Microsoft Office OLEOBject. By using a weaponized Word document, the Search zero-day can be used to automatically open a search window containing remotely hosted malware. This was made possible by the way Windows handles a URI protocol handler called “search-ms”.
Through: BleepingComputer (opens in new tab)