- Microsoft has landed its traditional Patch Tuesday updates for its products, delivering a total of 64 security patches.
- 5 of those 63 patches fix the critical vulnerabilities in Microsoft Dynamics 365, Windows Internet Key Exchange Protocol Extensions, and Windows TCP/IP.
- One vulnerability that exists on Windows Common Log File System Driver is being exploited and has a CVSS score of 7.8.
September’s Patch Tuesday arrives, and Microsoft delivers patches for a total of 63 vulnerabilities in addition to 16 in the Edge browser. Those patches fix the vulnerabilities in Windows, Windows components, Azure, Azure Arc, .Net, Visual Studio, .NET Framework, Microsoft Edge, Office, Office components, and Windows Defender.
Only one exploited vulnerability
Microsoft Dynamics 365 has two separate vulnerabilities, both of them have CVSS scores of 8.8, allowing remote code execution. Those vulnerabilities can be tracked as CVE-2022-34700 and CVE-2022-35805.
In the last month’s Patch Tuesday, Microsoft has patched 121 vulnerabilities
Windows Internet Key Exchange Protocol Extensions has also two critical vulnerabilities rated at 9.8, which can be tracked as CVE-2022-34721 and CVE-2022-34722. The last critical vulnerability that is fixed in the Patch Tuesday patches is CVE-2022-34718; a remote code execution vulnerability on Windows TCP/IP.
CVE-2022-37969 is an escalation of privilege vulnerability in Windows Common Log File System Driver, which is currently public and being actively exploited. It has a CVSS score of 7.8; it requires the attacker to have an access to the system and run commands on it to further escalate its privileges.
You can see the full list of the patched vulnerabilities here