Head Nerds
Administración de parches
Seguridad

Patch Tuesday September 2022: Spectre-BHB on ARM but fewer total fixes

September’s Microsoft Patch Tuesday release brings fewer total fixes than previous months—just 64, with six marked as Critical and the rest as Important. That should put applying all Microsoft patches released this month, including cumulative updates, comfortably within established patching windows. The only vulnerability under active exploitation is an elevation of privilege, CVE-2022-37969, which could allow an attacker to run as SYSTEM. That should put it toward the top of any prioritization lists. 

Microsoft Vulnerabilities 

The lower number of total Microsoft fixes released, with no standout celebrity vulnerabilities, should take the pressure off teams responsible for applying patches this month. So, you should perhaps consider using this month’s hopefully lower patching workload to audit your environments and make sure nothing has fallen off the radar and has not been getting appropriate updates. 

Also, we have a Windows 11 for ARM64-based systems receiving a fix for CVE-2022-23960. Referred to as Spectre-BHB this is a cache speculation vulnerability affecting ARM CPUs. If the Spectre name is familiar it’s because this is similar to Spectre from 2018.

Related Product

N‑central

Manage large networks or scale IT operations with RMM made for growing service providers.

Microsoft Patch Tuesday Vulnerability Prioritization

There were only Critical and Important updates released for Patch Tuesday this month so they should be in your respective ‘approved, awaiting install’ list. The only zero-day for the month, CVE-2022-37969 Windows Common Log File System Driver, is an elevation of privilege vulnerability that can allow an attacker SYSTEM privileges. The likelihood of exploitation though is a little muted as it requires an attacker to already have a foothold on a Windows endpoint. However, it should still be on the top of your list. 

The six ‘Exploitation More Likely’ vulnerabilities listed below should also get some level of prioritization, even though some of them are only marked as Important. Of minor note are two Windows Common Log File System Driver elevation of privilege vulnerabilities, the aforementioned CVE-2022-37969 that is under active exploitation and CVE-2022-35803, which is marked as ‘Exploitation More Likely’, should both be addressed.

 

CVE

Description

Exploitability

Microsoft Severity

CVE-2022-37969

Windows Common Log File System Driver EoP

Exploitation Detected

Important

CVE-2022-35805

Microsoft Dynamics CRM (on-premises) RCE

Exploitation Less Likely

Critical

CVE-2022-34700

Microsoft Dynamics CRM (on-premises) RCE

Exploitation Less Likely

Critical

CVE-2022-34721

Windows Internet Key Exchange (IKE) Protocol Extensions RCE

Exploitation Less Likely

Critical

CVE-2022-34722

Windows Internet Key Exchange (IKE) Protocol Extensions RCE

Exploitation Less Likely

Critical

CVE-2022-34718

Windows TCP/IP RCE

Exploitation More Likely

Critical

CVE-2022-35803

Windows Common Log File System Driver EoP

Exploitation More Likely

Important

CVE-2022-34725

Windows ALPC EoP

Exploitation More Likely

Important

CVE-2022-34729

Windows GDI EoP

Exploitation More Likely

Important

CVE-2022-37954

DirectX Graphics Kernel EoP

Exploitation More Likely

Important

CVE-2022-37957

Windows Kernel Elevation of Privilege Vulnerability

Exploitation More Likely

Important

CVE-2022-23960

Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability

Exploitation Less Likely

Important

Cumulative Updates

The cumulative updates were released for current builds of Windows 10 with KB5017308, Windows 10 version 1809 and Windows Server 2019 with KB5017315, and KB5017328 for Windows 11. Containing the usual rollup of fixes from previous months and including Servicing Stack Updates in the CU, these should be these easy to rollout, with the exception of KB5017328. If you have out-of-date systems needing this CU you may need to apply KB5005112 before installing.

Known Complications of Note

There are no major complications being reported as of print. 

Other Vendors

Apple released its third zero-day fix in the past two months on September 12th, 2022. You can read more on CVE-2022-32917 here. It appears to be under active exploitation according to Apple, with recommendations being immediate upgrade to iOS 15.7 and iPadOS 15.7.

Summary

As always make sure you have established patching processes for evaluation, testing, and pushing into production. If you have traditionally only dealt with patches by applying them based on their severity consider including prioritization of patches for Zero-Days, Exploitation Detected and, Exploitation More Likely vulnerabilities in your Patch Management routines. 

Looking for more information on Patch Management? Check out this section on our blog.

Lewis Pope is the Head Security Nerd at N‑able. You can follow him on Twitter: @cybersec_nerd

LinkedIn: thesecuritypope

Twitch: cybersec_nerd

© N‑able Solutions ULC y N‑able Technologies Ltd. Todos los derechos reservados.

Este documento solo se proporciona con fines informativos. No debe utilizarse para obtener orientación legal. N‑able no ofrece ninguna garantía, implícita o explícita, ni asume ninguna responsabilidad legal o jurídica por la exactitud, integridad o utilidad de cualquier información contenida en este documento.

N-ABLE, N-CENTRAL y otras marcas comerciales y logotipos de N‑able son propiedad exclusiva de N‑able Solutions ULC y N‑able Technologies Ltd., y pueden ser marcas sujetas al derecho anglosajón, estar registradas o pendientes de registro en la Oficina de Patentes y Marcas de Estados Unidos o en otros países. El resto de marcas comerciales mencionadas en este documento solo se utilizan con fines de identificación y son marcas comerciales (o marcas comerciales registradas) de sus respectivas empresas.