It’s the second Tuesday of the month, which means Microsoft Windows has started rolling out the latest set of security fixes. This Patch Tuesday, there’s another Windows zero-day vulnerability already being exploited by attackers, Microsoft Windows has confirmed. Users are advised to apply the security updates as soon as possible.
In total, some 63 security vulnerabilities have been identified and patched this month. Of these, five are flagged as critical and one has been confirmed as already actively exploited by threat actors: CVE-2022-37969
What is CVE-2022-37969?
CVE-2022-3796 has a severity rating of 7.8 and impacts Windows versions from 7 right up to 11 as well as Microsoft Windows Server 2008 and 2012.
This is an elevation of privilege vulnerability in the Microsoft Windows Common Log File System. Microsoft Windows has confirmed that a successful attack could gain system privileges to take control of the machine and that exploit code is available in the wild.
Although exploiting CVE-2022-37969 requires access to the target system, and the ability to run code upon it, lowers the risk, it doesn’t mitigate it to anything approaching zero. A threat actor will likely use malware that exploits a different vulnerability or a simple ‘malicious link click’ phishing attack to achieve this access.
Mike Walters, a cybersecurity executive at Action1, says that “since the vulnerability has low complexity and requires no user interaction, an exploit will likely soon be in the arsenal of both white hats and black hats.” It is therefore highly recommended that you patch this sooner rather than later. “Microsoft Windows credits four different agencies reporting this bug,” Dustin Childs of the Zero Day Initiative says, “so it’s likely beyond just targeted attacks.”
Other vulnerabilities of note this Patch Tuesday
Mike Walters highlights three critical vulnerabilities as further cause for concern. “CVE-2022-34722 and CVE-2022-34721 are both called Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability, and both have a CVSS score of 9.8, making them critical vulnerabilities. They both have low complexity for exploitation and allow threat actors to perform the attack with no user interaction.”
But it’s CVE-2022-34724, a Windows TCP/IP Remote Code Execution Vulnerability that Walters says is more likely to be exploited. “It is a network attack with low complexity, but it affects only systems that are running the IPsec service, so if a system doesn’t need the IPsec service, disable it as soon as possible,” he concludes, “this vulnerability can be exploited in supply chain attacks where contractor and customer networks are connected by an IPsec tunnel. If you have IPsec tunnels in your Windows infrastructure, this update is a must-have.”