September’s Patch Tuesday is upon us, giving Microsoft the opportunity to fix, among other things, two zero-day vulnerabilities being actively exploited in the wild.
As per the company’s security advisory, the two flaws are tracked as CVE-2022-37969, and CVE-2022-23960. The former is a Windows Common Log File System Driver Elevation of Privilege Vulnerability, and it allows for remote code execution. It holds a severity score of 7.8.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft’s advisory warns.
Fixing dozens of flaws
The second flaw is described as Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability and this one allows an attacker to leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches, and obtain sensitive information through cache allocation. It has a severity score of 5.6.
Besides these two vulnerabilities, Microsoft has patched (opens in new tab) a total of 61 flaws, excluding the 16 flaws fixed in Microsoft Edge prior to the release of this cumulative update. These flaws include 18 elevation of privilege vulnerabilities, 1 security feature bypass vulnerability, 30 remote code execution vulnerabilities, seven information disclosure vulnerabilities, seven denial of service vulnerabilities, as well as 16 Edge – Chromium vulnerabilities (excluding the 16 mentioned earlier).
Microsoft has had a busy year fixing zero-day vulnerabilities across its tools and services. In early July 2022, it fixed a zero-day found in its Edge browser. Tracked as CVE-2022-2294, it’s a high-severity heap-based buffer overflow weakness.
A month earlier, in June, the company fixed two flaws that allowed threat actors to run malware on target endpoints (opens in new tab), one in Windows Search, and one in Microsoft Office OLEObject. Through the use of a weaponized Word document, the Search zero-day can be used to automatically open a search window with a remotely hosted malware. This was made possible due to how Windows handles a URI protocol handler called “search-ms”.
Via: BleepingComputer (opens in new tab)