Microsoft Security Bulletin Coverage for September 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2022. A list of issues reported, along with SonicWall coverage information, is as follows:
CVE-2022-34718 Windows TCP/IP Remote Code Execution Vulnerability
IPS 15794:Windows TCP/IP Stack RCE (CVE-2022-34718)
CVE-2022-34721 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
IPS 15795:Windows IKE Remote Code Execution (CVE-2022-34721)
CVE-2022-34725 Windows ALPC Elevation of Privilege Vulnerability
ASPY 106:Malformed-File exe.MP_271
CVE-2022-34729 Windows GDI Elevation of Privilege Vulnerability
ASPY 361:Malformed-File exe.MP_272
CVE-2022-35803 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 104:Malformed-File exe.MP_270
CVE-2022-37954 DirectX Graphics Kernel Elevation of Privilege Vulnerability
ASPY 362:Malformed-File exe.MP_273
CVE-2022-37957 Windows Kernel Elevation of Privilege Vulnerability
ASPY 363:Malformed-File exe.MP_274
For preventing CVE-2022-34721 and CVE-2022-34722 attacks SonicWall recommends blocking IKEv1 by
enabling IKEv1 signatures in App Control
For CVE-2022-34718 Microsoft has following mitigation strategies:
- Only systems with the IPSec service running are vulnerable to this attack.
- Systems are not affected if IPv6 is disabled on the target machine
The following vulnerabilities do not have exploits in the wild :
CVE-2022-26928 Windows Photo Import API Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-26929 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30170 Windows Credential Roaming Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-30196 Windows Secure Channel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-30200 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-33647 Windows Kerberos Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33679 Windows Kerberos Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34700 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34719 Windows Distributed File System (DFS) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34720 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-34723 Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34724 Windows DNS Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-34726 Microsoft ODBC Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34727 Microsoft ODBC Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34728 Windows Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34730 Microsoft ODBC Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34731 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34732 Microsoft ODBC Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34733 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34734 Microsoft ODBC Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35805 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35823 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35828 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35830 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35831 Windows Remote Access Connection Manager Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-35832 Windows Event Tracing Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-35833 Windows Secure Channel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-35834 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35835 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35836 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35837 Windows Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-35838 HTTP V3 Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-35840 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35841 Windows Enterprise App Management Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-37955 Windows Group Policy Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-37956 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-37958 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-37959 Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-37961 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-37962 Microsoft PowerPoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-37963 Microsoft Office Visio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-37964 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-37969 Windows Common Log File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-38004 Windows Fax Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-38005 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-38006 Windows Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-38007 Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-38008 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-38009 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-38010 Microsoft Office Visio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-38011 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-38013 .NET Core and Visual Studio Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-38019 AV1 Video Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-38020 Visual Studio Code Elevation of Privilege Vulnerability
There are no known exploits in the wild.
