A Windows zero-day and a "wormable" vulnerability topped the list of concerns for administrators on September Patch Tuesday.
In total, Microsoft released corrections for 63 CVEs, with five rated critical. Admins should focus on patching systems vulnerable to a Windows zero-day (CVE-2022-37969) in the common log file system driver that affects most Windows desktop and server systems, including the Windows 7 and Windows 2008/2008R2 OSes that continue to get patches via the Extended Security Updates (ESU) program. This bug is rated important and had been publicly disclosed.
A threat actor needs both access to the network and privileges to execute code. After a successful exploit of the vulnerability, the attacker could gain system privileges. This bug could be the last piece in the puzzle of an advanced persistent threat scenario for an attacker overtaking a system. Microsoft's details on this CVE provide some context that should motivate administrators to push out the patches immediately.
"If you look at the acknowledgments for this vulnerability, there are four different groups that were cited. To me, that says this was not one targeted attack. This was multiple vendors who have possibly detected similar attacks by the same exploit," said Chris Goettl, vice president of product management for security products at Ivanti, an IT asset and endpoint management company.
Organizations that have systems on the ESU program should be aware of the approaching end date in January 2023 and put together a migration plan. Otherwise they will be exposed to threats after the support deadline. Customers who migrate Server 2008/2008 R2 workloads to Azure can stretch the support lifecycle to January 2024.
A Windows TCP/IP remote code execution flaw (CVE-2022-34718) rated critical has one of the highest Common Vulnerability Scoring System (CVSS) ratings this month at 9.8. The bug affects all supported Windows desktop and server systems that use IPv6 on an IPSec node and requires no user interaction or privileges. The nature of the vulnerability means it could be engineered to hunt down and infect systems that listen for a type of TCP/IP traffic.
"Organizations that have turned on IPv6 should be taking this seriously because of the wormable nature, even if they're not utilizing IPv6 right now," Goettl said. "If they have enabled it, then it's listening. If this request is sent around, then there's a good chance somebody could exploit this."
Microsoft fixed a cache speculation restriction vulnerability (CVE-2022-23960) rated important for Windows 11 on 64-bit ARM systems. The bug was publicly disclosed before September Patch Tuesday.
The vulnerability is known as Spectre-BHB and shares some of the hallmarks of the Spectre variant 2 vulnerabilities that "cause cache allocation, which can then be used to infer information that should not be accessible," according to the ARM developer site.
Administrators still smarting from the troubles that spawned from the PrintNightmare vulnerability should be on guard for CVE-2022-38005, a Windows print spooler elevation-of-privilege flaw that affects all Windows systems. The solitary nature of this specific vulnerability shouldn't lull IT pros into thinking they can delay patching. An attacker who pulls off a successful exploit can get system privileges.
Goettl said most organizations that have suffered through multiple print spooler problems should develop a battery of tests to ensure proper printing functionality after applying patches.
An Azure Guest Configuration and Azure Arc-enabled servers elevation-of-privilege vulnerability (CVE-2022-38007) focuses on Linux platforms and has a CVSS rating of 7.8. Attackers could use the flaw to swap out Microsoft's code with their own. Proof-of-concept exploit code exists, but Microsoft gives this CVE an exploitability assessment of "exploitation less likely."
As Linux gains prominence in Microsoft-based organizations and more configuration-level vulnerabilities in Azure arise, the need for a consistent way to support these products will also increase.
"There's going to have to be some tooling to help admins be able to tackle some of those challenges more effectively," Goettl said.
An extension of the Azure DevOps service, Azure Artifacts can help developers manage and share packages to streamline the overall...
Oracle is allowing its database users to access those services on rival clouds, while aggressively pursuing AWS customers in ...
AWS Glue and Azure Data Factory have key differences despite being similar services. Learn which best suits your organization's ...
A factory reset may be necessary when a device has performance issues or is set to go to a new user. IT can execute this process ...
Businesses have delayed and reduced their desktop and laptop orders from HP and Dell, executives reported. The PC market has ...
The shift to Chromium has improved several aspects of Microsoft's Edge browser -- from privacy settings to reliability.
VMware has improved Horizon Cloud and added features to Workspace One UEM. It also plans to launch a managed virtual desktop ...
Without a solid connection, remote desktops simply cannot function. When there are remote desktop connection issues, IT ...
Citrix performance issues can be difficult to deal with. Fortunately, there are ways to prevent and troubleshoot them using ...
All Rights Reserved, Copyright 2000 - 2022, TechTarget Privacy Policy Cookie Preferences Do Not Sell My Personal Info