Microsoft’s Latest Security Update Fixes 64 New Flaws, Including a Zero-Day

Microsoft on Tuesday released fixes to eliminate 64 new security flaws across its software lineup, including a zero-day flaw that has been actively exploited in real-world attacks.

Of the 64 bugs, five are rated critical, 57 are rated important, one is rated moderate, and one is rated low in severity. Microsoft earlier this month addressed 16 vulnerabilities in its Chromium-based Edge browser as well as patches.

The actively exploited vulnerability in question is CVE-2022-37969 (CVSS score: 7.8), a privilege escalation flaw affecting the Windows Common Log File System (CLFS) driver, which could allow an adversary to gain system privileges already compromised. wealth

“An attacker must already have access and the ability to execute code on the target system. This technique does not allow remote code execution in cases where the attacker does not already have that ability on the target system,” Microsoft said in an advisory.

critical flaws of notice are as follows –

• CVE-2022-34718 (CVSS rating: 9.8) – Windows TCP/IP Distant Code Execution Vulnerability
• CVE-2022-34721 (CVSS rating: 9.8) – Windows Internet Crucial Trade (IKE) Protocol Extensions Remote Code Execution Vulnerability
• CVE-2022-34722 (CVSS score: 9.8) – Windows Internet Important Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
• CVE-2022-34700 (CVSS score: 8.8) – Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
• CVE-2022-35805 (CVSS score: 8.8) – Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability

Finally, the raft of security updates includes a fix released by chipmaker Arm for a speculative execution vulnerability called Branch History Injection or Spectro-BHB (CVE-2022-23960) that was released earlier this March.

Other notable bugs

• CVE-2022-34724 – Windows DNS Server Denial of Service Vulnerability
• CVE-2022-3075 – Chromium: CVE-2022-3075 Insufficient data validation in Mojo
• CVE-2022-37956, CVE-2022-37957 and CVE-2022-37964 –  Windows Kernel Elevation of Privilege Vulnerability