Microsoft on Tuesday released fixes to eliminate 64 new security flaws across its software lineup, including a zero-day flaw that has been actively exploited in real-world attacks.
Of the 64 bugs, five are rated critical, 57 are rated important, one is rated moderate, and one is rated low in severity. Microsoft earlier this month addressed 16 vulnerabilities in its Chromium-based Edge browser as well as patches.
The actively exploited vulnerability in question is CVE-2022-37969 (CVSS score: 7.8), a privilege escalation flaw affecting the Windows Common Log File System (CLFS) driver, which could allow an adversary to gain system privileges already compromised. wealth
“An attacker must already have access and the ability to execute code on the target system. This technique does not allow remote code execution in cases where the attacker does not already have that ability on the target system,” Microsoft said in an advisory.
critical flaws of notice are as follows –
- CVE-2022-34718 (CVSS rating: 9.8) – Windows TCP/IP Distant Code Execution Vulnerability
- CVE-2022-34721 (CVSS rating: 9.8) – Windows Internet Crucial Trade (IKE) Protocol Extensions Remote Code Execution Vulnerability
- CVE-2022-34722 (CVSS score: 9.8) – Windows Internet Important Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
- CVE-2022-34700 (CVSS score: 8.8) – Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
- CVE-2022-35805 (CVSS score: 8.8) – Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Finally, the raft of security updates includes a fix released by chipmaker Arm for a speculative execution vulnerability called Branch History Injection or Spectro-BHB (CVE-2022-23960) that was released earlier this March.