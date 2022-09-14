Microsoft’s latest security update fixes 64 new security flaws, including a zero-day vulnerability that has been actively exploited in the wild, The Hacker News reports.

Five of the 64 flaws are rated critical, while 57 are considered important. The remaining two vulnerabilities are rated as moderate to low in severity.

The zero-day vulnerability, designated CVE-2022-37969, has been exploited in the wild and relates to a privilege escalation flaw impacting the Windows Common Log File System driver.

It received a common vulnerability scoring system (CVSS) score of 7.8, and malicious actors could exploit the vulnerability to gain System privileges, provided they already have access to the device.

“An attacker must already have access and the ability to run code on the target system,” Microsoft said.

“This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system.”

Other critical vulnerabilities include:

CVE-2022-34718 — Windows TCP/IP remote code execution vulnerability (CVSS: 9.8)

CVE-2022-34721 — Windows internet key exchange (IKE) protocol extensions remote code execution vulnerability (CVSS: 9.8)

CVE-2022-34722 — Windows IKE protocol extensions remote code execution vulnerability (CVSS: 9.8)

CVE-2022-34700 — Microsoft Dynamics 365 (on-premises) remote code execution vulnerability (CVSS: 8.8)

CVE-2022-35805 — Microsoft Dynamics 365 (on-premises) remote code execution vulnerability (CVSS: 8.8)

According to the director of vulnerability and threat research at Qualys, Bharat Jogi, Microsoft is on track to patch more common vulnerabilities and exposures (CVEs) this year than it had to in 2021.

“In terms of CVEs released, this Patch Tuesday may appear on the lighter side in comparison to other months,” The Hacker News quoted Jogi as saying.

“However, this month hit a sizable milestone for the calendar year, with [Microsoft] having fixed the 1000th CVE of 2022 — likely on track to surpass 2021 which patched 1,200 CVEs in total.”

