Threat Signal Report

Microsoft Patch Tuesday Fixed Vulnerability (CVE-2022-34718) More Likely To Be Exploited

description-logo Description

Microsoft has released 63 security patches for this month's September 2022 release. One of the fixes is for CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability). Rated critical and deemed "exploitation more likely" by Microsoft, successful exploitation of the vulnerability allows a remote unauthenticated attacker o run code on the vulnerable machine. This has a CVSS score of 9.8.



Why is this Significant?

This is significant because CVE-2022-34718 ((Windows TCP/IP Remote Code Execution Vulnerability) is a remote code execution vulnerability that is considered "exploitation more likely" by Microsoft as such a fix should be applied as soon as possible. This has a CVSS score of 9.8 out of 10 and is rated critical by Microsoft.


Systems with the IPSec service is running are vulnerable to CVE-2022-34718. Systems with IPv6 disabled are not affected.



Is CVE-2022-34718 being Exploited in the Wild?

No, the vulnerability has not been observed nor reported as being exploited in the wild.



Is there Any Other Vulnerability in the September Patch Tuesday that Requires Attention?

Microsoft also released a patch for a local privilege escalation vulnerability that affects Windows Common Log File System Driver (CVE-2022-37969). Exploitation of this vulnerability does not require any user interaction; however an attacker needs to have access to the target's system to carry out the attack. This has a CVSS score of 7.8 and is rated important.



Is CVE-2022-37969 being Exploited in the Wild?

According to the advisory released by Microsoft, CVE-2022-37969 was exploited as a zero-day as such a fix should be applied as soon as possible.



Has Microsoft Released a Patch for CVE-2022-34718 and CVE-2022-37969?

Yes, Microsoft has released a patch for CVE-2022-34718 and CVE-2022-37969 on September 13th, 2022 as part of regular MS Tuesday for the month.



What is the Status of Coverage?

FortiGuard Labs has released the following IPS signature in response to CVE-2022-34718 (available from version 22.393):


MS.Windows.TCP.IP.CVE-2022-34718.Remote.Code.Execution (default action set to "pass")


Currently there is no sufficient information available for CVE-2022-37969 that allows FortiGuard Labs to develop coverage. We are monitoring the situation and will investigate coverage when information becomes available.


Definitions

Traffic Light Protocol

Color When Should it Be used? How may it be shared?

TLP: RED

Not for disclosure, restricted to participants only.
Sources may use TLP:RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party's privacy, reputation, or operations if misused. Recipients may not share TLP:RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting. In most circumstances, TLP:RED should be exchanged verbally or in person.

TLP: AMBER

Limited disclosure, restricted to participants’ organizations.
Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may only share TLP:AMBER information with members of their own organization, and with clients or customers who need to know the information to protect themselves or prevent further harm. Sources are at liberty to specify additional intended limits of the sharing: these must be adhered to.

TLP: GREEN

Limited disclosure, restricted to the community.
Sources may use TLP:GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector. Recipients may share TLP:GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely within a particular community. TLP:GREEN information may not be released outside of the community.

TLP: WHITE

Disclosure is not limited.
Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.