Threat Signal ReportMicrosoft Patch Tuesday Fixed Vulnerability (CVE-2022-34718) More Likely To Be Exploited
Description
Microsoft has released 63 security patches for this month's September 2022 release. One of the fixes is for CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability). Rated critical and deemed "exploitation more likely" by Microsoft, successful exploitation of the vulnerability allows a remote unauthenticated attacker o run code on the vulnerable machine. This has a CVSS score of 9.8.
Why is this Significant?
This is significant because CVE-2022-34718 ((Windows TCP/IP Remote Code Execution Vulnerability) is a remote code execution vulnerability that is considered "exploitation more likely" by Microsoft as such a fix should be applied as soon as possible. This has a CVSS score of 9.8 out of 10 and is rated critical by Microsoft.
Systems with the IPSec service is running are vulnerable to CVE-2022-34718. Systems with IPv6 disabled are not affected.
Is CVE-2022-34718 being Exploited in the Wild?
No, the vulnerability has not been observed nor reported as being exploited in the wild.
Is there Any Other Vulnerability in the September Patch Tuesday that Requires Attention?
Microsoft also released a patch for a local privilege escalation vulnerability that affects Windows Common Log File System Driver (CVE-2022-37969). Exploitation of this vulnerability does not require any user interaction; however an attacker needs to have access to the target's system to carry out the attack. This has a CVSS score of 7.8 and is rated important.
Is CVE-2022-37969 being Exploited in the Wild?
According to the advisory released by Microsoft, CVE-2022-37969 was exploited as a zero-day as such a fix should be applied as soon as possible.
Has Microsoft Released a Patch for CVE-2022-34718 and CVE-2022-37969?
Yes, Microsoft has released a patch for CVE-2022-34718 and CVE-2022-37969 on September 13th, 2022 as part of regular MS Tuesday for the month.
What is the Status of Coverage?
FortiGuard Labs has released the following IPS signature in response to CVE-2022-34718 (available from version 22.393):
MS.Windows.TCP.IP.CVE-2022-34718.Remote.Code.Execution (default action set to "pass")
Currently there is no sufficient information available for CVE-2022-37969 that allows FortiGuard Labs to develop coverage. We are monitoring the situation and will investigate coverage when information becomes available.
Appendix
CVE-2022-34718 (Microsoft)
CVE-2022-37969 (Microsoft)
CVE-2022-34718 (MITRE)
CVE-2022-37969 (MITRE)
MS.Windows.TCP.IP.CVE-2022-34718.Remote.Code.Execution (Fortinet)
