13 września 2022 r. firma Microsoft opublikowała aktualizacje zabezpieczeń, które usuwają luki w wielu produktach. Pięć z 63 luk naprawionych we wrześniowej aktualizacji zostało sklasyfikowanych jako „Krytyczna”, ponieważ umożliwiają one zdalne wykonanie kodu, jednego z najpoważniejszych rodzajów luk. Wtorkowa łata w tym miesiącu naprawia dwie publicznie ujawnione luki dnia zerowego, z których jedna jest aktywnie wykorzystywana w atakach.
Aktywnie wykorzystywana luka zero-day, naprawiona dzisiaj, jest śledzona jako „CVE-2022-37969 — luka w zabezpieczeniach systemu Windows Common Log File System Driver Elevation of Privilege”.
Atakujący, który z powodzeniem wykorzysta tę lukę, może uzyskać uprawnienia SYSTEMOWE
Poniżej znajduje się pełna lista usuniętych luk w zabezpieczeniach i wydanych porad we wtorkowych aktualizacjach łatki z września 2022 r.
| Tag | Numer CVE | Opis | Krytyczność |
| .NET and Visual Studio | CVE-2022-38013 | .NET Core and Visual Studio Denial of Service Vulnerability | Ważna |
| .NET Framework | CVE-2022-26929 | .NET Framework Remote Code Execution Vulnerability | Ważna |
| Azure Arc | CVE-2022-38007 | Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability | Ważna |
| Cache Speculation | CVE-2022-23960 | Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability | Ważna |
| HTTP.sys | CVE-2022-35838 | HTTP V3 Denial of Service Vulnerability | Ważna |
| Microsoft Dynamics | CVE-2022-35805 | Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | Krytyczna |
| Microsoft Dynamics | CVE-2022-34700 | Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | Krytyczna |
| Microsoft Edge (Chromium-based) | CVE-2022-3053 | Chromium: CVE-2022-3053 Inappropriate implementation in Pointer Lock | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3047 | Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions API | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3054 | Chromium: CVE-2022-3054 Insufficient policy enforcement in DevTools | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3041 | Chromium: CVE-2022-3041 Use after free in WebSQL | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3040 | Chromium: CVE-2022-3040 Use after free in Layout | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3046 | Chromium: CVE-2022-3046 Use after free in Browser Tag | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3039 | Chromium: CVE-2022-3039 Use after free in WebSQL | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3045 | Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8 | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3044 | Chromium: CVE-2022-3044 Inappropriate implementation in Site Isolation | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3057 | Chromium: CVE-2022-3057 Inappropriate implementation in iframe Sandbox | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3075 | Chromium: CVE-2022-3075 Insufficient data validation in Mojo | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3058 | Chromium: CVE-2022-3058 Use after free in Sign-In Flow | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3038 | Chromium: CVE-2022-3038 Use after free in Network Service | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3056 | Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security Policy | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-3055 | Chromium: CVE-2022-3055 Use after free in Passwords | Nieznana |
| Microsoft Edge (Chromium-based) | CVE-2022-38012 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Niska |
| Microsoft Graphics Component | CVE-2022-37954 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Ważna |
| Microsoft Graphics Component | CVE-2022-38006 | Windows Graphics Component Information Disclosure Vulnerability | Ważna |
| Microsoft Graphics Component | CVE-2022-34729 | Windows GDI Elevation of Privilege Vulnerability | Ważna |
| Microsoft Graphics Component | CVE-2022-34728 | Windows Graphics Component Information Disclosure Vulnerability | Ważna |
| Microsoft Graphics Component | CVE-2022-35837 | Windows Graphics Component Information Disclosure Vulnerability | Ważna |
| Microsoft Office | CVE-2022-37962 | Microsoft PowerPoint Remote Code Execution Vulnerability | Ważna |
| Microsoft Office SharePoint | CVE-2022-35823 | Microsoft SharePoint Remote Code Execution Vulnerability | Ważna |
| Microsoft Office SharePoint | CVE-2022-38009 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Ważna |
| Microsoft Office SharePoint | CVE-2022-38008 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Ważna |
| Microsoft Office SharePoint | CVE-2022-37961 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Ważna |
| Microsoft Office Visio | CVE-2022-37963 | Microsoft Office Visio Remote Code Execution Vulnerability | Ważna |
| Microsoft Office Visio | CVE-2022-38010 | Microsoft Office Visio Remote Code Execution Vulnerability | Ważna |
| Microsoft Windows ALPC | CVE-2022-34725 | Windows ALPC Elevation of Privilege Vulnerability | Ważna |
| Microsoft Windows Codecs Library | CVE-2022-38011 | Raw Image Extension Remote Code Execution Vulnerability | Ważna |
| Microsoft Windows Codecs Library | CVE-2022-38019 | AV1 Video Extension Remote Code Execution Vulnerability | Ważna |
| Network Device Enrollment Service (NDES) | CVE-2022-37959 | Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability | Ważna |
| Role: DNS Server | CVE-2022-34724 | Windows DNS Server Denial of Service Vulnerability | Ważna |
| Role: Windows Fax Service | CVE-2022-38004 | Windows Fax Service Remote Code Execution Vulnerability | Ważna |
| SPNEGO Extended Negotiation | CVE-2022-37958 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability | Ważna |
| Visual Studio Code | CVE-2022-38020 | Visual Studio Code Elevation of Privilege Vulnerability | Ważna |
| Windows Common Log File System Driver | CVE-2022-35803 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Ważna |
| Windows Common Log File System Driver | CVE-2022-37969 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Ważna |
| Windows Credential Roaming Service | CVE-2022-30170 | Windows Credential Roaming Service Elevation of Privilege Vulnerability | Ważna |
| Windows Defender | CVE-2022-35828 | Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability | Ważna |
| Windows Distributed File System (DFS) | CVE-2022-34719 | Windows Distributed File System (DFS) Elevation of Privilege Vulnerability | Ważna |
| Windows DPAPI (Data Protection Application Programming Interface) | CVE-2022-34723 | Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability | Ważna |
| Windows Enterprise App Management | CVE-2022-35841 | Windows Enterprise App Management Service Remote Code Execution Vulnerability | Ważna |
| Windows Event Tracing | CVE-2022-35832 | Windows Event Tracing Denial of Service Vulnerability | Ważna |
| Windows Group Policy | CVE-2022-37955 | Windows Group Policy Elevation of Privilege Vulnerability | Ważna |
| Windows IKE Extension | CVE-2022-34722 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | Krytyczna |
| Windows IKE Extension | CVE-2022-34720 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Ważna |
| Windows IKE Extension | CVE-2022-34721 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | Krytyczna |
| Windows Kerberos | CVE-2022-33647 | Windows Kerberos Elevation of Privilege Vulnerability | Ważna |
| Windows Kerberos | CVE-2022-33679 | Windows Kerberos Elevation of Privilege Vulnerability | Ważna |
| Windows Kernel | CVE-2022-37964 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
| Windows Kernel | CVE-2022-37956 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
| Windows Kernel | CVE-2022-37957 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-30200 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Ważna |
| Windows ODBC Driver | CVE-2022-34726 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Ważna |
| Windows ODBC Driver | CVE-2022-34730 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Ważna |
| Windows ODBC Driver | CVE-2022-34727 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Ważna |
| Windows ODBC Driver | CVE-2022-34732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Ważna |
| Windows ODBC Driver | CVE-2022-34734 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Ważna |
| Windows OLE | CVE-2022-35834 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Ważna |
| Windows OLE | CVE-2022-35835 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Ważna |
| Windows OLE | CVE-2022-35836 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Ważna |
| Windows OLE | CVE-2022-35840 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Ważna |
| Windows OLE | CVE-2022-34733 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Ważna |
| Windows OLE | CVE-2022-34731 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Ważna |
| Windows Photo Import API | CVE-2022-26928 | Windows Photo Import API Elevation of Privilege Vulnerability | Ważna |
| Windows Print Spooler Components | CVE-2022-38005 | Windows Print Spooler Elevation of Privilege Vulnerability | Ważna |
| Windows Remote Access Connection Manager | CVE-2022-35831 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Ważna |
| Windows Remote Procedure Call | CVE-2022-35830 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Ważna |
| Windows TCP/IP | CVE-2022-34718 | Windows TCP/IP Remote Code Execution Vulnerability | Krytyczna |
| Windows Transport Security Layer (TLS) | CVE-2022-35833 | Windows Secure Channel Denial of Service Vulnerability | Ważna |
| Windows Transport Security Layer (TLS) | CVE-2022-30196 | Windows Secure Channel Denial of Service Vulnerability | Ważna |
