Microsoft warned against zero day exploitation of a critical vulnerability in its Windows platform. The fix was released in the September batch of Microsoft Patch Tuesday.
Diving into details
- The Microsoft zero day vulnerability is tracked as CVE-2022-37969, which was abused in an exploit chain associated with limited, targeted attacks.
- The flaw is rated 7.8 out of 10 on the CVSS scale.
- Successful exploitation of the vulnerability can enable a threat actor to gain system privileges.
- However, the technique doesn’t allow for RCE if they don’t have access to the target system.
Microsoft Patch Tuesday
- This patch covers at least 64 new bugs in Windows and OS components, consisting of RCE flaws in Dynamics CRM, Office and Office components, SharePoint, Chromium-based Microsoft Edge, and Windows Defender.
- The InDesign update was the largest patch with eight critical-rated and 10 important-rated vulnerabilities.
- The patch for Photoshop came with 10 CVEs, nine of which are critical-rated.
- Furthermore, Adobe Animate received patches for two critical-rated code execution flaws.
The bottom line
Zero day exploitation has reached a record high and remains popular among cybercriminals. While the tech giant released a patch for CVE-2022-37969 Microsoft zero day, it has not released any technical guides on the bug or IOCs for defenders.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_334604327.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/4cff_shutterstock_1613302090.jpg)
