Microsoft warned against zero day exploitation of a critical vulnerability in its Windows platform. The fix was released in the September batch of Microsoft Patch Tuesday.

Diving into details

  • The Microsoft zero day vulnerability is tracked as CVE-2022-37969, which was abused in an exploit chain associated with limited, targeted attacks.
  • The flaw is rated 7.8 out of 10 on the CVSS scale.
  • Successful exploitation of the vulnerability can enable a threat actor to gain system privileges.
  • However, the technique doesn’t allow for RCE if they don’t have access to the target system.

Microsoft Patch Tuesday

  • This patch covers at least 64 new bugs in Windows and OS components, consisting of RCE flaws in Dynamics CRM, Office and Office components, SharePoint, Chromium-based Microsoft Edge, and Windows Defender.
  • The InDesign update was the largest patch with eight critical-rated and 10 important-rated vulnerabilities.
  • The patch for Photoshop came with 10 CVEs, nine of which are critical-rated. 
  • Furthermore, Adobe Animate received patches for two critical-rated code execution flaws.

The bottom line

Zero day exploitation has reached a record high and remains popular among cybercriminals. While the tech giant released a patch for CVE-2022-37969 Microsoft zero day, it has not released any technical guides on the bug or IOCs for defenders.
Cyware Publisher