Virtual Administrator’s September 2022 Patch Recommendations
This month Microsoft released patches for 63 vulnerabilities with 5 rated “Critical” in severity.
All patches will be approved in our patch policy.
Fewer patches this month but some of the vulnerabilities patched are significant.
- CVE-2022-37969 is a Elevation of Privilege (EoP) zero-day flaw in the Windows Common Log File System Driver.
- CVE-2022-37969 is being actively exploited and publicly disclosed.
- Another critical patch for CVE-2022-34718 is a Windows TCP/IP remote code execution (RCE) vulnerability.
Only systems with IPv6 enabled and IPSec configured are at risk.
- CVE-2022-34721/CVE-2022-34722 are critical RCE vulnerabilities with Windows Internet Key Exchange (IKE) Protocol Extensions which can be classified as “wormable,” but only systems with IPSec enabled.
- A few known issues with the SharePoint Server patches and problems with Chile’s DST change – see Known Issues below. Three new SSUs for Windows 7/8.1/10v1607 and Server 2008R2/2012R2/2016.
Disclosed: CVE-2022-23960, CVE-2022-37969
Exploited: CVE-2022-37969
Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
Microsoft Security Advisories
ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:09/13/2022)
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
Reason for Revision: A Servicing Stack Update has been released for Windows 7/8.1/10v1607 and Server 2008R2/2012R2/2016.
Known Issues
A couple known issues are listed below affecting SharePoint and machines using Chilean time zone.
** SharePoint Server Known Issues
“Web Part Pages Web Service methods may be blocked / Document Generation capability in Nintex Workflow”
Affects:
- KB5002142
- KB5002159
- KB5002257
- KB5002258
- KB5002267
- KB5002269
- KB5002270
- KB5002271
Web Part Pages Web Service methods may be blocked after applying the September 2022 security update for SharePoint Server (KB5017733)
Unable to publish or run workflows with Document Generation action
Symptom: Some Web Part Pages Web Service methods may be affected after you apply the September 2022 security update. For more information, see Web Part Pages Web Service methods may be blocked after applying the September 2022 security update for SharePoint Server (KB5017733).
Symptom: This security update introduces a change in SharePoint Server that will affect customers who use the Document Generation capability in Nintex Workflow. Nintex Workflow customers must take additional action after this security update is installed to make sure that workflows can be published and run. For more information, see https://go.microsoft.com/fwlink/?LinkId=2206156. For support for Nintex Workflow, contact Nintex.
“SharePoint 2010 workflow scenarios may be blocked”
Affects:
- KB5002258
- KB5002267
- KB5002269
- KB5002271
SharePoint 2010 workflows may be blocked by enhanced security policy (KB5017760)
Symptom: Some SharePoint 2010 workflow scenarios may be blocked. For more information, see SharePoint 2010 workflows may be blocked by enhanced security policy (KB5017760).
** Chilean government moved DST from September 4 to September 10
Possible issues caused by new Daylight Savings Time in Chile
https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-21h2#2892msgdesc
Problem: Starting at 12:00 A.M. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by the Chilean government about a daylight saving time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.
Workaround: To mitigate this issue, please see Possible issues caused by new Daylight Savings Time in Chile (https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1#2892msgdesc).
Status: We plan to release an update to support this change; however, there might be insufficient time to properly build, test, and release such an update before the change goes into effect. Please use the workaround above.
Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.
Windows release health
https://docs.microsoft.com/en-us/windows/release-health/
Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB5017361 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5017367 – Windows 8.1, Windows Server 2012 R2
- KB5017370 – Windows Server 2012
- KB5017358 – Windows Server 2008 (ESU)
Security Only Update
- KB5017373 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5017365 – Windows 8.1, Windows Server 2012 R2
- KB5017377 – Windows Server 2012
- KB5017371 – Windows Server 2008 (ESU)
Cumulative Updates
Windows 10
- KB5017327 – Original release version 1507 (OS Build 10240)
- KB5017305 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB5017315 – Version 1809 “October 2018 Update” (OS Build 17763)
- KB5017308 – Version 20H2 “October 2020 Update” (OS Build 19042)
- KB5017308 – Version 21H1 “May 2021 Update” (OS Build 19043)
- KB5017308 – Version 21H2 “November 2021 Update” (OS Build 19044)
- (Versions 1511,1703,1709,1803,1903,2004 are no longer under support)
Windows 11
- KB5017328 – Original release (OS Build 22000)
Windows Server
- KB5017305 – Server 2016 (same KB as Windows 10 Version 1607)
- KB5017315 – Server 2019 (same KB as Windows 10 Version 1809)
- KB5017316 – Server 2022 (OS Build 20348)
September 2022 updates for Microsoft Office
Notable CVEs
CVE-2022-23960 | Cache Speculation Restriction Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23960
CVE-2022-34700 / CVE-2022-35805 | Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability (KB5017226,KB5017524)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34700
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35805
– An authenticated user could run a specially crafted trusted solution package to execute arbitrary SQL commands. From there the attacker could escalate and execute commands as db_owner within their Dynamics CRM database.
CVE-2022-34718 | Windows TCP/IP Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34718
– An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.
CVE-2022-34721 / CVE-2022-34722 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34721
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34722
– An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation.
CVE-2022-37969 | Windows Common Log File System Driver Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969
– An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.