14 DAY TRIAL // Microsoft has released new security updates to resolve no more, no less than 62 vulnerabilities in its software.
But while the number might seem surprising, the number of vulnerabilities being resolved on a Patch Tuesday is actually really low, as it’s a decrease of no more, no less than 50 percent from August.
Furthermore, as Mike Walters, cybersecurity executive and co-founder of Action1, told us, this is the smallest number of vulnerabilities being resolved as part of the monthly Patch Tuesday cycle this year.
Two zero-day flaws targeted this month
One of the vulnerabilities that users and IT admins must keep an eye on is detailed in CVE-2022-37969. And the first thing you should know is that this security flaw is already being exploited in the wild, which means everybody should rush to deploy the updates to prevent any successful exploitation of the bug.
“The actively exploited vulnerability, CVE-2022-37969 or Windows Common Log File System Driver Elevation of Privilege Vulnerability, has a CVSS score of 7.8. This is not the highest possible score because the vulnerability can be exploited only locally; an attacker must already have access to a system and the ability to run code there,” Walters explains.
“An attacker who successfully exploits this vulnerability could gain SYSTEM privileges. No other technical details are available, but since the vulnerability has low complexity and requires no user interaction, an exploit will likely soon be in the arsenal of both white hats and black hats. It’s recommended that you deploy the patch as soon as possible.”
Out of the released patches, “just” five of them come with a critical severity rating, and this once again represents a massive decline (-70 percent) from the previous month. However, two bugs are zero-day vulnerabilities, so once again, IT admins should begin patching their computers as soon as possible.