2022 September Patch Tuesday

Patch Tuesday Webinar
Wednesday, September 14, 2022
Hosted by Chris Goettl and Todd Schell

Agenda
September 2022 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A

Copyright © 2022 Ivanti. All rights reserved.
September Patch Tuesday 2022
The September update from Microsoft resolves 63 security vulnerabilities including one Zero Day vulnerability (CVE-
2022-37969) and one publicly disclosed vulnerability (CVE-2022-23960). This month’s updates affect the Windows
Operating System, Office, Sharepoint, .Net Framework, Windows Defender, and several windows components. There is
a particularly nasty, possibly 'wormable' vulnerability (CVE-2022-34718) in Windows TCPIP that could allow an
unauthenticated attacker to target IPv6 IPSec enabled machines. There is also a Print Spooler vulnerability (CVE-2022-
38005) so prep your pilot groups to verify print functionality as you deploy the OS update this month with some urgency.

In the News
 Apple fixes eight zero day so far in 2022
 Affects iOS and macOS
 https://www.bleepingcomputer.com/news/security/apple-fixes-eighth-zero-day-used-to-hack-iphones-
and-macs-this-year/
 Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability
 Users are recommended to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux
 https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html
 WordPress: Multiple plug-ins being targeted in widespread attacks
 Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability
 https://thehackernews.com/2022/09/hackers-exploit-zero-day-in-wordpress.html
 Firmware bugs in many HP computer models left unfixed for over a year
 https://www.bleepingcomputer.com/news/security/firmware-bugs-in-many-hp-computer-models-left-
unfixed-for-over-a-year/

Known Exploited and Publicly Disclosed Vulnerability
 CVE-2022-37969 Windows Common Log File System Driver Elevation
of Privilege Vulnerability
 CVSS 3.1 Scores: 7.8 / 6.8
 Severity: Important
 Impacts all Windows workstation and server operating systems
 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Publicly Disclosed Vulnerability
 CVE-2022-23960 Cache Speculation Restriction Vulnerability
 CVSS 3.1 Scores: Not yet calculated
 Impacts Windows 11 running on ARM
 This vulnerability is referred to as Spectre-BHB.

Other CVEs of note:
 CVE-2022-34718 Windows TCP/IP Remote Code Execution Vulnerability
 CVSS 3.1 Scores: 9.8
 Severity: Critical
 Impacts all Windows OS versions running IPSec with IPv6 enabled.
 This vulnerability able to be targeted by an unauthenticated attacker meaning this is
potentially “wormable”.
 CVE-2022-38005 Windows Print Spooler Elevation of Privilege Vulnerability
 CVSS 3.1 Scores: 7.8
 Impacts all Windows OS versions
 Break out your printer test list

Microsoft Patch Tuesday Updates of Interest
 Advisory 990001 Latest Servicing Stack Updates (SSU)
 https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
 Windows 7/Server 2008 R2
 Windows 8.1/Server 2012 R2
 Windows 10 Ver 1607/Server 2016
 Azure and Development Tool Updates
 .NET Core 3.1
 .NET 6.0
 Azure ARC
 Azure Guest Connection
 Visual Studio 2019 (multiple)
 Visual Studio 2022 (multiple)
 Visual Studio Code
Source: Microsoft

Basic Authentication Deprecation in Exchange Online
 Service will be disabled October 1
 https://techcommunity.microsoft.com/t5/exchange-team-
blog/basic-authentication-deprecation-in-exchange-online-
september/ba-p/3609437
 First announcement 3 years ago
 Basic authentication subject to man-in-the-middle attacks
 3-month waiver for single service available from Microsoft
 Fully disabled in January 2023

Server 2012/2012 R2 EOL is Coming
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Source: Microsoft

Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
21H2 11/16/2021 6/11/2024
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/9/2023
Windows 10 Home and Pro
21H2 11/16/2021 6/13/2023
21H1 5/18/2021 12/13/2022
Windows Datacenter and Standard Server
2019 11/13/2019 1/9/2024
2022 8/18/2021 10/13/2026
Windows 11 Home and Pro
21H2 10/4/2021 10/10/2023
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/faq/windows

Patch Content Announcements
 Announcements Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

MS22-09-W11: Windows 11 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium
 Description: This security update includes improvements that were a part of update
KB 5016691 (released August 25, 2022). This bulletin references KB 5017328.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and
Information Disclosure
 Fixes 41 Vulnerabilities: CVE-2022-37969 is known exploited and publicly
disclosed. CVE-2022-23960 is publicly disclosed. See the Security Update Guide for
the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slide

September Known Issues for Windows 11
 KB 5017328 – Windows 11
 [XPS Viewer] After installing this update, XPS Viewer might be unable to open XML
Paper Specification (XPS) documents in some non-English languages, including some
Japanese and Chinese character encodings. This issue affects both XML Paper
Specification (XPS) and Open XML Paper Specification (OXPS) files. See KB for
more details. Workaround: None. Microsoft is working on a resolution.
 [Chile Time] The operating system will advance to DST between Sept 4 to Sept 10
per the old algorithm. Chile will move forward on Sept 10 per new rules from their
government. Workaround: Manually reset time using the clock in the control panel.
Microsoft is working on a resolution but did not have time to complete testing for
September release.

MS22-09-W10: Windows 10 Update
 Affected Products: Microsoft Windows 10 Versions 1607, 1809, 2004, 20H2, 21H1,
21H2, Server 2016, Server 2019, Server 2022, Server version 2004, Server version
20H2, Server 21H1 and Edge Chromium
 Description: This bulletin references 6 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege and Information Disclosure
disclosed. See the Security Update Guide for the complete list of CVEs.
 Known Issues: See next slides

September Known Issues for Windows 10
 KB 5017327 – Windows 10
 [Chile Time]
 KB 5017305 – Windows 10, version 1607, Windows Server 2016
 [Chile Time]
 KB 5017315 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019
 [Asian Packs] After installing KB 4493509, devices with some Asian language
packs installed may receive the error, "0x800f0982 -
PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall
and reinstall any recently added language packs or select Check for Updates and
install the April 2019 Cumulative Update. See KB for more recovery details.
Microsoft is working on a resolution.

September Known Issues for Windows 10 (cont)
 KB 5017315 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019 (cont)
 [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.
 [Chile Time]

 KB 5017308 –Windows 10 version 20H2, Windows Server version 20H2,
Windows 10 version 21H1 all editions, Windows 10, version 21H2 all
editions
 [Edge Removed] Devices with Windows installations created from custom offline
media or custom ISO image might have Microsoft Edge Legacy removed by this
update, but not automatically replaced by the new Microsoft Edge. Devices that
connect directly to Windows Update to receive updates are not affected.
Workaround: Slipstream the SSU released March 29, 2021 or later into the custom
offline media or ISO image before slipstreaming the LCU. See KB for details.
 [XPS Viewer]
 [Chile Time]

 KB 5017316 – Windows Server 2022
 [Chile Time]

MS22-09-MR2K8-ESU: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: This cumulative security update contains improvements that are part of
update KB 5016669 (released August 9, 2022). Bulletin is based on KB 5017358.
 Known Issues: [Chile Time]

MS22-09-SO2K8-ESU: Security-only Update for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Bulletin is based on KB 5017371.

MS22-09-MR7-ESU: Monthly Rollup for Win 7
MS22-09-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11
 Description: This cumulative security update contains improvements that are part of update
KB 5016676 (released August 9, 2022). Bulletin is based on KB 5017361.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information
Disclosure
 Fixes 36 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed. See
the Security Update Guide for the complete list of CVEs.

MS22-09-SO7-ESU: Security-only Update for Win 7
MS22-09-SO2K8R2-ESU: Security-only Update for Server 2008 R2
 Affected Products: Microsoft Windows 7 and Server 2008 R2
 Fixes 36 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed.
See the Security Update Guide for the complete list of CVEs.

MS22-09-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Windows Server 2012 and IE
 Description: This cumulative security update contains improvements that are part of update
KB 5016672 (released August 9, 2022). Bulletin is based on KB 5017370.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information
Disclosure

MS22-09-SO8: Security-only Update for Windows Server 2012
 Affected Products: Microsoft Windows Server 2012

MS22-09-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: This cumulative security update includes improvements that are part of update
KB 5016681 (released August 9, 2022) Bulletin is based on KB 5017367.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege and Information Disclosure
NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.

MS22-09-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege and Information Disclosure
 Fixes 38 Vulnerabilities: CVE-2022-37969 is known exploited and publicly disclosed.
See the Security Update Guide for the complete list of CVEs.
NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.

MS22-09-OFF: Security Updates for Microsoft Office
 Maximum Severity: Important
 Affected Products: Office 2013 and 2016, Office 2019 for Mac, and Office 2022
LTSC for Mac
 Description: This security update resolves a Microsoft PowerPoint remote code
execution vulnerability. Consult the Security Update Guide for specific details on each.
This bulletin references 2 KB articles and release notes.
 Impact: Remote Code Execution
 Fixes 1 Vulnerability: No vulnerabilities are publicly disclosed or known exploited.
CVE-2022-37962 is fixed in this release.
 Restart Required: Requires application restart
 Known Issues: None reported

MS22-09-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
 Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
 Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
 Fixes 3 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. CVE-2022-37962, CVE-2022-37963 and CVE-2022-38010 are fixed in this
release.
 Restart Required: Requires application restart

MS22-09-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft
SharePoint Foundation Server 2013, SharePoint Enterprise Server 2013, SharePoint
Enterprise Server 2016, and SharePoint Server 2019
 Description: Fixes an issue in which you may not be able to update resources by
using the client-side object model (CSOM) if a remote event handler is attached to a
resource event, such as Resource Changing. Review the KB articles for details. This
bulletin is based on 8 KB articles.
 Fixes 4 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. CVE-2022-35823, CVE-2022-37961, CVE-2022-38008, and CVE-2022-
38009 are fixed in this release.
 Known Issues: See next slide

September Known Issues for SharePoint Server
 SharePoint Server – Check specific KBs for details
 [Web Service] Some Web Part Pages Web Service methods may be affected after you
apply the September 2022 security update. For more information, see Web Part
Pages Web Service methods may be blocked after applying the September 2022
security update for SharePoint Server. See KB 5017733 for more details.
 [Nintex] This security update introduces a change in SharePoint Server that will affect
customers who use the Document Generation capability in Nintex Workflow. Nintex
Workflow customers must take additional action after this security update is installed
to make sure that workflows can be published and run. For more information, see
Nintex support page. For support for Nintex Workflow, contact Nintex.

MS22-09-MRNET: Monthly Rollup for Microsoft .NET
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
 Description: This security update addresses an issue where an attacker could
convince a local user to open a specially crafted file which could execute malicious
code on an affected system. This bulletin references 15 KB articles.
 Fixes 1 Vulnerability: CVE-2022-26929 is not publicly disclosed or known
exploited.
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

MS22-09-SONET: Security-only Update for Microsoft .NET
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
 Description: This security update addresses an issue where an attacker could
convince a local user to open a specially crafted file which could execute malicious
code on an affected system. This bulletin references 15 KB articles.
 Fixes 1 Vulnerability: CVE-2022-26929 is not publicly disclosed or known
exploited.
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

Release Summary
 Security Updates (with CVEs): Google Chrome (3), Firefox (1), Firefox ESR (2), Foxit PhantomPDF
(1), Foxit PDF Editor (1), Opera (1), Thunderbird (2), VMware Tools (1)
 Security (w/o CVEs): Adobe Acrobat DC and Acrobat Reader (1), Box Edit (1), CCleaner (1),
ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (2), Citrix Workspace App LTSR (1),
Citrix Workspace App (1), Docker for Windows (1), Dropbox (3), Eclipse Adoptium 11 (1), Eclipse Adoptium
17 (1), Evernote (2), Firefox (2), GIT for windows (2), Apple iTunes (1), Jabra Direct (1), Java Development
Kit 11 (1), Java Development Kit 17 (1), LibreOffice (2), Malwarebytes (2), Node.JS (Current) (1), Node.JS
(LTS Upper) (1), Notepad++ (1), Opera (5), VirtualBox (1), Paint.net (1), Plex Media Server (3), PeaZip (1),
RedHat OpenJDK (1), Skype (2), Slack Machine-Wide Installer (1), Splunk Universal Forwarder (2), Tableau
Desktop (6), Tableau Prep Builder (1), Tableau Reader (1), Thunderbird (1), Apache Tomcat (1), TeamViewer
(1), WinSCP (1), Wireshark (2), Zoom Client (3), Zoom VDI (1)
 Non-Security Updates: 8x8 Work Desktop (1), AIMP (1), Amazon WorkSpaces (1), Box Drive (1),
Camtasia (2), Google Drive File Stream (3), GeoGebra Classic (2), BlueJeans (1), KeePass Pro (2),
NextCloud Desktop Client (1), PDF-Xchange PRO (1), Python (1), RingCentral App (Machine-Wide Installer)
(1), Rocket.Chat Desktop Client (2), ScreenPresso (2), TortoiseHG (1), TreeSize Free (2), Cisco WebEx
Teams (3), WinZip (1), XnView (1)

Third Party CVE Information
 Google Chrome 104.0.5112.102
 CHROME-220816, QGC10405112102
 Fixes 10 Vulnerabilities: CVE-2022-2852, CVE-2022-2853, CVE-2022-2854, CVE-
2022-2855, CVE-2022-2856, CVE-2022-2857, CVE-2022-2858, CVE-2022-2859,
CVE-2022-2860, CVE-2022-2861
 CHROME-220830, QGC1050519554
2022-3041, CVE-2022-3042, CVE-2022-3043, CVE-2022-3044, CVE-2022-3045,
CVE-2022-3046, CVE-2022-3047, CVE-2022-3048, CVE-2022-3049, CVE-2022-
3050, CVE-2022-3051, CVE-2022-3052, CVE-2022-3053, CVE-2022-3054, CVE-
2022-3055, CVE-2022-3056, CVE-2022-3057, CVE-2022-3058
 CHROME-220902, QGC10505195102
 Fixes 1 Vulnerability: CVE-2022-3075

Third Party CVE Information (cont)
 Firefox 104.0
 FF-220823, QFF1040
 Fixes 6 Vulnerabilities: CVE-2022-38472, CVE-2022-38473, CVE-2022-38474, CVE-2022-
38475, CVE-2022-38477, CVE-2022-38478
 Firefox ESR 102.2.0
 FFE-220822, QFFE10220
38478
 Firefox ESR 91.13.0
 FFE-220823, QFFE91130
 Fixes 3 Vulnerabilities: CVE-2022-38472, CVE-2022-38473, CVE-2022-38478

 Foxit PDF Editor 11.2.3.53593
 FPDFE-220826, QFPDFE11U1123MSP
2022-34874, CVE-2022-34875
 Foxit PhantomPDF 10.1.9.37808
 FIP-220830, QFIP101937808
2022-34874, CVE-2022-34875
 Opera 90.0.4480.84
 OPERA-220906, QOP900448084
 VMware Tools 12.1.0
 VMWT12-220824, QVMWT1210

 Thunderbird 102.2.0
 TB-220823, QTB10220
38477, CVE-2022-38478
 Thunderbird 102.2.1
 TB-220901, QTB10221
36059

Thank You!

2022 September Patch Tuesday

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 2022 September Patch Tuesday

Similar to 2022 September Patch Tuesday (20)

More from Ivanti

More from Ivanti (20)

Recently uploaded

Recently uploaded (20)

2022 September Patch Tuesday