{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2022-064.pdf"
    },
    "title": "Multiple Critical Vulnerabilities in Microsoft Products",
    "serial_number": "2022-064",
    "publish_date": "15-09-2022 09:00:00",
    "description": "On the 13th of September, Microsoft released its September 2022 Patch Tuesday advisory including fixes for 2 zero-day vulnerabilities identified \"CVE-2022-37969\" and \"CVE-2022-23960\" which affect several Windows system versions.<br>The patch also contains fixes for five critical vulnerabilities affecting Microsoft Dynamics, Windows IKE Extension and Windows TCP/IP.<br>It is highly recommended to patch the affected devices.",
    "url_title": "2022-064",
    "content_markdown": "---\ntitle: 'Multiple Critical Vulnerabilities in\u00a0Microsoft\u00a0Products'\nversion: '1.0'\nnumber: '2022-064'\noriginal_date: 'September 13, 2022'\ndate: 'September 14, 2022'\n---\n \n_History:_\n \n* _14/09/2022 --- v1.0 -- Initial publication_\n \n# Summary\n \nOn the 13th of September, Microsoft released its September 2022 Patch Tuesday advisory including fixes for 2 zero-day vulnerabilities identified `CVE-2022-37969` and `CVE-2022-23960` which affect several Windows system versions.\n\nThe patch also contains fixes for five critical vulnerabilities affecting Microsoft Dynamics, Windows IKE Extension and Windows TCP/IP [3,4,5,6,7].\n\nIt is highly recommended to patch the affected devices.\n \n# Technical Details\n \n## CVE-2022-34722 and CVE-2022-34721 - Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability\n\nAn unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could lead to a remote code execution exploitation. This vulnerability only impacts IKEv1. IKEv2 is not impacted. However, all Windows Servers are affected because they accept both V1 and V2 packets [4,5].\n\n## CVE-2022-34718 - Windows TCP/IP Remote Code Execution Vulnerability\n\nAn unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could lead to a remote code execution exploitation on that machine [3].\n\n## CVE-2022-35805 and CVE-2022-34700 - Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability\n\nAn authenticated user could run a specially crafted trusted solution package to execute arbitrary SQL commands. From there, the attacker could escalate and execute commands as `db_owner` within their Dynamics 365 database [6,7].\n \n# Products Affected\n \nGlobal list of affected products by all the vulnerabilities in the September advisory [1]:\n\n- .NET and Visual Studio\n- .NET Framework\n- Azure Arc\n- Cache Speculation\n- HTTP.sys\n- Microsoft Dynamics\n- Microsoft Edge (Chromium-based)\n- Microsoft Graphics Component\n- Microsoft Office\n- Microsoft Office SharePoint\n- Microsoft Office Visio\n- Microsoft Windows ALPC\n- Microsoft Windows Codecs Library\n- Network Device Enrollment Service (NDES)\n- Role: DNS Server\n- Role: Windows Fax Service\n- SPNEGO Extended Negotiation\n- Visual Studio Code\n- Windows Common Log File System Driver\n- Windows Credential Roaming Service\n- Windows Defender\n- Windows Distributed File System (DFS)\n- Windows DPAPI (Data Protection Application Programming Interface)\n- Windows Enterprise App Management\n- Windows Event Tracing\n- Windows Group Policy\n- Windows IKE Extension\n- Windows Kerberos\n- Windows Kernel\n- Windows LDAP - Lightweight Directory Access Protocol\n- Windows ODBC Driver\n- Windows OLE\n- Windows Photo Import API\n- Windows Print Spooler Components\n- Windows Remote Access Connection Manager\n- Windows Remote Procedure Call\n- Windows TCP/IP\n- Windows Transport Security Layer (TLS)\n\n# Recommendations\n \nCERT-EU strongly recommends applying the latest Security Updates as soon as possible [2].\n \n# References\n \n[1] <https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>\n \n[2] <https://msrc.microsoft.com/update-guide/deployments>\n\n[3] <https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34718>\n\n[4] <https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34721>\n\n[5] <https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34722>\n\n[6] <https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34700>\n\n[7] <https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35805>\n\n\n\n\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>14/09/2022 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On the 13th of September, Microsoft released its September 2022 Patch Tuesday advisory including fixes for 2 zero-day vulnerabilities identified <code>CVE-2022-37969</code> and <code>CVE-2022-23960</code> which affect several Windows system versions.</p><p>The patch also contains fixes for five critical vulnerabilities affecting Microsoft Dynamics, Windows IKE Extension and Windows TCP/IP [3,4,5,6,7].</p><p>It is highly recommended to patch the affected devices.</p><h2 id=\"technical-details\">Technical Details</h2><h3 id=\"cve-2022-34722-and-cve-2022-34721-windows-internet-key-exchange-ike-protocol-extensions-remote-code-execution-vulnerability\">CVE-2022-34722 and CVE-2022-34721 - Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability</h3><p>An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could lead to a remote code execution exploitation. This vulnerability only impacts IKEv1. IKEv2 is not impacted. However, all Windows Servers are affected because they accept both V1 and V2 packets [4,5].</p><h3 id=\"cve-2022-34718-windows-tcpip-remote-code-execution-vulnerability\">CVE-2022-34718 - Windows TCP/IP Remote Code Execution Vulnerability</h3><p>An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could lead to a remote code execution exploitation on that machine [3].</p><h3 id=\"cve-2022-35805-and-cve-2022-34700-microsoft-dynamics-crm-on-premises-remote-code-execution-vulnerability\">CVE-2022-35805 and CVE-2022-34700 - Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability</h3><p>An authenticated user could run a specially crafted trusted solution package to execute arbitrary SQL commands. From there, the attacker could escalate and execute commands as <code>db_owner</code> within their Dynamics 365 database [6,7].</p><h2 id=\"products-affected\">Products Affected</h2><p>Global list of affected products by all the vulnerabilities in the September advisory [1]:</p><ul><li>.NET and Visual Studio</li><li>.NET Framework</li><li>Azure Arc</li><li>Cache Speculation</li><li>HTTP.sys</li><li>Microsoft Dynamics</li><li>Microsoft Edge (Chromium-based)</li><li>Microsoft Graphics Component</li><li>Microsoft Office</li><li>Microsoft Office SharePoint</li><li>Microsoft Office Visio</li><li>Microsoft Windows ALPC</li><li>Microsoft Windows Codecs Library</li><li>Network Device Enrollment Service (NDES)</li><li>Role: DNS Server</li><li>Role: Windows Fax Service</li><li>SPNEGO Extended Negotiation</li><li>Visual Studio Code</li><li>Windows Common Log File System Driver</li><li>Windows Credential Roaming Service</li><li>Windows Defender</li><li>Windows Distributed File System (DFS)</li><li>Windows DPAPI (Data Protection Application Programming Interface)</li><li>Windows Enterprise App Management</li><li>Windows Event Tracing</li><li>Windows Group Policy</li><li>Windows IKE Extension</li><li>Windows Kerberos</li><li>Windows Kernel</li><li>Windows LDAP - Lightweight Directory Access Protocol</li><li>Windows ODBC Driver</li><li>Windows OLE</li><li>Windows Photo Import API</li><li>Windows Print Spooler Components</li><li>Windows Remote Access Connection Manager</li><li>Windows Remote Procedure Call</li><li>Windows TCP/IP</li><li>Windows Transport Security Layer (TLS)</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends applying the latest Security Updates as soon as possible [2].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep\">https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/deployments\">https://msrc.microsoft.com/update-guide/deployments</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34718\">https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34718</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34721\">https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34721</a></p><p>[5] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34722\">https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34722</a></p><p>[6] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34700\">https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34700</a></p><p>[7] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35805\">https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35805</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}