Patch Tuesday September 2022 – Microsoft Releases Fixes for 16 Vulnerabilities, Including a Zero-Day Bug
CVE-2022-38012 Microsoft Edge Chromium-based Code Execution Vulnerability Fixed
Microsoft has just released its monthly list of fixed vulnerabilities. This rol includes 16 fixes for common issues, as well as a zero-day bug. Most of the improvement-carrying packages target Microsoft’s Chromium-based Edge browser. Stick around for more information about the September Edition of Patch Tuesday.
Patch Tuesday September Highlights
As mentioned in the intro, among this month’s highlights are included some top-level improvements for Microsoft’s Chromium-based web browser. To name a few, we have bug fixes for vulnerabilities such as Use after free in Passwords, Insufficient policy enforcement in DevTools, Inappropriate implementation in Pointer Lock, Use after free in Browser Tag, and Use after Free in WebSQL. You can find the find the full list of improvements in the table below.
September’s zero-day was none other that CVE-2022-38012 (Microsoft Edge Chromium-based Code Execution Vulnerability). The vulnerability would have allowed a threat actor to run arbitrary code on the victim’s machine by leveraging a defect in Microsoft Edge’s engine. The issue was fixed as part of the September patching bout.
| Release Date | CVE Number | CVE Title |
|---|---|---|
| Sep 1, 2022 | CVE-2022-38012 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Sep 1, 2022 | CVE-2022-3075 | Chromium: CVE-2022-3075 Insufficient data validation in Mojo |
| Sep 1, 2022 | CVE-2022-3058 | Chromium: CVE-2022-3058 Use after free in Sign-In Flow |
| Sep 1, 2022 | CVE-2022-3057 | Chromium: CVE-2022-3057 Inappropriate implementation in iframe Sandbox |
| Sep 1, 2022 | CVE-2022-3056 | Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security Policy |
| Sep 1, 2022 | CVE-2022-3055 | Chromium: CVE-2022-3055 Use after free in Passwords |
| Sep 1, 2022 | CVE-2022-3054 | Chromium: CVE-2022-3054 Insufficient policy enforcement in DevTools |
| Sep 1, 2022 | CVE-2022-3053 | Chromium: CVE-2022-3053 Inappropriate implementation in Pointer Lock |
| Sep 1, 2022 | CVE-2022-3047 | Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions API |
| Sep 1, 2022 | CVE-2022-3046 | Chromium: CVE-2022-3046 Use after free in Browser Tag |
| Sep 1, 2022 | CVE-2022-3045 | Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8 |
| Sep 1, 2022 | CVE-2022-3044 | Chromium: CVE-2022-3044 Inappropriate implementation in Site Isolation |
| Sep 1, 2022 | CVE-2022-3041 | Chromium: CVE-2022-3041 Use after free in WebSQL |
| Sep 1, 2022 | CVE-2022-3040 | Chromium: CVE-2022-3040 Use after free in Layout |
| Sep 1, 2022 | CVE-2022-3039 | Chromium: CVE-2022-3039 Use after free in WebSQL |
| Sep 1, 2022 | CVE-2022-3038 | Chromium: CVE-2022-3038 Use after free in Network Service |
More Cybersecurity Advice
This concludes the September edition of our Patch Tuesday series. I really hope you’ve enjoyed it. Before scooting, I’m going to share with you my favorite cybersecurity advice that will certainly aid you in the fight against malware.
- Automating your patch management flow.Manual patching can only be used to address specific issues. If you’re planning on keeping all of your endpoints up to date, automatic patching & patch management is the way to go. Heimdal® Security’s Patch & Asset Management will ensure that all your apps are up to speed, regardless of Operating System or type of improvement-carrying package you’re going to deploy.
- Phishing. More than 60% of malware are delivered via phishing emails. So, be extra careful around suspicious emails, especially the ones coming from outside of your company.
- Prioritize security updates. While concocting your patch deployment plan, do make sure that you prioritize security-related updates or patches over quality updates.
Additional resources:
- Patch Tuesday, August 2022.
- CVE-2022-30190 Enables Remote Code Execution
- What Is an Attack Surface in Cybersecurity?
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.