Heimdal
article featured image

Contents:

Microsoft has just released its monthly list of fixed vulnerabilities. This rol includes 16 fixes for common issues, as well as a zero-day bug. Most of the improvement-carrying packages target Microsoft’s Chromium-based Edge browser. Stick around for more information about the September Edition of Patch Tuesday.

Patch Tuesday September Highlights

As mentioned in the intro, among this month’s highlights are included some top-level improvements for Microsoft’s Chromium-based web browser. To name a few, we have bug fixes for vulnerabilities such as Use after free in Passwords, Insufficient policy enforcement in DevTools, Inappropriate implementation in Pointer Lock, Use after free in Browser Tag, and Use after Free in WebSQL. You can find the find the full list of improvements in the table below.

September’s zero-day was none other that CVE-2022-38012 (Microsoft Edge Chromium-based Code Execution Vulnerability). The vulnerability would have allowed a threat actor to run arbitrary code on the victim’s machine by leveraging a defect in Microsoft Edge’s engine. The issue was fixed as part of the September patching bout.

Release Date
CVE Number
CVE Title
Sep 1, 2022
CVE-2022-38012
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Sep 1, 2022
CVE-2022-3075
Chromium: CVE-2022-3075 Insufficient data validation in Mojo
Sep 1, 2022
CVE-2022-3058
Chromium: CVE-2022-3058 Use after free in Sign-In Flow
Sep 1, 2022
CVE-2022-3057
Chromium: CVE-2022-3057 Inappropriate implementation in iframe Sandbox
Sep 1, 2022

CVE-2022-3056
Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security Policy
Sep 1, 2022
CVE-2022-3055

Chromium: CVE-2022-3055 Use after free in Passwords
Sep 1, 2022

CVE-2022-3054
Chromium: CVE-2022-3054 Insufficient policy enforcement in DevTools
Sep 1, 2022
CVE-2022-3053
Chromium: CVE-2022-3053 Inappropriate implementation in Pointer Lock
Sep 1, 2022
CVE-2022-3047
Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions API
Sep 1, 2022
CVE-2022-3046
Chromium: CVE-2022-3046 Use after free in Browser Tag
Sep 1, 2022
CVE-2022-3045
Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8
Sep 1, 2022
CVE-2022-3044
Chromium: CVE-2022-3044 Inappropriate implementation in Site Isolation
Sep 1, 2022

CVE-2022-3041
Chromium: CVE-2022-3041 Use after free in WebSQL
Sep 1, 2022
CVE-2022-3040
Chromium: CVE-2022-3040 Use after free in Layout
Sep 1, 2022
CVE-2022-3039
Chromium: CVE-2022-3039 Use after free in WebSQL
Sep 1, 2022
CVE-2022-3038
Chromium: CVE-2022-3038 Use after free in Network Service

More Cybersecurity Advice

This concludes the September edition of our Patch Tuesday series. I really hope you’ve enjoyed it. Before scooting, I’m going to share with you my favorite cybersecurity advice that will certainly aid you in the fight against malware.

  1. Automating your patch management flow.Manual patching can only be used to address specific issues. If you’re planning on keeping all of your endpoints up to date,  automatic patching & patch management is the way to go. Heimdal® Security’s Patch & Asset Management will ensure that all your apps are up to speed, regardless of Operating System or type of improvement-carrying package you’re going to deploy.
  2. Phishing. More than 60% of malware are delivered via phishing emails. So, be extra careful around suspicious emails, especially the ones coming from outside of your company.
  3. Prioritize security updates. While concocting your patch deployment plan, do make sure that you prioritize security-related updates or patches over quality updates.

Additional resources:

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Vladimir Unterfingher

Senior PR & Communications Officer

Experienced blogger with a strong focus on technology, currently advancing towards a career in IT Security Analysis. I possess a keen interest in exploring and understanding the intricacies of malware, Advanced Persistent Threats (APTs), and various cybersecurity challenges. My dedication to continuous learning fuels my passion for delving into the complexities of the cyber world.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo