Microsoft makes some of the most popular software on the planet. This includes the Windows operating system, its Office suite of products, Windows Server, and Microsoft 365 SaaS tools. With this popularity comes the potential for system vulnerabilities.
Every second Tuesday of the Month (aka Patch Tuesday), Microsoft puts out security updates and patches for newly found system vulnerabilities. Mission-critical facilities and enterprises often align update schedules around Patch Tuesday, to address the newest threats.
Managing updates is a necessary part of cyber security and compliance, and without ongoing patch management companies become vulnerable to attacks. Unfortunately, this happens all too often.
You Have to Apply Security Patches for Them to Work
In a study by the Ponemon Institute, it was found that 60% of organizations that suffered a data breach admitted the reason was an unpatched vulnerability. These were vulnerabilities for which a patch was released but hadn’t been applied by the organizations.
Further, 62% of them said that they weren’t aware of their vulnerabilities before the breach happened. This is often the case when no vulnerability assessment or management program is put into place.
In September, Microsoft issued patches for five critical vulnerabilities. “Critical” is the maximum severity level that vulnerabilities are scored. This means that should that vulnerability be exploited, it could cause significant damage.
Ensure You’ve Addressed These Critical Microsoft Code Weaknesses
In Microsoft’s September 2022 Patch Tuesday release, there were five critical vulnerabilities that were addressed with a fix. Following are the details on each one.
Remote Code Execution: CVE-2022-34721
This CVE is a vulnerability in the Windows Internet Key Exchange (IKE) Protocol Extensions that allows a hacker to remotely execute code in the system. This allows a hacker that is not authenticated in the system to send a specially crafted IP packet targeting a machine running Windows with IPSec enabled.
This vulnerability impacts IKEv1, and not v2, however, all Windows Servers are affected because they accept both types of packets.
Remote Code Execution: CVE-2022-34722
This vulnerability mirrors the impact type of CVE-2022-34721. It also affects the Windows IKE Protocol Extensions and impacts Windows Servers. It’s not unusual for more than one vulnerability to exist in the same system enabling the same types of exploits, but be different enough to warrant a separate CVE number.
Windows TCP/IP Vulnerability: CVE-2022-34718
This vulnerability impacts certain versions of Windows 10 and does not require the hacker to have system privileges. It also does not require user interaction, meaning the cyber attacker doesn’t need the user to click a malicious link or file to execute the attack.
Using the Windows TCP/IP protocol, hackers can remotely execute code to take control of a system.
Microsoft Dynamics CRM Vulnerability: CVE-2022-34700
This vulnerability affects on-premises versions of Microsoft Dynamics CRM. The exploit to this vulnerability must be run by an authenticated user. In cases like this, credential theft is often used to gain a user’s access login to a system.
Once authenticated, a hacker could run a specially crafted trusted solution packet to execute malicious SQL commands. The attack could then be escalated to execute commands on the database as the owner.
Microsoft Dynamics CRM Vulnerability: CVE-2022-35805
This fifth critical vulnerability is also one that impacts the on-premises version of Microsoft Dynamics CRM. This vulnerability is very similar to CVE-2022-34700. It requires privileges to be executed and can result in a complete database takeover.
Tips for Reducing Microsoft Vulnerability Impacts
Vulnerabilities are often the opportunity needed by cyber criminals to cause serious damage to an organization or mission-critical facility. They enable everything from a sensitive database breach to an expensive ransomware attack.
While some vulnerabilities have patches that can be applied to shut down any connected exploits, others are considered zero-day and have yet to have a fix issued. You can address both and improve your security posture by taking advantage of cyber security services and best practices.
- Conduct Vulnerability Assessments Regularly: IT infrastructure for mission-critical facilities and companies is complex. New vulnerabilities can crop up all the time without you realizing it. This makes it imperative that you conduct ongoing vulnerability assessment scans to uncover hidden threats.
- Implement Zero-Trust Principals: Zero-trust is becoming the new standard in cybersecurity and compliance. Many of its principles, such as multi-factor authentication and application safelisting, help prevent existing vulnerabilities from being exploited by cutting off access.
- Automate Software Updates: It’s easy for a vulnerability to go undetected for a while and then be taken advantage of months after a patch has been issued. It’s important to keep up with patch and update installation, and the best way to ensure this is to automate software updates. This is most easily done using a managed services strategy.
Need Help Automating Your Vulnerability Management?
WizNucleus offers cyber security services and tools that help you stay on top of vulnerability assessment and remediation.
Contact us today to schedule a free consultation! Call +1 (646) 558-5577 (New York, NY) or +1 (469) 481-1726 (Carrollton, TX) or reach out online.