#windows

Windows ALPC Elevation of Privilege Vulnerability.

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37957, CVE-2022-37964.

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722.

Windows Event Tracing Denial of Service Vulnerability.

Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-35837, CVE-2022-38006.

Windows Enterprise App Management Service Remote Code Execution Vulnerability.

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37964.

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34721.

Windows Distributed File System (DFS) Elevation of Privilege Vulnerability.

By Jon Munshaw and Asheer Malhotra.  Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month.  September's security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday. There are two moderate-severity vulnerabilities in this release and a low-security issue that’s already been patched as a part of a recent Google Chromium update. The remainder is considered “important.”  The most serious vulnerability exists in several versions of Windows Server and Windows 10 that could allow an attacker to gain the ability to execute remote code (RCE) by sending a singular, specially crafted IPv6 packet to a Windows node where IPSec is enabled. CVE-2022-34718 only affects instances that have IPSec enabled. This vulnerability has a severity score of 9.8 out of 10 and is considered “more likely...