Записал традиционный расширенный вариант отчета по сентябрьскому Microsoft Patch Tuesday

Добавить комментарий

Записал традиционный расширенный вариант отчета по сентябрьскому Microsoft Patch Tuesday. Кратко и на русском было здесь.

—-

Hello everyone! Let’s take a look at Microsoft’s September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual.

00:30 Proof-of-Concept Exploits (CVE-2022-33679, CVE-2022-38007, CVE-2022-34729)
02:29 Exploitation in the wild: CLFS Driver EoP (CVE-2022-37969), Microsoft Edge Security Feature Bypass (CVE-2022-2856, CVE-2022-3075)
03:54 IP packet causes RCE: Windows TCP/IP RCE (CVE-2022-34718), IKE RCE (CVE-2022-34721, CVE-2022-34722)
05:39 Windows DNS Server DoS (CVE-2022-34724)
06:30 Spectre-BHB (CVE-2022-23960)

Video: https://youtu.be/KB6LN5h9VwM
Video2 (for Russia): https://vk.com/video-149273431_456239101
Blogpost: https://avleonov.com/2022/09/24/microsoft-patch-tuesday-september-2022-clfs-driver-eop-ip-packet-causes-rce-windows-dns-server-dos-spectre-bhb/
Full report: https://avleonov.com/vulristics_reports/ms_patch_tuesday_september2022_report_with_comments_ext_img.html

@avleonovcom #microsoft #patchtuesday

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *

Captcha
captcha
Reload