Microsoft has released security updates to address several vulnerabilities in the following products:

• .NET and Visual Studio
• .NET Framework
• Azure Arc
• Cache Speculation
• HTTP.sys
• Microsoft Dynamics
• Microsoft Edge (Chromium-based)
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Windows ALPC
• Microsoft Windows Codecs Library
• Network Device Enrollment Service (NDES)
• Role: DNS Server
• Role: Windows Fax Service
• SPNEGO Extended Negotiation
• Visual Studio Code
• Windows Common Log File System Driver
• Windows Credential Roaming Service
• Windows Defender
• Windows Distributed File System (DFS)
• Windows DPAPI (Data Protection Application Programming Interface)
• Windows Enterprise App Management
• Windows Event Tracing
• Windows Group Policy
• Windows IKE Extension
• Windows Kerberos
• Windows Kernel
• Windows LDAP - Lightweight Directory Access Protocol
• Windows ODBC Driver
• Windows OLE
• Windows Photo Import API
• Windows Print Spooler Components
• Windows Remote Access Connection Manager
• Windows Remote Procedure Call
• Windows TCP/IP
• Windows Transport Security Layer (TLS)

Attacker could exploit these vulnerabilities by doing the following:

• Remote Code Execution
• Denial of Service (DoS)
• Unauthorized disclosure of information
• Escalation of privilege
• Bypass of a protection mechanism

The CERT team encourages users to review Microsoft security advisory and apply the necessary updates:

• https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep