September 2022 : Microsoft Patch Tuesday Review

Today is the second Tuesday of September 2022 and its Time to check out the latest security updates from Microsoft.

Today (13/09/2022) is the second Tuesday of this month and as part of the Microsoft patch Tuesday September 2022 the company has released a bunch of cumulative updates to resolve vulnerabilities in its operating systems and other products, like the Microsoft Office productivity suite, while also addressing a series of other bugs related to performance and usability. Let’s look at the highlights from this month’s Windows security Patch Tuesday:

What is Patch Tuesday?
Patch Tuesday, the colloquial term for Microsoft’s Update Tuesday that falls on second Tuesday of every month. 

Today’s patch comes with fixes for one actively exploited zero-day vulnerability and a total of 63 flaws. Where 5 flaws are classified as ‘Critical’ as they allow remote code execution.

As per the release notes, the September 2022 patch fixed 18 Elevation of Privilege security issues, 1 security Feature Bypass Vulnerabilities, 30 Remote Code Execution bugs, 7 Information Disclosure vulnerabilities, 7 Denial of Service Vulnerabilities and 16 Edge – Chromium Vulnerabilities.

Let’s take a closer look at some of the more interesting updates for this month,

CVE-2022-37969  – Windows Common Log File System Driver Elevation of Privilege Vulnerability allows an authenticated attacker to execute code with elevated privileges.

CVE-2022-34718  – Windows TCP/IP Remote Code Execution Vulnerability allows a remote, unauthenticated attacker to execute code with elevated privileges on affected systems without user interaction.

CVE-2022-34724  – Windows DNS Server Denial of Service Vulnerability, Its an important update.

CVE-2022-3075 1 – Chromium: CVE-2022-3075 Insufficient data validation in Mojo,  This vulnerability allows code execution on affected Chromium-based browsers (like Edge) and has been detected in the wild.

Note – The above counts do not include sixteen vulnerabilities previously fixed in Microsoft Edge.

The following client versions of Windows have known issues: Windows 7, Windows 8.1, Windows 10 version 20H2, 21H1 and 21H2, Windows 11

  • Windows 7 (extended support only): 32 vulnerabilities: 3 critical and 29 important
    • Windows TCP/IP Remote Code Execution Vulnerability — CVE-2022-34718
    • Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability — CVE-2022-34721
    • Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability — CVE-2022-34722
  • Windows 8.1: 33 vulnerabilities: 3 critical and 30 important
    • Windows TCP/IP Remote Code Execution Vulnerability — CVE-2022-34718
    • Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability — CVE-2022-34721
    • Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability — CVE-2022-34722
  • Windows 10 version 20H2, 21H1 and 21H2: 40 vulnerabilities, 3 critical and 37 important
    • Windows TCP/IP Remote Code Execution Vulnerability — CVE-2022-34718
    • Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability — CVE-2022-34721
    • Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability — CVE-2022-34722
  • Windows 11:  54 vulnerabilities, 13 critical and 41 important
    • Windows TCP/IP Remote Code Execution Vulnerability — CVE-2022-34718
    • Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability — CVE-2022-34721
    • Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability — CVE-2022-34722

Recent updates from other companies

Other vendors who released updates in September 2022 include:

Windows security updates September 2022

The 13 September 2022 (Patch Tuesday) windows security updates are the following:

  • KB5017328 (OS Build 22000.978) for the latest windows 11 version 21H2
  • KB5017308 (OS Builds 19043.2006) for the latest windows 10 version 21H2
  • Windows 10 October 2019 Update (version 1809): KB5017315 (OS Build 17763.3406)
  • Windows 10 Anniversary Update (version 1607): KB5017305 (OS Build 14393.5356)
  • Windows 7 and server 2008 R2 Monthly Rollup: KB5017361 and Security-Only: KB5017373
  • Windows 8.1 and server 2012 R2 Monthly Rollup: KB5017367 and Security-only: KB5017365

All these updates only include minor patches and security fixes, rather than any new features.

Note: Windows 11 was released with a number of new features and improvements as a free upgrade for eligible Windows 10 devices. Here is how to upgrade to windows 11 for free.

Windows 7

Both monthly and security-only updates

  • This update contains miscellaneous security improvements to internal OS functionality. No specific issues are documented for this release.

Windows 8.1

Both monthly and security-only updates, bring the same changelog as windows 7.

  • Includes unspecified “miscellaneous security improvements to internal OS functionality”.

Windows 10

  • Includes unspecified “miscellaneous security improvements to internal OS functionality”.
  • Plus, everything listed here as part of the preview update.

Windows 11

  • Fixes an issue that is affecting Microsoft Accounts. According to the description, a web dialog might not appear that is used to sign-in or sign out.
  • Addresses a known issue that causes Microsoft Edge to stop responding, and Bluetooth audio headsets to stop playing after a progress bar adjustment.
  • Gives IT admins the ability to remotely add languages and language-related features. Additionally, they can now manage language scenarios across several endpoint managers. 
  • Compresses a file regardless of its size if you have configured Server Message Block (SMB) Compression.
  • Enhances Microsoft Defender for Endpoint’s ability to identify and intercept ransomware and advanced attacks.

Also, include changes from the preview build, you can read details here.

Microsoft Security update download

All these Windows 10 September 2022 Patch Tuesday updates are automatically downloaded and install via windows update. Or you force Windows update from settings, update & security check for updates to install the latest patch updates immediately.

Windows 11 KB5017328 (OS Build 22000.978) offline installer Direct Download Link 64-bit.

Windows 10 KB5017308 (For version 21H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86).

Windows 10 KB5016623 (for version 1809) Offline Download links

If you are Looking for Windows 10 version 21H2 ISO image click here.

Or Check How to Upgrade to Windows 10 version 21H2 Using the media creation tool

If you face any difficulty while installing these updates, Check Windows 10 Update troubleshooting guide to fix the windows 10 Cumulative update KB5017308 stuck downloading, failed to install with different errors, etc.

Note: New Windows Security Updates are available for Windows 7 and 8.1 as well, read the changelog here.

FAQ on Patch Tuesday update

What is Patch Tuesday?
Patch Tuesday, the colloquial term for Microsoft’s Update Tuesday which falls on the second Tuesday of every month.

When is Patch Tuesday?
Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on September 13, 2022.

What is patching and why is it important?
Patches are nothing but pieces of software code that are written to fix a bug in a software application, that might lead to a vulnerability.

What kind of patch updates are released during Patch Tuesday?
Predominantly security patch updates of varying severity like Critical, Important, Moderate & Low are labeled and released.

What are CVE IDs?
CVE ID – Common Vulnerabilities and Exposure ID is a format in which each vulnerability is disclosed and cataloged in the National Vulnerability Database (NVD).

Also Read

MicrosoftMicrosoft Patch Tuesdaymicrosoft security updatepatch Tuesday updatewindows 10Windows 10 Patch updateWindows Update
Comments (2)
Add Comment
  • Michelle Ford

    I only have a basic-moderate understanding of dos/software/updates. It normally only takes about an hour for me to find a fix.
    I am unable to locate the update patch to fix 2021-05 Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB5003173) for OS build 19041.630.
    I am getting an error message: “Your device is missing important security and quality fixes.” (0x80073701).
    I am now getting rather frustrated, as I have literally spent over 5 hours searching the web and have followed a multitude of “fixes” and none have worked, including the manual download of the update from https://www.catalog.update.microsoft.com/home.aspx .
    Inability to successfully install this update (after it says 100% installed), is preventing the installation of the Windows 10 version 20H2 update (which is automatically showing the same error).
    I live off grid, in a remote rural area and unable to get technical assistance readily. Would appreciate assistance.

    • Steve Ballmer

      Have you tried to install windows updates on clean boot?
      Clean boot fix the problem if any third-party service conflict prevents apply these updates.

      In addition, make sure to disable third-party antivirus, disconnect VPN (If configured), Check you have enough free disk space,

      Disconnect the internet connection and try install the offline package.

      Let us know if need more help, feel free to contact admin@windows101tricks.com