September 16th: Microsoft Patch fixes 63 vulnerabilities +++ Zero-Day Vulnerability in WordPress Plugin

Microsoft Patch fixes 63 vulnerabilities, including 5 critical 

Microsoft released a new Patch on Tuesday the 13th which fixes 63 vulnerabilities, 5 of them are classified as critical as they allow remote code execution. The number of bugs in each vulnerability category is listed below: 

  • 18 Elevation of Privilege Vulnerabilities 
  • 1 Security Feature Bypass Vulnerabilities 
  • 30 Remote Code Execution Vulnerabilities 
  • 7 Information Disclosure Vulnerabilities 
  • 7 Denial of Service Vulnerabilities 
  • 16 Edge – Chromium Vulnerabilities 

The highest ranked CVE were those who enabled remote code executions, one of the most dangerous kinds of vulnerabilities. CVE-2022-34718, for example, allowed an unauthorized attacker to send a specially crafted IPv6 packet to a Windows node where IPSec is active and enable remote code execution.  CVE-2022-34721, CVE-2022-34722 also allow an unauthorized attacker to send a specially crafted IPv6 packet to a Windows machine which has IPSec enabled. Other ones are CVE-2022-38009 who allowed an authorized attacker to execute code remotely on a SharePoint Server and CVE-2022-26929 which targeted the .NET Framework to enable remote code execution. 

In addition, it also addresses 2 Zero-Day Vulnerabilities, CVE-2022-37969 and CVE-2022-23960. 
The first CVE did enable an attacker who already had access to the targeted system to get System privileges. The second one allowed for attackers to access to normally secure information. 

Are you interested in more insights? Here are two sources for further information:

Zero-Day Vulnerability in WordPress Plugin

A Zero-Day Vulnerability has been found in the Plugin WPGateway for WordPress. WPGateway is normally used to simplify the management of a website and combines different tasks like setting up a site, backing up sites, managing plugins and many more into a central dashboard. 

On September 8th, the Wordfence Threat Intelligence team became aware of an exploit which allowed malicious actors to completely take over affected sites (CVE-2022-3180). This exploit enables attackers to create their own administrator account and thereby take over the system.

Possibilities to check if a system is compromised, you can check for an administrator with the username rangex or for the request  //wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1. Right now, there is no patch to remove this vulnerability, so removing the plugin until a fix is there is recommended.  

If you want to dig deeper, get more information here:

Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.

Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.

And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.