September 2022 Patch Tuesday forecast: No sign of cooling

It’s September and cooler temperatures are approaching for most of us in the Northern Hemisphere. Unfortunately, the need to maintain and update our computer systems remains high.

August 2022 Patch Tuesday delivered critical updates for all Microsoft operating systems, as well as an unexpected update for Internet Explorer 11. These critical updates were caused by another zero-day vulnerability – CVE-2022-34713, found in the Microsoft Windows Support Diagnostic Tool (MSDT). Apple also addressed some zero-day vulnerabilities this month, so let’s take a look at next week’s forecast.

Apple has released security updates for all of its operating systems – iOS, Catalina, Big Sur and Monterey, as well as the Safari browser to address two zero-day vulnerabilities. CVE-2022-32893 and CVE-2022-32894 are both out-of-bounds write vulnerabilities that allow code execution.

Google has released a major update to its stable channel version of Chrome 105 for Windows, Mac, and Linux. It contained fixes for 24 vulnerabilities, including 9 that allowed remote code execution. And as a final note, Hewlett-Packard has released an update to its Support Assistant tool, which is installed on all of its computing devices. It resolves CVE-2022-38395, an elevation of privilege vulnerability in this widespread, critical diagnostic software. All of these products are in common use, so make sure to include these updates in your Patch Tuesday process if you haven’t already deployed them.


Leave a Comment