Microsoft just fixed a whole load of serious security flaws so patch now TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. Microsoft just fixed a whole load of serious security flaws so patch now By Sead Fadilpašić published 14 September 2022 Two of the fixed Microsoft flaws are zero-days (Image credit: Passwork) Audio player loading… September's Patch Tuesday is upon us, giving Microsoft the opportunity to fix, among other things, two zero-day vulnerabilities being actively exploited in the wild. As per the company's security advisory, the two flaws are tracked as CVE-2022-37969, and CVE-2022-23960. The former is a Windows Common Log File System Driver Elevation of Privilege Vulnerability, and it allows for remote code execution. It holds a severity score of 7.8. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft's advisory warns. Fixing dozens of flaws The second flaw is described as Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability and this one allows an attacker to leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches, and obtain sensitive information through cache allocation. It has a severity score of 5.6. Besides these two vulnerabilities, Microsoft has patched (opens in new tab) a total of 61 flaws, excluding the 16 flaws fixed in Microsoft Edge prior to the release of this cumulative update. These flaws include 18 elevation of privilege vulnerabilities, 1 security feature bypass vulnerability, 30 remote code execution vulnerabilities, seven information disclosure vulnerabilities, seven denial of service vulnerabilities, as well as 16 Edge - Chromium vulnerabilities (excluding the 16 mentioned earlier).Read more> A new Windows Search zero-day is giving Microsoft another security headache > Microsoft Edge gets emergency patch for severe zero-day vulnerability > Here's our rundown of the best antivirus solutions around (opens in new tab) Microsoft has had a busy year fixing zero-day vulnerabilities across its tools and services. In early July 2022, it fixed a zero-day found in its Edge browser. Tracked as CVE-2022-2294, it's a high-severity heap-based buffer overflow weakness. A month earlier, in June, the company fixed two flaws that allowed threat actors to run malware on target endpoints (opens in new tab), one in Windows Search, and one in Microsoft Office OLEObject. Through the use of a weaponized Word document, the Search zero-day can be used to automatically open a search window with a remotely hosted malware. This was made possible due to how Windows handles a URI protocol handler called "search-ms".These are the best firewalls (opens in new tab) right now Via: BleepingComputer (opens in new tab) Sead Fadilpašić Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1I tried the weirdest-looking Bluetooth speaker in the world, and I utterly adore it2You may not have to sell a body part to afford the Nvidia RTX 4090 after all3My days as a helpful meat shield are over, thanks to the Killer Klown horror game4100% on Rotten Tomatoes: 7 new critically-acclaimed dramas you may have missed5I won't buy the Google Pixel 7 unless it fixes these three Pixel 6 problems1We finally know what 'Wi-Fi' stands for - and it's not what you think2Best laptops for designers and coders 3The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me4Miofive 4K Dash Cam review5Logitech's latest webcam and headset want to relieve your work day frustrations Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)