Microsoft July 2022 Patch Tuesday

Published: 2022-07-12. Last Updated: 2022-07-12 17:52:03 UTC
by Renato Marinho (Version: 1)
0 comment(s)

This month we got patches for 86 vulnerabilities. Of these, 4 are critical, none previously disclosed, and one is being exploited according to Microsoft.

The zero-day is an elevation of privilege affecting Windows CSRSS (CVE-2022-22047). The CSRSS (Client Server Run-Time Subsystem) is the user-mode process that controls the underlying layer for the Windows environment. According to the advisory, “an attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” The advisory also says that the attack complexity is low, the privileges required are low and no user interaction is required. The CVSS for this vulnerability is 7.8.

There is another important elevation of privilege affecting Windows CSRSS (CVE-2022-22026). As per the advisory, this is similar to the already exploited vulnerability in terms of attack vector, attack complexity, privileges required, and user interaction. However, the CVSS score is higher: 8.8 – the highest for this month.

The same CVSS score was given to the remote code execution (RCE) vulnerability in Windows Graphics Component (CVE-2022-30221) affecting different Windows products including Remote Desktop Client. To exploit this vulnerability “an attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user.” 

There is also a critical tampering vulnerability with exploitability tagged as “More Likely” affecting Windows Server Service (CVE-2022-30216). The attack vector is network, the attack complexity and privileges required are low and it requires no user interaction. According to the advisory, “For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service”. The CVSS for this vulnerability is 8.8. 

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com.

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
AMD: CVE-2022-23816 AMD CPU Branch Type Confusion
CVE-2022-23816 No No Less Likely Less Likely Important    
AMD: CVE-2022-23825 AMD CPU Branch Type Confusion
CVE-2022-23825 No No Less Likely Less Likely Important    
Active Directory Federation Services Elevation of Privilege Vulnerability
CVE-2022-30215 No No More Likely More Likely Important 7.5 6.5
Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-30181 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33641 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33642 No No Less Likely Less Likely Important 4.9 4.4
CVE-2022-33643 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33650 No No Less Likely Less Likely Important 4.9 4.4
CVE-2022-33651 No No Less Likely Less Likely Important 4.9 4.4
CVE-2022-33652 No No Less Likely Less Likely Important 4.4 4.0
CVE-2022-33653 No No Less Likely Less Likely Important 4.9 4.4
CVE-2022-33654 No No Less Likely Less Likely Important 4.9 4.4
CVE-2022-33655 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33656 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33657 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33658 No No Less Likely Less Likely Important 4.4 4.0
CVE-2022-33659 No No Less Likely Less Likely Important 4.9 4.4
CVE-2022-33660 No No Less Likely Less Likely Important 4.9 4.4
CVE-2022-33661 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33662 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33663 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33664 No No Less Likely Less Likely Important 4.9 4.4
CVE-2022-33665 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33666 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33667 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33668 No No Less Likely Less Likely Important 4.9 4.4
CVE-2022-33669 No No Less Likely Less Likely Important 4.9 4.4
CVE-2022-33671 No No Less Likely Less Likely Important 4.9 4.4
CVE-2022-33672 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33673 No No Less Likely Less Likely Important 6.5 5.9
CVE-2022-33674 No No Less Likely Less Likely Important 8.3 7.5
CVE-2022-33675 No No Less Likely Less Likely Important 7.8 7.0
CVE-2022-33677 No No Less Likely Less Likely Important 7.2 6.3
Azure Site Recovery Remote Code Execution Vulnerability
CVE-2022-33676 No No Less Likely Less Likely Important 7.2 6.5
CVE-2022-33678 No No Less Likely Less Likely Important 7.2 6.3
Azure Storage Library Information Disclosure Vulnerability
CVE-2022-30187 No No Less Likely Less Likely Important 4.7 4.2
BitLocker Security Feature Bypass Vulnerability
CVE-2022-22048 No No Less Likely Less Likely Important 6.1 5.3
Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC
CVE-2022-2294 No No - - -    
Chromium: CVE-2022-2295 Type Confusion in V8
CVE-2022-2295 No No - - -    
HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data
CVE-2022-27776 No No Less Likely Less Likely Important    
Internet Information Services Dynamic Compression Module Denial of Service Vulnerability
CVE-2022-22040 No No Less Likely Less Likely Important 7.3 6.6
Microsoft Defender for Endpoint Tampering Vulnerability
CVE-2022-33637 No No Less Likely Less Likely Important 6.5 5.7
Microsoft Office Security Feature Bypass Vulnerability
CVE-2022-33632 No No Less Likely Less Likely Important 4.7 4.1
Performance Counters for Windows Elevation of Privilege Vulnerability
CVE-2022-22036 No No Less Likely Less Likely Important 7.0 6.1
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2022-22038 No No Less Likely Less Likely Critical 8.1 7.3
Skype for Business and Lync Remote Code Execution Vulnerability
CVE-2022-33633 No No Less Likely Less Likely Important 7.2 6.3
Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
CVE-2022-30202 No No More Likely More Likely Important 7.0 6.1
CVE-2022-30224 No No Less Likely Less Likely Important 7.0 6.1
CVE-2022-22037 No No Less Likely Less Likely Important 7.5 6.5
Windows BitLocker Information Disclosure Vulnerability
CVE-2022-22711 No No Less Likely Less Likely Important 6.7 5.8
Windows Boot Manager Security Feature Bypass Vulnerability
CVE-2022-30203 No No Less Likely Less Likely Important 7.4 6.4
Windows CSRSS Elevation of Privilege Vulnerability
CVE-2022-22026 No No Less Likely Less Likely Important 8.8 7.7
CVE-2022-22047 No Yes Detected Detected Important 7.8 6.8
CVE-2022-22049 No No Less Likely Less Likely Important 7.8 6.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-30220 No No More Likely More Likely Important 7.8 6.8
Windows Connected Devices Platform Service Information Disclosure Vulnerability
CVE-2022-30212 No No Less Likely Less Likely Important 4.7 4.1
Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability
CVE-2022-22031 No No Less Likely Less Likely Important 7.8 6.8
Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-30214 No No Less Likely Less Likely Important 6.6 5.8
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
CVE-2022-22043 No No Less Likely Less Likely Important 7.8 6.8
Windows Fax Service Elevation of Privilege Vulnerability
CVE-2022-22050 No No Less Likely Less Likely Important 7.8 6.8
Windows Fax Service Remote Code Execution Vulnerability
CVE-2022-22024 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-22027 No No Less Likely Less Likely Important 7.8 6.8
Windows GDI+ Information Disclosure Vulnerability
CVE-2022-30213 No No Less Likely Less Likely Important 5.5 4.8
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-22034 No No More Likely More Likely Important 7.8 7.0
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2022-30221 No No Less Likely Less Likely Critical 8.8 7.7
Windows Group Policy Elevation of Privilege Vulnerability
CVE-2022-30205 No No Less Likely Less Likely Important 6.6 5.8
Windows Hyper-V Information Disclosure Vulnerability
CVE-2022-30223 No No Less Likely Less Likely Important 5.7 5.0
CVE-2022-22042 No No Less Likely Less Likely Important 6.5 5.7
Windows IIS Server Elevation of Privilege Vulnerability
CVE-2022-30209 No No Less Likely Less Likely Important 7.4 6.4
Windows Internet Information Services Cachuri Module Denial of Service Vulnerability
CVE-2022-22025 No No Less Likely Less Likely Important 7.5 6.5
Windows Kernel Information Disclosure Vulnerability
CVE-2022-21845 No No Less Likely Less Likely Important 4.7 4.1
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
CVE-2022-30211 No No Less Likely Less Likely Important 7.5 6.5
Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability
CVE-2022-30225 No No Less Likely Less Likely Important 7.1 6.2
Windows Network File System Information Disclosure Vulnerability
CVE-2022-22028 No No Less Likely Less Likely Important 5.9 5.2
Windows Network File System Remote Code Execution Vulnerability
CVE-2022-22029 No No Less Likely Less Likely Critical 8.1 7.1
CVE-2022-22039 No No Less Likely Less Likely Critical 7.5 6.5
Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
CVE-2022-22023 No No Less Likely Less Likely Important 6.6 5.8
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-30206 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-30226 No No Less Likely Less Likely Important 7.1 6.2
CVE-2022-22022 No No Less Likely Less Likely Important 7.1 6.2
CVE-2022-22041 No No Less Likely Less Likely Important 6.8 6.1
Windows Security Account Manager (SAM) Denial of Service Vulnerability
CVE-2022-30208 No No Less Likely Less Likely Important 6.5 5.7
Windows Server Service Tampering Vulnerability
CVE-2022-30216 No No More Likely More Likely Important 8.8 7.7
Windows Shell Remote Code Execution Vulnerability
CVE-2022-30222 No No Less Likely Less Likely Important 8.4 7.3
Windows.Devices.Picker.dll Elevation of Privilege Vulnerability
CVE-2022-22045 No No Less Likely Less Likely Important 7.8 6.8
Xbox Live Save Service Elevation of Privilege Vulnerability
CVE-2022-33644 No No Less Likely Less Likely Important 7.0 6.1

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
0 comment(s)
ISC Stormcast For Tuesday, July 12th, 2022 https://isc.sans.edu/podcastdetail.html?id=8082

Comments


Diary Archives