Warning: Microsoft Patch Tuesday July 2022 patches 84 vulnerabilities (4 critical, 80 important)
4 vulnerabilities are rated as critical:
• Remote Code Execution (RCE): 4
80 vulnerabilities are rated as important:
• Elevation of Privileges (EoP): 52
• Information Disclosure: 11
• Remote Code Execution (RCE): 8
• Denial of Service (DoS): 5
• Security Feature Bypass: 4
• Tampering: 2
This month’s Patch Tuesday includes 4 critical and 80 important vulnerabilities for a wide range of Microsoft products, impacting Microsoft Server and Workstations. In addition Microsoft reports CVE-2022-22047 (Windows CSRSS Elevation of Privilege Vulnerability) is exploited in the wild.
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday”, and contain security fixes for Microsoft devices and software.
This month’s release covers 84 vulnerabilities. 4 vulnerabilities are marked as critical and 80 as important (see below for a quick selection of the most concerning ones). Some are more likely to be exploited in the near future and urgent patching is advised.
- CVE-2022-30221 is a critical RCE vulnerability affecting Windows Graphics Component. It received a CVSSv3.1 score of 8.8. An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user.
- CVE-2022-22038 is a critical RCE vulnerability affecting Remote Procedure Call Runtime. It received a CVSSv3.1 score of 8.1. Since successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data, attack complexity is considered high.
- CVE-2022-22029 is a critical RCE vulnerability affecting Windows Network File System. It received a CVSSv3.1 score of 8.1. This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV3. This may adversely affect your ecosystem and should only be used as a temporary mitigation.
- CVE-2022-22039 is a critical RCE vulnerability affecting Windows Network File System. It received a CVSSv3.1 score of 7.5. Since successful exploitation of this vulnerability requires an attacker to win a race condition, attack complexity is considered high.
- CVE-2022-22047 is an important EoP vulnerability affecting Windows Client/Server Runtime Subsystem (CSRSS). It received a CVSSv3.1 score of 7.8 and exploitation of this zero-day was detected in the wild. An authenticated attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
- CVE-2022-22022, CVE-2022-22041, CVE-2022-30206 and CVE-2022-30226 are all important EoP vulnerabilities in Windows Print Spooler components. These received CVSSv3.1 scores of 7.1, 6.8, 7.8 and 7.1 respectively. While CVE-2022-22022 and CVE-2022-30226 would allow an authenticated attacker to delete targeted files on a system, successful exploitation of CVE-2022-22041 or CVE-2022-30206 results in SYSTEM privileges.
- CVE-2022-30216 is an important tampering vulnerability affecting Windows Server Service. It received a CVSSv3.1 score of 8.8. For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service. Since this would allow code execution amongst others, Microsoft expects threat actors to exploit this vulnerability in the near future.
The CCB recommends installing updates for vulnerable devices with the highest priority, after thorough testing.