Patch Tuesday July 2022 – Microsoft Releases Fixes for 80+ Known Issues, Including a Zero-Day Vulnerability
Zero-Day Vulnerability Grants SYSTEM-Level Privileges
The second Tuesday of June comes with ‘goodies’ aplenty from Microsoft – 80+ fixes for issues ranging from denial of services to remote code execute, security features bypass, elevations of privilege, and of course, information disclosure. Microsoft has also addressed a zero-day vulnerability that could have allowed threat actors to remotely execute code on the victim’s machine with SYSTEM-type privileges; CVE-2022-22047, the issue in question, could have granted hackers the same attack surface as the infamous Windows Print Spooler bug.
Patch Tuesday July Roundup
Let’s start by talking about the elephant in the room – CVE-2022-22047. Discovered in early July, this vulnerability might have been exploited in order to gain SYSTEM-level (i.e., highest rights on a machine) privileges. Despite passing as a zero-day, Microsoft researchers stated the threat actor must have had access to the machine (i.e., establish foothold) in order to exploit it, a goal achievable by (probably) exploiting another software bug.
In a nutshell, if successfully exploited, this bug could have granted anyone free access to the machine and good head-start in terms of lateral movement. As far as infiltration’s concerned, macro’s the most likely suspect. No word so far on damages caused by CVE-2022-22047 or if it was exploited in the wild.
The CRSS Elevation of Privilege vulnerability was not the only item on Microsoft’s to-fix list. Here are some more fixes issued by the company.
CVE-2022-30216 – Windows Server Service Tampering Vulnerability
This vulnerability could have allowed a threat actor to pass fake security certificates to a server. The aforementioned action-on-target could have been performed only by an authenticated user. Microsoft reports that the issue has been resolved and that a patch is available.
CVE-2022-22029 – Windows Network File System Remote Code Execution (RCE) Vulnerability
An attacker can execute arbitrary code on the victim’s machine by leveraging a software bug in the Network File System. This can be achieved via a crafted package. The issue was fixed by Microsoft.
CVE-2022-22038 – Remote Procedure Call Runtime Remote Code Execution (RCE) Vulnerability
A defect in the PCR (Procedure Call Runtime) could have allowed a threat actor to execute evil code on a machine. Furthermore, CVE-2022-22038 did not require any form of authentication on the threat actor side nor user interaction. Microsoft issued a fix for CVE-2022-22038.
CVE-2022–33675 – DLL Hijacking
A threat actor might gain access to restricted system areas or obtain higher privileges by injecting a fake DLL. Tricked by the fake addition, the application will load the forged DLL. The issue has been labeled as fixed.
Here’s the full list of fixes for Patch Tuesday July.
| Release Date | CVE Number | CVE Title |
|---|---|---|
| Jul 12, 2022 | CVE-2022-33678 | Azure Site Recovery Remote Code Execution Vulnerability |
| Jul 12, 2022 | CVE-2022-33677 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33676 | Azure Site Recovery Remote Code Execution Vulnerability |
| Jul 12, 2022 | CVE-2022-33675 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33674 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33673 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33672 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33671 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33669 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33668 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33667 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33666 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33665 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33664 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33663 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33662 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33661 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33660 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33659 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33658 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33657 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33656 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33655 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33654 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33653 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33652 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33651 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33650 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33644 | Xbox Live Save Service Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33643 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33642 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33641 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-33637 | Microsoft Defender for Endpoint Tampering Vulnerability |
| Jul 12, 2022 | CVE-2022-33633 | Skype for Business and Lync Remote Code Execution Vulnerability |
| Jul 12, 2022 | CVE-2022-33632 | Microsoft Office Security Feature Bypass Vulnerability |
| Jul 12, 2022 | CVE-2022-30226 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-30225 | Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-30224 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-30223 | Windows Hyper-V Information Disclosure Vulnerability |
| Jul 12, 2022 | CVE-2022-30222 | Windows Shell Remote Code Execution Vulnerability |
| Jul 12, 2022 | CVE-2022-30221 | Windows Graphics Component Remote Code Execution Vulnerability |
| Jul 12, 2022 | CVE-2022-30220 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-30216 | Windows Server Service Tampering Vulnerability |
| Jul 12, 2022 | CVE-2022-30215 | Active Directory Federation Services Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-30214 | Windows DNS Server Remote Code Execution Vulnerability |
| Jul 12, 2022 | CVE-2022-30213 | Windows GDI+ Information Disclosure Vulnerability |
| Jul 12, 2022 | CVE-2022-30212 | Windows Connected Devices Platform Service Information Disclosure Vulnerability |
| Jul 12, 2022 | CVE-2022-30211 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability |
| Jul 12, 2022 | CVE-2022-30209 | Windows IIS Server Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-30208 | Windows Security Account Manager (SAM) Denial of Service Vulnerability |
| Jul 12, 2022 | CVE-2022-30206 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-30205 | Windows Group Policy Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-30203 | Windows Boot Manager Security Feature Bypass Vulnerability |
| Jul 12, 2022 | CVE-2022-30202 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-30187 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-30181 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-29149 | Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
| Jun 14, 2022 | CVE-2022-27776 | HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data |
| Jul 12, 2022 | CVE-2022-23825 | AMD: CVE-2022-23825 AMD CPU Branch Type Confusion |
| Jul 12, 2022 | CVE-2022-23816 | AMD: CVE-2022-23816 AMD CPU Branch Type Confusion |
| Jul 12, 2022 | CVE-2022-2295 | Chromium: CVE-2022-2295 Type Confusion in V8 |
| Jul 6, 2022 | CVE-2022-2294 | Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC |
| Jul 6, 2022 | CVE-2022-22711 | Windows BitLocker Information Disclosure Vulnerability |
| Jul 12, 2022 | CVE-2022-22050 | Windows Fax Service Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-22049 | Windows CSRSS Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-22048 | BitLocker Security Feature Bypass Vulnerability |
| Jul 12, 2022 | CVE-2022-22047 | Windows CSRSS Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-22045 | Windows.Devices.Picker.dll Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-22043 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-22042 | Windows Hyper-V Information Disclosure Vulnerability |
| Jul 12, 2022 | CVE-2022-22041 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-22040 | Internet Information Services Dynamic Compression Module Denial of Service Vulnerability |
| Jul 12, 2022 | CVE-2022-22039 | Windows Network File System Remote Code Execution Vulnerability |
| Jul 12, 2022 | CVE-2022-22038 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Jul 12, 2022 | CVE-2022-22037 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-22036 | Performance Counters for Windows Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-22034 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-22031 | Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-22029 | Windows Network File System Remote Code Execution Vulnerability |
| Jul 12, 2022 | CVE-2022-22028 | Windows Network File System Information Disclosure Vulnerability |
| Jul 12, 2022 | CVE-2022-22027 | Windows Fax Service Remote Code Execution Vulnerability |
| Jul 12, 2022 | CVE-2022-22026 | Windows CSRSS Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-22025 | Windows Fax Service Remote Code Execution Vulnerability |
| Jul 12, 2022 | CVE-2022-22023 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability |
| Jul 12, 2022 | CVE-2022-22022 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Jul 12, 2022 | CVE-2022-21845 | Windows Kernel Information Disclosure Vulnerability |
Additional Cybersecurity Advice
Well, that about wraps up the July edition of Patch Tuesday. Hope you’ve enjoyed it. Before I go, here are a couple of cybersecurity advice that will surely help you even the playing field.
- Automated patch deployment FTW! Manual patching can only get you so far. If you’re planning on staying ahead of hackers, automatic patching & patch management is the way to go. Heimdal™ Security’s Patch & Asset Management will ensure that all your apps are up to speed, regardless of Operating System or type of improvement-carrying package you’re going to deploy.
- Phishing. Please do yourself a favor any stay away from suspicious emails, especially the one that are urging you to update your PC – those are the worst.
- Security over quality updates. While scribbling your patch deployment battle plan, do make sure that you prioritize security-related updates or patches over quality updates.
Additional resources:
- Patch Tuesday, June 2022.
- CVE-2022-30190 Enables Remote Code Execution
- What Is an Attack Surface in Cybersecurity?
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.