The Redmond big has rolled out its month-to-month scheduled updates for customers, addressing a number of vulnerabilities. Particularly, Microsoft mounted 84 completely different safety bugs with July Patch Tuesday, together with an actively exploited zero-day.
Whereas the updates would attain customers robotically, it’s nonetheless sensible to manually test for updates and patch your methods on the earliest to keep away from exploit.
Vital Zero-Day Beneath Assault Receives A Repair
A noteworthy bug repair from Microsoft with the July Patch Tuesday bundle consists of the one for CVE-2022-22047. Microsoft described it as an important-severity vulnerability that attained a CVSS rating of seven.8. In keeping with its advisory, this elevation of privilege bug in Home windows CSRSS went underneath assault earlier than receiving a repair. Concerning the affect of this vulnerability, the advisory reads,
An attacker who efficiently exploited this vulnerability may achieve SYSTEM privileges.
Regardless of confirming to have detected energetic exploitation of the flaw, Microsoft hasn’t shared any particulars but relating to how the bug facilitated the attackers, the extent of the assaults, geographical area, and so on.
Different Microsoft Patch Tuesday Updates
Alongside the intense zero-day bug, Microsoft has additionally mounted 4 important severity distant code execution vulnerabilities. These bugs embrace,
- CVE-2022-22038 (CVSS 8.1): affecting the Distant Process Name Runtime
- CVE-2022-30221 (CVSS 8.8): current within the Home windows Graphics Element
- CVE-2022-22029 (CVSS 8.1): current within the Home windows Community File System
- CVE-2022-22039 (CVSS 7.5): additionally affecting the Home windows Community File System
As well as, this replace bundle addresses 79 completely different necessary severity vulnerabilities affecting numerous elements. From these, a noteworthy point out consists of CVE-2022-30216. Microsoft described it as a “tampering” vulnerability within the Home windows Server Service. Curiously, this important-severity bug acquired a excessive CVSS rating (8.8), hinting on the seriousness of the exploit.
Particularly, exploiting this bug merely required an adversary to add a maliciously crafted certificates to the goal Server service. This bug first caught the eye of safety researcher Ben Barnea from Akamai Applied sciences, who then reported it to Microsoft. Whereas the tech big has confirmed no energetic exploitation or public disclosure of the vulnerability earlier than the repair, it does label its exploitation “extra seemingly”.
Alongside all bug fixes, Microsoft has additionally launched updates for the recently-patched Chromium vulnerability (CVE-2022-2294) to facilitate customers. Since all updates are out, Microsoft customers should rush to replace their methods on the earliest to stop any mishaps.