1 min read

Microsoft’s July 2022 Security Patch Rollout Includes Fix for Zero-Day Flaw

Vlad CONSTANTINESCU

July 13, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Microsoft’s July 2022 Security Patch Rollout Includes Fix for Zero-Day Flaw

Microsoft’s monthly Patch Tuesday updates in July address 84 new security vulnerabilities for several product categories, including a zero-day flaw exploited in the wild.

Four of the vulnerabilities addressed by the rollout are flagged as Critical, while the remaining ones are only marked as Important.

One of the most critical flaws patched by Microsoft’s July Patch Tuesday is a Windows Client Server Runtime Subsystem (CRSS) Elevation of Privilege Vulnerability.

The flaw, tracked as CVE-2022-22047 and with a CVSS score of 7.8, can be exploited to gain SYSTEM permissions. It was reported by Microsoft’s Threat Intelligence Center (MSTIC) and Security Response Center (MSRC).

Successfully exploiting the vulnerability could give perpetrators a considerable range of malicious capabilities on compromised machines. Microsoft’s security advisory only includes basic specifics of the flaw but warns that attacks exploiting the flaw have been detected in the wild.

Aside from the above-mentioned shortcomings, the company also patched an additional couple of Chromium-centric Edge browser flaws. One of the vulnerabilities is a high-severity heap buffer overflow zero-day, tracked as CVE-2022-2294, that affects the browser’s WebRTC functionality.

As part of the same rollout, Microsoft addressed 32 Azure Site Recovery issues, two of which enabled remote code execution, while the remaining ones were related to privilege escalation.

Last but not least, July’s Patch Tuesday plugged two Windows Server Service (CVE-2022-30216) and Microsoft Defender for Endpoint (CVE-2022-33637) tampering vulnerabilities, as well as three denial-of-service (DoS) flaws.

To steer clear of attacks that leverage these vulnerabilities, users are advised to apply Microsoft’s security patches as soon as they become available. Updating to its latest security standards can be done using Windows’ Check for updates feature or downloading and applying the updates manually (for advanced users).

tags


Author


Vlad CONSTANTINESCU

Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like

Bookmarks


loader