July 14, 2022
Microsoft Patches 84 Vulnerabilities, one 0-Days & 4 RCEs
As part of July’s monthly security rollup updates, Microsoft has patched 1 actively exploited Zero-day and 4 remote code execution vulnerabilities.
Overall, Microsoft has patched 84 vulnerabilities across Windows, Windows Server, Office, Azure, AD, and other products.
The Zero-Day Vulnerability
- CVE-2022-22047 (CVSS 3.1: 7.8, High Severity) –Windows CSRSS Vulnerability (privilege escalation) – actively exploited vulnerability.
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Microsoft also patched up a number of RCE vulnerabilities in Windows Graphics (CVE-2022-30221), Remote Procedure Call Runtime (CVE-2022-22038), Windows Shell, and Windows Network File System (CVE-2022-22029 and CVE-2022-22039) (CVE-2022-30222).
For the full patched vulnerabilities list, including the 4 RCEs, visit Microsoft July 2022 Security Updates.
CYREBRO recommends to implement the latest available Microsoft security/monthly rollup updates in all relevant systems as soon as possible.
References: Microsoft Jul 2022 Security Updates.