July 14, 2022

Microsoft Patches 84 Vulnerabilities, one 0-Days & 4 RCEs

As part of July’s monthly security rollup updates, Microsoft has patched 1 actively exploited Zero-day and 4 remote code execution vulnerabilities.

Overall, Microsoft has patched 84 vulnerabilities across Windows, Windows Server, Office, Azure, AD, and other products.

The Zero-Day Vulnerability

• CVE-2022-22047 (CVSS 3.1: 7.8, High Severity) –Windows CSRSS Vulnerability (privilege escalation) – actively exploited vulnerability.
  An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft also patched up a number of RCE vulnerabilities in Windows Graphics (CVE-2022-30221), Remote Procedure Call Runtime (CVE-2022-22038), Windows Shell, and Windows Network File System (CVE-2022-22029 and CVE-2022-22039) (CVE-2022-30222).

For the full patched vulnerabilities list, including the 4 RCEs, visit Microsoft July 2022 Security Updates.

Mitigation

CYREBRO recommends to implement the latest available Microsoft security/monthly rollup updates in all relevant systems as soon as possible.

References: Microsoft Jul 2022 Security Updates.