Microsoft has released security updates as part of the ‘Patch Tuesday’ project today. The security updates cater to various vulnerabilities reported during the course of the month. We look at the main vulnerabilities that need to be patched by system administrators. All these vulnerabilities discussed below have been shared on 12th of July as part of the ‘Patch Tuesday’ project of Microsoft.
Zero-day vulnerabilities in July Patch Tuesday Updates
There are two zero-day vulnerabilities that have been announced as part of the Patch Tuesday updates for the month of July 2022.
CVE-2022-22047 – Elevation of Privilege vulnerability
- This is a CVSS 7.8 vulnerability with zero-day ramifications on the infrastructure.
- It could lead to Windows CSRSS Elevation of Privilege Vulnerability. The attacker could gain SYSTEM privileges.
- The vulnerability has been already exploited.
- The vulnerability affects Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 20H2, Windows Server 2022, Windows 7, Windows 10, Windows 11, Windows 7 and Windows 8.1.
- The vulnerability has been fixed in the security updates released for each Windows version.
CVE-2021-42321 – Exchange Server Remote Code Execution
- CVE-2021-42321 is an older vulnerability that is being publicly exploited.
- It has a CVSS rating of 8.8 and can lead to ‘Remote Code Execution’ on the affected Exchange servers.
- You can read about the threat of the Microsoft Exchange blog on this page.
- The security update for Exchange server was released in November 2021. It would be prudent to patch the Exchange Servers to protect against CVE-2021-42321.
- The affected Exchange Servers are :
- Exchange Server 2016 Cumulative Update 21
- Exchange Server 2016 Cumulative Update 22
- Exchange Server 2019 Cumulative Update 10
- Exchange Server 2019 Cumulative Update 11
Apart from these zero-day vulnerabilities, there are a few vulnerabilities that carry a serious risk and have higher risk of being exploited. We list these below for a ready reference:
CVE-2022-30220 – Elevation of Privilege
- This is a CVSS 7.8 vulnerability that could cause ‘Elevation of Privilege’.
- The vulnerability lies in the Windows Common Log File System driver.
- The attacker could gain SYSTEM privileges after a successful exploit.
- The vulnerability affects Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 20H2, Windows Server 2022, Windows 7, Windows 10, Windows 11, Windows 7 and Windows 8.1.
- The vulnerability has been fixed in the security updates released for each Windows version.
CVE-2022-30216- Service Tampering Vulnerability
- This vulnerability affects Windows Server.
- It is a CVSS 8.8 vulnerability.
- For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service.
- The vulnerability affects Windows 10, Windows 11, Windows Server 20H2 and Windows Server 2022.
- The threat has been resolved in the security updates for the month of July.
CVE-2022-30215- Elevation of Privilege Vulnerability
- This is a CVSS 7.5 vulnerability. It affects the Active Directory Federation Services.
- The vulnerability could cause the attacker to assume domain administrator privileges.
- The attack complexity for this vulnerability is complex because the attacker would need to take additional actions before launching the attacks on the Windows Server.
- The threat affects Windows Server 2016, Windows Server 2019, Windows Server 20H2 and Windows Server 2022.
- The threat has been resolve in July month’s security updates for Windows Servers.
CVE-2022-30202 – Elevation of Privilege vulnerability
- This is a CVSS 7 vulnerability.
- CVE-2022-30202 affects Windows Advanced Local Procedure call and could lead to ‘Elevation of Privilege’ risks.
- The attack complexity is complex and the attacker could gain SYSTEM privileges on the target machine.
- The vulnerability affects Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 20H2, Windows Server 2022, Windows 7, Windows 10, Windows 11, Windows 7 and Windows 8.1.
- The threat has been resolved in July month’s security updates.
CVE-2022-22034 – Elevation of Privilege Vulnerability
- This is a CVSS 7.8 vulnerability.
- It affects the Windows Graphics Component and can cause the attacker to gain SYSTEM rights.
- The vulnerability affects Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 20H2, Windows Server 2022, Windows 7, Windows 10, Windows 11, Windows 7 and Windows 8.1.
- The threat has been resolved as part of the July security updates.
Summary of other vulnerabilities
Microsoft has given details of a total of 213 vulnerabilities as part of the July ‘Patch Tuesday’ updates. Out of these, there are vulnerabilities that have been shared for the Chromium based browsers, Skype, Microsoft Defender, Windows Servers, Windows desktop operating system and Azure cloud platform. However, there has been not a single vulnerability that has been publicly disclosed over the previous month.
The two zero-day vulnerabilities are the ones that need to be taken care of by the system administrators. These need to be patched on a priority basis and have been resolved as part of the security updates released on 12th of July 2022.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.