Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Microsoft July 2022 Patch Tuesday Fixes Exploited Zero-day, 84 Flaws

Microsoft July 2022 Patch Tuesday Fixes Exploited Zero-day, 84 Flaws

Today is Microsoft’s July 2022 Patch Tuesday, and with it comes fixes for one actively exploited zero-day vulnerability and a total of 84 flaws.

Four of the 84 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution.

The number of bugs in each vulnerability category is listed below:

  • 52 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 12 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities

The above counts do not include two vulnerabilities previously fixed in Microsoft Edge.

Also Read: Social engineering attacks: 4 Ways businesses and individuals can protect themselves

For information about the non-security Windows updates, you can read about today’s Windows 10 KB5015807 and KB5015811 updates and the Windows 11 KB5015814 update.

Actively exploited zero-day fixed

This month’s Patch Tuesday fixes an actively exploited zero-day elevation of privileges vulnerability.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The actively exploited zero-day vulnerability fixed today is tracked as ‘CVE-2022-22047 – Windows CSRSS Elevation of Privilege Vulnerability.’

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” explains Microsoft in an advisory published today.

This vulnerability was discovered internally by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).

BleepingComputer has reached out to Microsoft to learn more about how this vulnerability was used in attacks.

Recent updates from other companies

Other vendors who released updates in July 2022 include:

The July 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the July 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Also Read: How can businesses protect their enterprise from Business Email Compromise (BEC) attacks?

TagCVE IDCVE TitleSeverity
AMD CPU BranchCVE-2022-23825AMD: CVE-2022-23825 AMD CPU Branch Type ConfusionImportant
AMD CPU BranchCVE-2022-23816AMD: CVE-2022-23816 AMD CPU Branch Type ConfusionImportant
Azure Site RecoveryCVE-2022-33665Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33666Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33663Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33664Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33667Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33672Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33673Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33671Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33668Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33661Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33662Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33657Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33656Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33658Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33660Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33659Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33655Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33651Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33650Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33652Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33654Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33653Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33669Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33643Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-30181Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33676Azure Site Recovery Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-33677Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33678Azure Site Recovery Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-33642Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33674Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33675Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33641Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Storage LibraryCVE-2022-30187Azure Storage Library Information Disclosure VulnerabilityImportant
Microsoft Defender for EndpointCVE-2022-33637Microsoft Defender for Endpoint Tampering VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-2295Chromium: CVE-2022-2295 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-2294Chromium: CVE-2022-2294 Heap buffer overflow in WebRTCUnknown
Microsoft Graphics ComponentCVE-2022-22034Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-30213Windows GDI+ Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-30221Windows Graphics Component Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2022-33632Microsoft Office Security Feature Bypass VulnerabilityImportant
Open Source SoftwareCVE-2022-27776HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header dataImportant
Role: DNS ServerCVE-2022-30214Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Windows Fax ServiceCVE-2022-22024Windows Fax Service Remote Code Execution VulnerabilityImportant
Role: Windows Fax ServiceCVE-2022-22027Windows Fax Service Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-30223Windows Hyper-V Information Disclosure VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-22042Windows Hyper-V Information Disclosure VulnerabilityImportant
Skype for Business and Microsoft LyncCVE-2022-33633Skype for Business and Lync Remote Code Execution VulnerabilityImportant
Windows Active DirectoryCVE-2022-30215Active Directory Federation Services Elevation of Privilege VulnerabilityImportant
Windows Advanced Local Procedure CallCVE-2022-30202Windows Advanced Local Procedure Call Elevation of Privilege VulnerabilityImportant
Windows Advanced Local Procedure CallCVE-2022-30224Windows Advanced Local Procedure Call Elevation of Privilege VulnerabilityImportant
Windows Advanced Local Procedure CallCVE-2022-22037Windows Advanced Local Procedure Call Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2022-22711Windows BitLocker Information Disclosure VulnerabilityImportant
Windows BitLockerCVE-2022-22048BitLocker Security Feature Bypass VulnerabilityImportant
Windows Boot ManagerCVE-2022-30203Windows Boot Manager Security Feature Bypass VulnerabilityImportant
Windows Client/Server Runtime SubsystemCVE-2022-22026Windows CSRSS Elevation of Privilege VulnerabilityImportant
Windows Client/Server Runtime SubsystemCVE-2022-22049Windows CSRSS Elevation of Privilege VulnerabilityImportant
Windows Client/Server Runtime SubsystemCVE-2022-22047Windows CSRSS Elevation of Privilege VulnerabilityImportant
Windows Connected Devices Platform ServiceCVE-2022-30212Windows Connected Devices Platform Service Information Disclosure VulnerabilityImportant
Windows Credential GuardCVE-2022-22031Windows Credential Guard Domain-joined Public Key Elevation of Privilege VulnerabilityImportant
Windows Fast FAT DriverCVE-2022-22043Windows Fast FAT File System Driver Elevation of Privilege VulnerabilityImportant
Windows Fax and Scan ServiceCVE-2022-22050Windows Fax Service Elevation of Privilege VulnerabilityImportant
Windows Group PolicyCVE-2022-30205Windows Group Policy Elevation of Privilege VulnerabilityImportant
Windows IISCVE-2022-30209Windows IIS Server Elevation of Privilege VulnerabilityImportant
Windows IISCVE-2022-22025Windows Internet Information Services Cachuri Module Denial of Service VulnerabilityImportant
Windows IISCVE-2022-22040Internet Information Services Dynamic Compression Module Denial of Service VulnerabilityImportant
Windows KernelCVE-2022-21845Windows Kernel Information Disclosure VulnerabilityImportant
Windows MediaCVE-2022-22045Windows.Devices.Picker.dll Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2022-30225Windows Media Player Network Sharing Service Elevation of Privilege VulnerabilityImportant
Windows Network File SystemCVE-2022-22029Windows Network File System Remote Code Execution VulnerabilityCritical
Windows Network File SystemCVE-2022-22028Windows Network File System Information Disclosure VulnerabilityImportant
Windows Network File SystemCVE-2022-22039Windows Network File System Remote Code Execution VulnerabilityCritical
Windows Performance CountersCVE-2022-22036Performance Counters for Windows Elevation of Privilege VulnerabilityImportant
Windows Point-to-Point Tunneling ProtocolCVE-2022-30211Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityImportant
Windows Portable Device Enumerator ServiceCVE-2022-22023Windows Portable Device Enumerator Service Security Feature Bypass VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-30206Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-30226Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22022Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22041Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-22038Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Security Account ManagerCVE-2022-30208Windows Security Account Manager (SAM) Denial of Service VulnerabilityImportant
Windows Server ServiceCVE-2022-30216Windows Server Service Tampering VulnerabilityImportant
Windows ShellCVE-2022-30222Windows Shell Remote Code Execution VulnerabilityImportant
Windows StorageCVE-2022-30220Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
XBoxCVE-2022-33644Xbox Live Save Service Elevation of Privilege VulnerabilityImportant

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us