Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Microsoft July 2022 Patch Tuesday Fixes Exploited Zero-day, 84 Flaws

Microsoft July 2022 Patch Tuesday Fixes Exploited Zero-day, 84 Flaws

Today is Microsoft’s July 2022 Patch Tuesday, and with it comes fixes for one actively exploited zero-day vulnerability and a total of 84 flaws.

Four of the 84 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution.

The number of bugs in each vulnerability category is listed below:

  • 52 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 12 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities

The above counts do not include two vulnerabilities previously fixed in Microsoft Edge.

Also Read: Social engineering attacks: 4 Ways businesses and individuals can protect themselves

For information about the non-security Windows updates, you can read about today’s Windows 10 KB5015807 and KB5015811 updates and the Windows 11 KB5015814 update.

Actively exploited zero-day fixed

This month’s Patch Tuesday fixes an actively exploited zero-day elevation of privileges vulnerability.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The actively exploited zero-day vulnerability fixed today is tracked as ‘CVE-2022-22047 – Windows CSRSS Elevation of Privilege Vulnerability.’

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” explains Microsoft in an advisory published today.

This vulnerability was discovered internally by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).

BleepingComputer has reached out to Microsoft to learn more about how this vulnerability was used in attacks.

Recent updates from other companies

Other vendors who released updates in July 2022 include:

The July 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the July 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Also Read: How can businesses protect their enterprise from Business Email Compromise (BEC) attacks?

TagCVE IDCVE TitleSeverity
AMD CPU BranchCVE-2022-23825AMD: CVE-2022-23825 AMD CPU Branch Type ConfusionImportant
AMD CPU BranchCVE-2022-23816AMD: CVE-2022-23816 AMD CPU Branch Type ConfusionImportant
Azure Site RecoveryCVE-2022-33665Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33666Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33663Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33664Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33667Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33672Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33673Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33671Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33668Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33661Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33662Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33657Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33656Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33658Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33660Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33659Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33655Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33651Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33650Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33652Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33654Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33653Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33669Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33643Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-30181Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33676Azure Site Recovery Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-33677Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33678Azure Site Recovery Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-33642Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33674Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33675Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-33641Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Storage LibraryCVE-2022-30187Azure Storage Library Information Disclosure VulnerabilityImportant
Microsoft Defender for EndpointCVE-2022-33637Microsoft Defender for Endpoint Tampering VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-2295Chromium: CVE-2022-2295 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-2294Chromium: CVE-2022-2294 Heap buffer overflow in WebRTCUnknown
Microsoft Graphics ComponentCVE-2022-22034Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-30213Windows GDI+ Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-30221Windows Graphics Component Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2022-33632Microsoft Office Security Feature Bypass VulnerabilityImportant
Open Source SoftwareCVE-2022-27776HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header dataImportant
Role: DNS ServerCVE-2022-30214Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Windows Fax ServiceCVE-2022-22024Windows Fax Service Remote Code Execution VulnerabilityImportant
Role: Windows Fax ServiceCVE-2022-22027Windows Fax Service Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-30223Windows Hyper-V Information Disclosure VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-22042Windows Hyper-V Information Disclosure VulnerabilityImportant
Skype for Business and Microsoft LyncCVE-2022-33633Skype for Business and Lync Remote Code Execution VulnerabilityImportant
Windows Active DirectoryCVE-2022-30215Active Directory Federation Services Elevation of Privilege VulnerabilityImportant
Windows Advanced Local Procedure CallCVE-2022-30202Windows Advanced Local Procedure Call Elevation of Privilege VulnerabilityImportant
Windows Advanced Local Procedure CallCVE-2022-30224Windows Advanced Local Procedure Call Elevation of Privilege VulnerabilityImportant
Windows Advanced Local Procedure CallCVE-2022-22037Windows Advanced Local Procedure Call Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2022-22711Windows BitLocker Information Disclosure VulnerabilityImportant
Windows BitLockerCVE-2022-22048BitLocker Security Feature Bypass VulnerabilityImportant
Windows Boot ManagerCVE-2022-30203Windows Boot Manager Security Feature Bypass VulnerabilityImportant
Windows Client/Server Runtime SubsystemCVE-2022-22026Windows CSRSS Elevation of Privilege VulnerabilityImportant
Windows Client/Server Runtime SubsystemCVE-2022-22049Windows CSRSS Elevation of Privilege VulnerabilityImportant
Windows Client/Server Runtime SubsystemCVE-2022-22047Windows CSRSS Elevation of Privilege VulnerabilityImportant
Windows Connected Devices Platform ServiceCVE-2022-30212Windows Connected Devices Platform Service Information Disclosure VulnerabilityImportant
Windows Credential GuardCVE-2022-22031Windows Credential Guard Domain-joined Public Key Elevation of Privilege VulnerabilityImportant
Windows Fast FAT DriverCVE-2022-22043Windows Fast FAT File System Driver Elevation of Privilege VulnerabilityImportant
Windows Fax and Scan ServiceCVE-2022-22050Windows Fax Service Elevation of Privilege VulnerabilityImportant
Windows Group PolicyCVE-2022-30205Windows Group Policy Elevation of Privilege VulnerabilityImportant
Windows IISCVE-2022-30209Windows IIS Server Elevation of Privilege VulnerabilityImportant
Windows IISCVE-2022-22025Windows Internet Information Services Cachuri Module Denial of Service VulnerabilityImportant
Windows IISCVE-2022-22040Internet Information Services Dynamic Compression Module Denial of Service VulnerabilityImportant
Windows KernelCVE-2022-21845Windows Kernel Information Disclosure VulnerabilityImportant
Windows MediaCVE-2022-22045Windows.Devices.Picker.dll Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2022-30225Windows Media Player Network Sharing Service Elevation of Privilege VulnerabilityImportant
Windows Network File SystemCVE-2022-22029Windows Network File System Remote Code Execution VulnerabilityCritical
Windows Network File SystemCVE-2022-22028Windows Network File System Information Disclosure VulnerabilityImportant
Windows Network File SystemCVE-2022-22039Windows Network File System Remote Code Execution VulnerabilityCritical
Windows Performance CountersCVE-2022-22036Performance Counters for Windows Elevation of Privilege VulnerabilityImportant
Windows Point-to-Point Tunneling ProtocolCVE-2022-30211Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityImportant
Windows Portable Device Enumerator ServiceCVE-2022-22023Windows Portable Device Enumerator Service Security Feature Bypass VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-30206Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-30226Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22022Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22041Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-22038Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Security Account ManagerCVE-2022-30208Windows Security Account Manager (SAM) Denial of Service VulnerabilityImportant
Windows Server ServiceCVE-2022-30216Windows Server Service Tampering VulnerabilityImportant
Windows ShellCVE-2022-30222Windows Shell Remote Code Execution VulnerabilityImportant
Windows StorageCVE-2022-30220Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
XBoxCVE-2022-33644Xbox Live Save Service Elevation of Privilege VulnerabilityImportant

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us