Headline
Update now—July Patch Tuesday patches include fix for exploited zero-day
July’s Patch Tuesday gives us a lot of important security updates. Most prominently, a known to be exploited vulnerability in Windows CSRSS. The post Update now—July Patch Tuesday patches include fix for exploited zero-day appeared first on Malwarebytes Labs.
It’s time to triage a lot of patching again. Microsoft’s July Patch Tuesday includes an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS). This vulnerability immediately made it to the Cybersecurity & Infrastructure Security Agency (CISA) list of known to be exploited in the wild list that are due for patching by August 2, 2022.
Microsoft
In total the Microsoft updates include fixes for 84 vulnerabilities. Four of these vulnerabilities are labelled as “Critical” since they are remote code execution (RCE) vulnerabilities.
Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). These are the CVEs that ware assigned to the four Critical vulnerabilities:
CVE-2022-22029: Windows Network File System (NFS) RCE vulnerability. This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV3, but this may adversely affect your ecosystem and should only be used as a temporary mitigation.
CVE-2022-22039: Another Windows Network File System (NFS) RCE vulnerability. It’s possible to exploit this vulnerability over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger an RCE.
CVE-2022-22038: Remote Procedure Call Runtime RCE vulnerability. Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.
CVE-2022-30221: Windows Graphics Component RCE vulnerability. An attacker would have to convince a targeted user to connect to a malicious RDP server. On connecting, the malicious server could execute code on the victim’s system in the context of the targeted user.
Azure Site Recovery
A huge part of the patches consist of 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution. Azure Site Recovery is an integrated disaster recovery service for Azure that helps ensure business continuity by keeping business apps and workloads running during outages.
According to Microsoft, SQL injection vulnerabilities caused most of the privilege escalation bugs in Azure Site Recovery.
CVE-2022-22047
The vulnerability that is known to be exploited in the wild is an elevation of privilege (EoP) vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
This type of vulnerability usually comes into play once an attacker has gained an initial foothold. They can then use this vulnerability to gain more permissions and expand their access to the compromised system.
The vulnerability is described as a Windows CSRSS Elevation of Privilege vulnerability. CSRSS is the Windows component that provides the user mode side of the Win32 subsystem. CSRSS is critical for a system’s operation and is mainly responsible for Win32 console handling and GUI shutdown.
This type of vulnerability are often chained together with others in macros, which makes the decision to roll back Office Macro blocking incomprehensible, even if it is only temporary.
Other vendors
Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.
Adobe released security updates for Acrobat, Character Animator, Photoshop, Reader, and RoboHelp.
Cisco released critical updates for Cisco Expressway Series, Cisco TelePresence Video Communication Server, Cisco Email Security Appliance, Cisco Secure Email and Web Manager, Cisco Small Business RV110W, RV130, RV130W, and RV215W routers, and several other security updates.
Citrix released hotfixes to address a problem that may affect Citrix Hypervisor and Citrix XenServer under some circumstances.
Google released Android’s July security updates including 3 labelled as “Critical”.
SAP released its July 2022 Patch Day bulletin with 20 new Security Notes.
VMWare released security updates.
Stay safe, everyone!
Related news
The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.
Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws.
A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that's linked to the
Hello everyone! Microsoft has been acting weird lately. I mean the recent publication of a propaganda report about evil Russians and how Microsoft is involved in the conflict between countries. It wouldn’t be unusual for a US government agency, NSA or CIA to publish such a report. But when a global IT vendor, which, in […]
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I could spend time in this newsletter every week talking about fake news. There are always so many ridiculous memes, headlines, misleading stories, viral Facebook posts and manipulated media that I see come across my Instagram feed or via my wife when she shows me TikToks she favorited. One recent event, though, was so crushing to me that I had to call it out specifically. Former Japanese Prime Minister Shinzo Abe was assassinated earlier this month while making a campaign speech in public. This was a horrible tragedy marking the death of a powerful politician in one of the world’s most influential countries. It was the top story in the world for several days and was even more shocking given Japan’s strict gun laws and the relative infrequency of any global leaders being the target of violence. It took no time for the internet at large to take this tragedy and immediately try to spin it to the...
Feds urge U.S. agencies to patch a Microsoft July Patch Tuesday 2022 bug that is being exploited in the wild by August 2.
Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one
Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one
Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one
Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one
Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one
Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.
Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.
Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.
Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.
Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.
Remote Procedure Call Runtime Remote Code Execution Vulnerability.
Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22039.
Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22029.
Windows Graphics Component Remote Code Execution Vulnerability.
Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22049.
July's security update included fixes for one actively exploited flaw, more than 30 bugs in Azure Site Recovery, and four privilege escalation bugs in Windows Print Spooler.
By Jon Munshaw and Tiago Pereira. Microsoft released its monthly security update Tuesday, disclosing more than 80 vulnerabilities in the company’s various software, hardware and firmware offerings, including one that’s actively being exploited in the wild. July's security update... [[ This is only the beginning! Please visit the blog for the complete entry ]]
By Jon Munshaw and Tiago Pereira. Microsoft released its monthly security update Tuesday, disclosing more than 80 vulnerabilities in the company’s various software, hardware and firmware offerings, including one that’s actively being exploited in the wild. July's security update... [[ This is only the beginning! Please visit the blog for the complete entry ]]
By Jon Munshaw and Tiago Pereira. Microsoft released its monthly security update Tuesday, disclosing more than 80 vulnerabilities in the company’s various software, hardware and firmware offerings, including one that’s actively being exploited in the wild. July's security update... [[ This is only the beginning! Please visit the blog for the complete entry ]]
By Jon Munshaw and Tiago Pereira. Microsoft released its monthly security update Tuesday, disclosing more than 80 vulnerabilities in the company’s various software, hardware and firmware offerings, including one that’s actively being exploited in the wild. July's security update... [[ This is only the beginning! Please visit the blog for the complete entry ]]