Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Microsoft Patch Tuesday July 2022 patches 84 vulnerabilities (4 critical, 80 important)
Image
Gepubliceerd : 13/07/2022
Reference:
Advisory #2022-019
Version:
1.0
Affected software:
AMD CPU Branch
Azure Site Recovery
Azure Storage Library
For more exhaustive information consult the release notes on: https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul
Microsoft Defender for Endpoint
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Office
Open Source Software
Role: DNS Server
Role: Windows Fax Service
Role: Windows Hyper-V
Skype for Business and Microsoft Lync
Windows Active Directory
Windows Advanced Local Procedure Call
Windows BitLocker
Windows Boot Manager
Windows Client/Server Runtime Subsystem
Windows Connected Devices Platform Service
Windows Credential Guard
Windows Fast FAT Driver
Windows Fax and Scan Service
Windows Group Policy
Windows IIS
Windows Kernel
Windows Media
Windows Network File System
Windows Performance Counters
Windows Point-to-Point Tunneling Protocol
Windows Portable Device Enumerator Service
Windows Print Spooler Components
Windows Remote Procedure Call Runtime
Windows Security Account Manager
Windows Server Service
Windows Shell
Windows Storage
Xbox
Type:
Several types, ranging from tampering to privilege escalation and remote code execution.
CVE/CVSS:
4 vulnerabilities are rated as critical:
• Remote Code Execution (RCE): 4
80 vulnerabilities are rated as important:
• Elevation of Privileges (EoP): 52
• Information Disclosure: 11
• Remote Code Execution (RCE): 8
• Denial of Service (DoS): 5
• Security Feature Bypass: 4
• Tampering: 2
Sources
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul
Risks
This month’s Patch Tuesday includes 4 critical and 80 important vulnerabilities for a wide range of Microsoft products, impacting Microsoft Server and Workstations. In addition Microsoft reports CVE-2022-22047 (Windows CSRSS Elevation of Privilege Vulnerability) is exploited in the wild.
Description
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday”, and contain security fixes for Microsoft devices and software.
This month’s release covers 84 vulnerabilities. 4 vulnerabilities are marked as critical and 80 as important (see below for a quick selection of the most concerning ones). Some are more likely to be exploited in the near future and urgent patching is advised.
- CVE-2022-30221 is a critical RCE vulnerability affecting Windows Graphics Component. It received a CVSSv3.1 score of 8.8. An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user.
- CVE-2022-22038 is a critical RCE vulnerability affecting Remote Procedure Call Runtime. It received a CVSSv3.1 score of 8.1. Since successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data, attack complexity is considered high.
- CVE-2022-22029 is a critical RCE vulnerability affecting Windows Network File System. It received a CVSSv3.1 score of 8.1. This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV3. This may adversely affect your ecosystem and should only be used as a temporary mitigation.
- CVE-2022-22039 is a critical RCE vulnerability affecting Windows Network File System. It received a CVSSv3.1 score of 7.5. Since successful exploitation of this vulnerability requires an attacker to win a race condition, attack complexity is considered high.
- CVE-2022-22047 is an important EoP vulnerability affecting Windows Client/Server Runtime Subsystem (CSRSS). It received a CVSSv3.1 score of 7.8 and exploitation of this zero-day was detected in the wild. An authenticated attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
- CVE-2022-22022, CVE-2022-22041, CVE-2022-30206 and CVE-2022-30226 are all important EoP vulnerabilities in Windows Print Spooler components. These received CVSSv3.1 scores of 7.1, 6.8, 7.8 and 7.1 respectively. While CVE-2022-22022 and CVE-2022-30226 would allow an authenticated attacker to delete targeted files on a system, successful exploitation of CVE-2022-22041 or CVE-2022-30206 results in SYSTEM privileges.
- CVE-2022-30216 is an important tampering vulnerability affecting Windows Server Service. It received a CVSSv3.1 score of 8.8. For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service. Since this would allow code execution amongst others, Microsoft expects threat actors to exploit this vulnerability in the near future.
Recommended Actions
The CCB recommends installing updates for vulnerable devices with the highest priority, after thorough testing.