HomeTech NewsCybersecurityPatchday: Microsoft takes care of 84 security vulnerabilities

Patchday: Microsoft takes care of 84 security vulnerabilities

Published on

- Advertisement -

On the July patch day, Microsoft addresses 84 security vulnerabilities. One of them is already being actively abused. Many vulnerabilities affect Azure Site Recovery.

On the patch day in July, Microsoft will finish off 84 vulnerabilities in the company’s products. The biggest chunk of vulnerabilities can be found in Azure Site Recovery – Microsoft lists 32 vulnerabilities for this alone. One of the vulnerabilities is already being exploited by cybercriminals in attacks.

Actively exploited vulnerability

The vulnerability that has already been exploited in attacks can be used by burglars to extend the rights to SYSTEM. It can be found in the client-server runtime subsystem CSRSS. According to Microsoft’s security notification, all Windows versions from Windows 7 to Server 2022 are affected (CVE-2022-22047, CVSS 7.8risk “high“).

- Advertisement -

Of the 32 vulnerabilities in Azure Site Recovery, attackers could use 30 to escalate their privileges in the system. The other two vulnerabilities, on the other hand, allow malicious code to be injected and executed (CVE-2022-33676, CVE-2022-33678).

In addition, the updates provided fix security-related errors in the components Active Directory Federation Services, AMD processor support, Azure Storage Library, Bitlocker, HackerOne, IIS, Microsoft Defender for Endpoint, Microsoft Office, Performance Counter, RPC Runtime, Skype for Business, Windows Advanced Local Procedure Call, Windows Boot Manager, Windows Common Log File System Driver, Windows Connected Devices Platform Services, Windows Credential Guard, Windows DNS Server, Windows Fast FAT File System Driver, Windows Fax Service, Windows GDI+, Windows Graphics Component, Windows Group Policy, Windows Hyper- V, Windows Kernel, Windows Layer 2 Tunneling Protocol (L2TP), Windows Media Player Network Sharing, Windows Network File System, Windows Portable Device Enumerator, Windows Print Spooler, Windows Security Account Manager (SAM), Windows Server Service, Windows Shell and Xbox Live Save Service.

The complete list of vulnerabilities with linked detailed security bulletins can be found on Microsoft’s website. Since many of the vulnerabilities allow malicious code to be injected and privileges in the system to be escalated, IT managers should install the updates provided as soon as possible.

Hurry is also required because one of the loopholes is already being actively abused. With a bit of luck, Microsoft won’t need another emergency update in July to iron out errors in the updates – as happened in June.

- Advertisement -

Latest articles

Germany has a new role in Europe under Scholz. Here’s what it looks like one year on.

Olaf Scholz has certainly taken on Angela Merkel’s mantle of “crisis chancellor” if his...

Microsoft improves its search engine with a function for online purchases

Microsoft Bing is getting ahead of Christmas shopping with a new feature added to...

More like this