On the July patch day, Microsoft addresses 84 security vulnerabilities. One of them is already being actively abused. Many vulnerabilities affect Azure Site Recovery.
On the patch day in July, Microsoft will finish off 84 vulnerabilities in the company’s products. The biggest chunk of vulnerabilities can be found in Azure Site Recovery – Microsoft lists 32 vulnerabilities for this alone. One of the vulnerabilities is already being exploited by cybercriminals in attacks.
Actively exploited vulnerability
The vulnerability that has already been exploited in attacks can be used by burglars to extend the rights to SYSTEM. It can be found in the client-server runtime subsystem CSRSS. According to Microsoft’s security notification, all Windows versions from Windows 7 to Server 2022 are affected (CVE-2022-22047, CVSS 7.8risk “high“).
Of the 32 vulnerabilities in Azure Site Recovery, attackers could use 30 to escalate their privileges in the system. The other two vulnerabilities, on the other hand, allow malicious code to be injected and executed (CVE-2022-33676, CVE-2022-33678).
In addition, the updates provided fix security-related errors in the components Active Directory Federation Services, AMD processor support, Azure Storage Library, Bitlocker, HackerOne, IIS, Microsoft Defender for Endpoint, Microsoft Office, Performance Counter, RPC Runtime, Skype for Business, Windows Advanced Local Procedure Call, Windows Boot Manager, Windows Common Log File System Driver, Windows Connected Devices Platform Services, Windows Credential Guard, Windows DNS Server, Windows Fast FAT File System Driver, Windows Fax Service, Windows GDI+, Windows Graphics Component, Windows Group Policy, Windows Hyper- V, Windows Kernel, Windows Layer 2 Tunneling Protocol (L2TP), Windows Media Player Network Sharing, Windows Network File System, Windows Portable Device Enumerator, Windows Print Spooler, Windows Security Account Manager (SAM), Windows Server Service, Windows Shell and Xbox Live Save Service.
The complete list of vulnerabilities with linked detailed security bulletins can be found on Microsoft’s website. Since many of the vulnerabilities allow malicious code to be injected and privileges in the system to be escalated, IT managers should install the updates provided as soon as possible.
Hurry is also required because one of the loopholes is already being actively abused. With a bit of luck, Microsoft won’t need another emergency update in July to iron out errors in the updates – as happened in June.