• WatchTower365

Security Advisory - July Patch Tuesday patches include fix for exploited zero-day

It's time to prioritise all of the patching once more. An actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem is included in Microsoft's July Patch Tuesday (CSRSS). This vulnerability was added right away to the list of issues that must be patched by August 2, 2022 by the Cybersecurity & Infrastructure Security Agency (CISA).



Microsoft

The Microsoft upgrades cover 84 vulnerabilities in total. Since four of these flaws allow for remote code execution (RCE), they are classified as "Critical" flaws.


The Common Vulnerabilities and Exposures (CVE) database contains a collection of publicly known vulnerabilities in computer security. Its objective is to facilitate data sharing among various vulnerability capabilities (tools, databases, and services). The four Critical vulnerabilities have the following CVEs assigned to them:


CVE-2022-22029: Windows Network File System (NFS) RCE vulnerability. You can minimise an attack by deactivating NFSV3 before to updating your version of Windows that defends against this vulnerability, however this may negatively impact your ecosystem and should only be used as a temporary solution.


CVE-2022-22039: Another Windows Network File System (NFS) RCE vulnerability. By sending an unauthenticated, carefully constructed call to a Network File System (NFS) service, it is feasible to exploit this vulnerability via the network and cause an RCE.


CVE-2022-22038: Remote Procedure Call Runtime RCE vulnerability. In order to successfully exploit this issue, an attacker must put time into several data-sending efforts that are either continuous or intermittent.


CVE-2022-30221: Windows Graphics Component RCE vulnerability. To connect to a rogue RDP server, an attacker would need to persuade a targeted victim to do so. When a connection was made, the malicious server might run malware in the context of the targeted user on the victim's machine.


Azure Site Recovery

32 vulnerabilities in the Azure Site Recovery suite that might have given attackers access to elevated privileges or remote code execution make up a significant portion of the updates. By keeping business apps and workloads operating during outages, Azure Site Recovery is an integrated disaster recovery service for Azure that helps assure business continuity.


Microsoft claims that the majority of the privilege escalation problems in Azure Site Recovery were triggered by SQL injection vulnerabilities.


CVE-2022-22047

A vulnerability known as an elevation of privilege (EoP) vulnerability has been used in the wild. By effectively utilising this vulnerability, a hacker might take control of the SYSTEM.


Once an attacker has gotten a footing, this kind of vulnerability frequently comes into play. They can then increase their access to the hacked system and get more rights by utilising this vulnerability.


A Windows CSRSS Elevation of Privilege vulnerability is what the flaw is called. The Win32 subsystem's user mode side is provided by the CSRSS Windows component. The Win32 console handling and GUI shutdown functions are mostly handled by CSRSS, which is essential for a system's functionality.


The choice to temporarily restore Office Macro blocking is puzzling, particularly since this kind of vulnerability is frequently linked to others in macros.


Other Vendors

Microsoft and other suppliers have coordinated their recurring upgrades. Here are a handful of the most significant ones you could encounter.


For Acrobat, Character Animator, Photoshop, Reader, and RoboHelp, Adobe announced security patches.


The Cisco Expressway Series, Cisco TelePresence Video Communication Server, Cisco Email Security Appliance, Cisco Secure Email and Web Manager, Cisco Small Business RV110W, RV130W, and RV215W routers, as well as a number of additional security improvements, have all received crucial updates from Cisco.


Citrix provided hotfixes to remedy an issue that, in some cases, might impact Citrix XenServer and Citrix Hypervisor.


Google released Android’s July security updates including 3 labelled as “Critical”.


SAP released its July 2022 Patch Day bulletin with 20 new Security Notes.


VMWare released security updates.


Source: https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-july-patch-tuesday-patches-include-fix-for-exploited-zero-day/