Issued: Tuesday, 19 July, 2022 |
Last Revision: Tuesday, 19 July, 2022 |
Vendor: |
Product: |
Severity Level: |
Microsoft has released patches for 84 CVEs in its July 2022 Patch Tuesday with four rated as critical, 79 rated as important and one rated as unknown.
According to Microsoft CVE-2022-22047, an elevation of privilege vulnerability is been actively exploited by the attackers. Microsoft describe this as Windows Client Server Run-Time Subsystem (CSRSS) elevation of privilege. The flaw was assigned a CVSSv3 score of 7.8.
Please refer to “REFERENCES” to explore more about vulnerabilities included in “Table 1: Vulnerability details”.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-22022 | Windows Print Spooler Elevation of Privilege | 7.1 |
CVE-2022-22041 | Windows Print Spooler Elevation of Privilege | 6.8 |
CVE-2022-30206 | Windows Print Spooler Elevation of Privilege | 7.8 |
CVE-2022-30226 | Windows Print Spooler Elevation of Privilege | 7.1 |
CVE-2022-30215 | Active Directory Federation Services Elevation of Privilege Vulnerability | 7.5 |
CVE-2022-22029 | Windows Network File System Remote Code Execution Vulnerability | 8.1 |
CVE-2022-22039 | Windows Network File System Remote Code Execution Vulnerability | 7.5 |
CVE-2022-22047 | Windows CSRSS Elevation of Privilege Vulnerability | 7.8 |
Table 1: Vulnerability details
Security Update Types | Affected Product(s) |
Security Updates | AMD CPU Branch Azure Site Recovery Azure Storage Library Microsoft Defender for Endpoint Microsoft Edge (Chromium-based) Microsoft Graphics Component Microsoft Office Open Source Software Role: DNS Server Role: Windows Fax Service Role: Windows Hyper-V Skype for Business and Microsoft Lync Windows Active Directory Windows Advanced Local Procedure Call Windows BitLocker Windows Boot Manager Windows Client/Server Runtime Subsystem Windows Connected Devices Platform Service Windows Credential Guard Windows Fast FAT Driver Windows Fax and Scan Service Windows Group Policy Windows IIS Windows Kernel Windows Media Windows Network File System Windows Performance Counters Windows Point-to-Point Tunneling Protocol Windows Portable Device Enumerator Service Windows Print Spooler Components Windows Remote Procedure Call Runtime Windows Security Account Manager Windows Server Service Windows Shell Windows Storage |
Table 2: Vulnerable versions
Microsoft has released patches to address these vulnerabilities, organizations are encouraged to apply patches as soon as possible.