Microsoft Issues Fixes for 84 Vulnerabilities: Heres What to Patch Now

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Issues Fixes for 84 Vulnerabilities: Heres What to Patch Now


Julys security update included fixes for one actively exploited flaw, more than 30 bugs in Azure Site Recovery, and four privilege escalation bugs in Windows Print Spooler.



Microsoft today released patches for 84 vulnerabilities across its product categories, including one bug now actively exploited and four that the company rated as critical severity.
The July security update also includes fixes for four elevation of privilege vulnerabilities in the companys perennially buggy Windows Print Spooler technology, and more than 30 bugs in its Azure Site Recovery disaster recovery service. At least 12 of the 84 flaws disclosed today enable remote code execution, 11 were information disclosure-related, and four enable bypass of security features. Most of the remaining flaws enabled elevation of privilege.
Security experts who reviewed
Microsofts latest update
said the vulnerability that requires immediate attention is an elevation of privilege vulnerability (
CVE-2022-22047
) in the Windows Client Server Run-Time Subsystem (CSRSS) that is currently being exploited. Microsoft itself assessed the vulnerability as Important, giving it a severity rating of 7.8 on a scale of 10. According to the company, the vulnerability — like every other bug in Julys update — has not been publicly disclosed. Even so, Microsoft described the bug as being actively exploited, but did not provide any further information.
The vulnerability allows an attacker to execute code as SYSTEM, provided they can execute other code on the target, an analysis on Trend Micro Zero Day Initiatives blog noted. Bugs of this type are typically paired with a code execution bug, usually a specially crafted Office or Adobe document, to take over a system. Attacks of this type often leverage macros, which is why Microsofts recent decision to
delay blocking all macros by default
— like it announced in February — is disheartening, the blog noted.
Chris Goettl, vice president of product management for security products at Ivanti, says organizations should not be lulled by Microsofts characterization of the flaw as important. The fact that attackers are actively exploiting the bug makes it a priority, he says. Organizations prioritizing using legacy rating methods could miss prioritizing the urgency of the OS update this month, he says.
Other bugs in Microsofts July update that security experts described as priorities: CVE-2022-30216, CVE-2022-22038, CVE-2022-30221, and CVE-2022-30222.
CVE-2022-30216
is a low-complexity tampering vulnerability in Windows Server Service that would allow an authenticated attacker to remotely upload a certificate to the Server service. Microsoft described the vulnerability as one that is more likely to be exploited because it requires no user interaction and low-level privileges. While this is listed at Tampering, an attacker who could install their own certificate on a target system could use this bug for various purposes, including code execution, Trend Micros ZDI said. Definitely test and deploy this patch quickly — especially to your critical servers.”
CVE-2022-22038
is a Remote Procedure Call Runtime remote code execution vulnerability that could allow an unauthenticated attack to execute malicious code on a vulnerable system. Microsoft identified the bug as being complex to exploit because it requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. Trend Micros ZDI assessed the bug as having properties that could potentially make it wormable. If the exploit complexity were low, which some would argue since the attempts could likely be scripted, the CVSS would be 9.8. Test and deploy this one quickly, the security vendor noted.
CVE-2022-30221
is a remote code execution vulnerability in the Windows Graphics Component. An attacker can exploit the vulnerability by convincing a user to connect to a malicious RDP server. An adversary who succeeds in doing that would be able to execute code in the context of the affected systems user, Microsoft said.
On the surface, this one looks nasty, Kevin Breen, director of cyber threat research at Immersive Labs, said in emailed comments to Dark Reading. Microsoft has marked the vulnerability as less likely to be exploited because an attacker would need to first run a malicious RDP server and then convince a victim to connect to it. This is not as far-fetched as it first sounds, as RDP shortcut files could be emailed to target victims, and these file types may not flag as malicious by email scanners and filters, Breen said.
CVE-2022-30222
is another remote code execution vulnerability — this time in the Windows Shell graphical user interface. The flaw allows an unauthenticated attacker to execute code on a vulnerable system by interacting with the login screen in a specific manner, Microsoft noted. Attacks targeting the flaw likely involve little complexity and no user interaction.
Whilst this is titled as a Remote Code Execution vulnerability, the description suggests that this is actually a Local Code Execution vulnerability, Breen said. It appears the flaw would allow an attacker to run arbitrary command from the login page as authentication is not required, he noted. Microsoft has suggested this is less likely to be exploited. But if you use RDP, definitely prioritize this patch, Breen said.
Microsofts July update also contains fixes for four flaws in Windows Print Spooler (
CVE-2022-22022
,
CVE-2022-22041
,
CVE-2022-30206
, and
CVE-2022-30226
). Flaws in Print Spooler have been a major problem for Windows users in recent years. One of the most notable recent flaws in the technology was PrintNightmare, a remote code execution bug
that affected all Windows versions
and prompted an advisory from the US government and others on the need for organizations to address it urgently.
We have seen a steady stream of vulnerability disclosures in the Print Spooler Service since the original PrintNightmare flaws were disclosed in June (CVE-2021-1675) and early July of 2021 (CVE-2021-34527), said Satnam Narang, senior staff research engineer at Tenable, in comments emailed to Dark Reading. The flaws that Microsoft has addressed in the technology are elevation of privilege flaws, which provide attackers the ability to gain system-level privileges on vulnerable systems, he said.
The risk with these four fixes is the potential to impact print functionality, Ivantis Goettl says.
Since PrintNightmare, there have been many Print Spooler fixes, and in more than one of those patch Tuesday events, the changes have resulted in operational impacts, he says. This makes administrators a little gun-shy and warrants some extra testing to ensure no negative issues occur in their organization.
Goettl says Microsoft resolved 33 vulnerabilities in Azure Site Recovery that could allow attackers to take a variety of actions including remote code execution, privilege escalation, and information-stealing. None of the vulnerabilities have been publicly disclosed or are currently being exploited, but the concern is in the number of vulnerabilities that were fixed, Goettl notes. They were identified by several independent researchers and anonymous parties, which means the knowledge of how to exploit these vulnerabilities is a bit more broadly distributed, he says.
And, resolution of these flaws is not simple: It requires signing into each process server as an administrator, then downloading and installing the latest version. Vulnerabilities like this are often easy to lose track of, as they are not managed by the typical patch management process, he notes.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Issues Fixes for 84 Vulnerabilities: Heres What to Patch Now