United states

Microsoft Releases Patch for Zero-Day Vulnerability in July 2022 Security Patch Release

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security vulnerabilities spanning multiple product categories, including a zero-day vulnerability that is under active attack in the wild.

Of the 84 flaws, four are rated Critical and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one of which involves another zero-day flaw that Google has revealed as being actively used in real-world attacks.

At the top of this month’s list of updates is CVE-2022-22047 (CVSS score: 7.8), a privilege escalation case in the Windows Client Server Runtime Subsystem (CSRSS) that could be abused by an attacker to granted SYSTEM permissions.

“With this level of access, attackers are able to disable local services such as endpoint detection and security tools,” Kev Breen, director of cyber threat research at Immersive Labs, told The Hacker News. “With SYSTEM access, they can also deploy tools like Mimikatz, which can be used to recover even more admin and domain-level accounts, quickly spreading the threat.”

Very little is known about the nature and scale of the attacks, other than an “Exploit Discovered” rating from Microsoft. The company’s Threat Intelligence Center (MSTIC) and Security Response Center (MSRC) are credited for reporting the breach.

In addition to CVE-2022-22047, two other elevation of privilege vulnerabilities were fixed in the same component — CVE-2022-22026 (CVSS score: 8.8) and CVE-2022-22049 (CVSS score: 7.8) — which were reported by Google Project Zero researcher Sergey Glazunov.

“A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate his AppContainer privileges to SYSTEM,” Microsoft said in an advisory for CVE-2022-22026.

“Since the AppContainer environment is considered a secure security boundary, any process that is able to bypass the boundary is considered a change in scope. An attacker can then execute code or access resources at a higher integrity level than that of the AppContainer runtime. “

Also fixed by Microsoft are a number of remote code execution bugs in Windows Network File System (CVE-2022-22029 and CVE-2022-22039), Windows Graphics (CVE-2022-30221), Remote Procedure Call Runtime (CVE-2022 – 22038) and Windows Shell (CVE-2022-30222).

The update further stands out by fixing as many as 32 issues in the Azure Site Recovery business continuity service. Two of these flaws are related to remote code execution, and the remaining 30 relate to privilege escalation.

“Successful operation […] requires an attacker to compromise administrator credentials on one of the virtual machines connected to the configuration server,” the company said, adding that the flaws do not “allow the disclosure of any confidential information, but may allow an attacker to modify data, which could cause the service to be unavailable.”

In addition, Microsoft’s July update also contains fixes for four elevation of privilege vulnerabilities in the Windows Print Spooler module (CVE-2022-22022, CVE-2022-22041, CVE-2022-30206, and CVE-2022-30226) after a short hiatus in June 2022, highlighting what seems like an endless stream of flaws plaguing the technology.

Rounding out Tuesday’s patch updates are two notable fixes for tampering vulnerabilities in Windows Server Service (CVE-2022-30216) and Microsoft Defender for Endpoint (CVE-2022-33637) and three denial-of-service (DoS) flaws in Internet Information Services (CVE-2022-22025 and CVE-2022-22040) and Security Account Manager (CVE-2022-30208).

Software fixes from other vendors

In addition to Microsoft, security updates from other vendors have also been released since the beginning of the month to fix several vulnerabilities including –