A zero-day vulnerability that has been exploited in the wild is among the 84 new security flaws addressed in Microsoft's monthly Patch Tuesday updates.
Four of the 84 flaws are rated Critical, while the other 80 are rated Important. Google has also fixed two other bugs in the Chromium-based Edge browser, one of which fixes another zero-day flaw that Google has publicly acknowledged as being used in real-world attacks.
An attacker could use CVE-2022-22047 (CVSS 7.8), a case of privilege escalation in Windows Client Server Runtime Subsystem (CSRSS), to gain SYSTEM permissions by exploiting this month's most critical security patch (CVSS 7.8).
Endpoint Detection and Security (EDS) tools can be disabled by attackers with this level of access, according to Immersive Labs director of cyber threat research Kev Breen, who spoke to The Hacker News. For example, they can use Mimikatz to recover even more admin and domain level accounts, allowing the threat to spread rapidly once they have SYSTEM access.
Other than Microsoft's "Exploitation Detected" assessment, very little is known about the attacks' nature or scope. The flaw was discovered by the company's Threat Intelligence Center (MSTIC) and Security Response Center (MSRC).
Google Project Zero researcher Sergei Glazunov discovered CVE-2022-22047 in the same component, along with two other elevations of privilege flaws (CVE-2022-22026 and CVE-2022-22049).
In an advisory for CVE-2022-22026, Microsoft stated that "a locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM."
"Due to the AppContainer's defensible security boundary, any process that can get around the barrier is considered a change in scope. After that, the attacker could run code or gain access to resources at a higher integrity level than what is provided by the AppContainer's execution environment."
Remote code execution bugs in the Windows Network File System (CVE-2022-22039), Windows Graphics (CVE-2022-22031), and Remote Procedure Call Runtime have also been fixed by Microsoft, as has the Windows Shell (CVE-2022-22038) (CVE-2022-30222).
In addition, the service's business continuity service, Azure Site Recovery, was patched for up to 32 bugs as part of the update. Only two of the flaws are related to remote code execution, while the other thirty are all about privilege escalation in nature.
One of the VM's associated with the configuration server must be compromised in order for an attacker to successfully exploit the flaws, which "do not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable."
After a brief respite in June 2022, Microsoft's July update also includes fixes for four privilege escalation vulnerabilities in the Windows Print Spooler module (CVE-2022-22022, CVE-2022-22041, and CVE-2022-22046), which underscores what appears to be a never-ending stream of flaws plaguing the technology.
There are three denial-of-service flaws (DoS) found in Internet Information Services (CVE-2022-22025 and CVE-2022-22040) and a security account manager flaw (CVE-2022-30216 and CVE-2022-33637) to round out the Patch Tuesday fixes (CVE-2022-30208).
Patches for Other Companies' Software
Since the beginning of the month, other vendors have released security updates to fix a number of vulnerabilities, including:
Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
Siemens, and
Post a Comment
Your suggestions and comments are welcome