Microsoft’s July 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-22047)

Read Time:7 Minute, 55 Second

Microsoft’s July 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-22047)

Microsoft addresses 84 CVEs in its July 2022 Patch Tuesday release, including four critical flaws and one zero day that has been exploited in the wild.

4Critical
79Important
0Moderate
0Low

Microsoft patched 84 CVEs in its July 2022 Patch Tuesday release, with four rated as critical, 79 rated as important and one rated as unknown..

This month’s update includes patches for:

AMD CPU Branch
Azure Site Recovery
Azure Storage Library
Microsoft Defender for Endpoint
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Office
Open Source Software
Role: DNS Server
Role: Windows Fax Service
Role: Windows Hyper-V
Skype for Business and Microsoft Lync
Windows Active Directory
Windows Advanced Local Procedure Call
Windows BitLocker
Windows Boot Manager
Windows Client/Server Runtime Subsystem
Windows Connected Devices Platform Service
Windows Credential Guard
Windows Fast FAT Driver
Windows Fax and Scan Service
Windows Group Policy
Windows IIS
Windows Kernel
Windows Media
Windows Network File System
Windows Performance Counters
Windows Point-to-Point Tunneling Protocol
Windows Portable Device Enumerator Service
Windows Print Spooler Components
Windows Remote Procedure Call Runtime
Windows Security Account Manager
Windows Server Service
Windows Shell
Windows Storage
XBox

During most Patch Tuesday releases, Microsoft assigns a single impact for each CVE listed. However, in this month’s Patch Tuesday release, Microsoft assigned an additional impact for two CVEs, CVE-2022-22043 and CVE-2022-30225. As a result, we’ve counted these CVEs twice in the Count by Impact chart.

Elevation of privilege (EoP) vulnerabilities accounted for 59.3% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 14%.

Important

CVE-2022-33675 | Azure Site Recovery Elevation of Privilege Vulnerability

CVE-2022-33675 is a EoP vulnerability in Azure Site Recovery, a suite of tools aimed at providing disaster recovery services. The vulnerability was discovered and reported to Microsoft by Tenable researcher Jimi Sebree. It exists due to a directory permission error which can allow an attacker to use DLL hijacking to elevate their privileges to SYSTEM. You can read more about the discovery of the vulnerability on the Tenable Techblog and view our public advisory here.

Microsoft also patched several other vulnerabilities affecting Azure Site Recovery:

CVE
Description
CVSSv3

CVE-2022-33671
Azure Site Recovery Elevation of Privilege Vulnerability
4.9

CVE-2022-33669
Azure Site Recovery Elevation of Privilege Vulnerability
4.9

CVE-2022-33668
Azure Site Recovery Elevation of Privilege Vulnerability
4.9

CVE-2022-33657
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33666
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33665
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33664
Azure Site Recovery Elevation of Privilege Vulnerability
4.9

CVE-2022-33663
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33662
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33660
Azure Site Recovery Elevation of Privilege Vulnerability
4.9

CVE-2022-33672
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33659
Azure Site Recovery Elevation of Privilege Vulnerability
4.9

CVE-2022-33650
Azure Site Recovery Elevation of Privilege Vulnerability
4.9

CVE-2022-33651
Azure Site Recovery Elevation of Privilege Vulnerability
4.9

CVE-2022-33652
Azure Site Recovery Elevation of Privilege Vulnerability
4.4

CVE-2022-33653
Azure Site Recovery Elevation of Privilege Vulnerability
4.9

CVE-2022-33654
Azure Site Recovery Elevation of Privilege Vulnerability
4.9

CVE-2022-33655
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33656
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33661
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33667
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33658
Azure Site Recovery Elevation of Privilege Vulnerability
4.4

CVE-2022-33641
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33673
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33674
Azure Site Recovery Elevation of Privilege Vulnerability
8.3

CVE-2022-30181
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33678
Azure Site Recovery Remote Code Execution Vulnerability
7.2

CVE-2022-33677
Azure Site Recovery Elevation of Privilege Vulnerability
7.2

CVE-2022-33676
Azure Site Recovery Remote Code Execution Vulnerability
7.2

CVE-2022-33643
Azure Site Recovery Elevation of Privilege Vulnerability
6.5

CVE-2022-33642
Azure Site Recovery Elevation of Privilege Vulnerability
4.9

Important

CVE-2022-22047 | Windows CSRSS Elevation of Privilege

CVE-2022-22047 is an EoP vulnerability in the Windows Client Server Run-Time Subsystem. It received a CVSSv3 score of 7.8 and is rated as Important. Microsoft says this vulnerability has been exploited in the wild, though no further details have been shared at the time of publication. However, this type of vulnerability is likely to have been used as part of post-compromise activity, once an attacker has gained access to their targeted system and run a specially crafted application.

This vulnerability is credited to the Microsoft Threat Intelligence Center and Microsoft Security Response Center.

Important

CVE-2022-22022, CVE-2022-22041, CVE-2022-30206, CVE-2022-30226 | Windows Print Spooler Elevation of Privilege Vulnerabilities

CVE-2022-22022, CVE-2022-22041, CVE-2022-30206 and CVE-2022-30226 are all EoP vulnerabilities in Windows Print Spooler components. After the deluge of vulnerability disclosures kicked off by PrintNightmare in August 2021, June 2022 was the first month in which Microsoft did not release any patches for Print Spooler. On balance, Microsoft has patched four high severity vulnerabilities in the service, all of which were rated “Exploitation Less Likely” based on Microsoft’s Exploitability Index. Three of the vulnerabilities were credited to researchers who disclosed Print Spooler flaws during the PrintNightmare saga last year. Xuefeng Li and Zhiniang Peng with Sangfor were the ones to kick it all off in late June 2021.

While the four vulnerabilities received somewhat similar CVSSv3 scores (listed in the table below), they grant attackers different levels of privilege escalation if exploited. CVE-2022-22022 and CVE-2022-30226 only allow an attacker to delete targeted files on a system while CVE-2022-22041 and CVE2022-30206 could grant an attacker SYSTEM privileges.

CVE
Description
Acknowledgements
CVSS Score

CVE-2022-22022
Windows Print Spooler Elevation of Privilege
Xuefeng Li and Zhiniang Peng with Sangfor
7.1

CVE-2022-22041
Windows Print Spooler Elevation of Privilege
JeongOh Kyea with Theori
7.2

CVE-2022-30206
Windows Print Spooler Elevation of Privilege
Victor Mata with FusionX, Accenture Security and luckyu with NSFOCUS Tianyuan Lab
7.8

CVE-2022-30226
Windows Print Spooler Elevation of Privilege
Xuefeng Li and Zhiniang Peng with Sangfor
7.1

If patching is not feasible at this time, all four vulnerabilities can be mitigated by disabling the Print Spooler service. Microsoft’s advisories include PowerShell commands to do so.

Critical

CVE-2022-22038 | Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVE-2022-22038 is a RCE vulnerability in the Remote Procedure Call Runtime impacting all supported versions of Windows. The vulnerability received a CVSSv3 score of 8.1 and, while no privileges are required, the CVSS score indicates the attack complexity is high. Microsoft further supports this with a note in the advisory stating that additional actions by an attacker are required in order to prepare a target for successful exploitation. This is one of four vulnerabilities credited to Yuki Chen of Cyber KunLun in this month’s release.

Critical
Important

CVE-2022-22028, CVE-2022-20229, CVE-2022-22039 | Windows Network File System Vulnerabilities

CVE-2022-22028 is an information disclosure vulnerability, whileCVE-2022-22029 and CVE-2022-22039are RCE vulnerabilities in the Windows Network File System (NFS). All three flaws were assigned an “Exploitation Less Likely” because these flaws have high attack complexity. In the case of CVE-2022-22029, an attacker would need to “invest time in repeated exploitation attempts” by “sending constant or intermittent data.” Both CVE-2022-22028 and CVE-2022-22039 require an attacker to “win a race condition” in order to exploit these vulnerabilities.

Microsoft attributed these vulnerabilities to security researcher Yuki Chen of Cyber KunLun. This is the third month in a row that Chen has reported vulnerabilities in Windows NFS, though the previously patched flaws carried a higher criticality rating.

Tenable Solutions

Users can create scans that focus specifically on our Patch Tuesday plugins. From a new advanced scan, in the plugins tab, set an advanced filter for Plugin Name contains July 2022.

With that filter set, click the plugin families to the left and enable each plugin that appears on the right side. Note: If your families on the left say Enabled, then all the plugins in that family are set. Disable the whole family before selecting the individual plugins for this scan. Here’s an example from Tenable.io:

A list of all the plugins released for Tenable’s July 2022 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

Get more information

Microsoft’s July 2022 Security Updates
Tenable plugins for Microsoft July 2022 Patch Tuesday Security Updates

Join Tenable’s Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Read More

Don’t Stop Learning! Jeremy’s McAfee Journey

Read Time:2 Minute, 26 Second

Our How I Got Here series spotlights the stories of team members who have successfully grown their careers here at McAfee. This journey features Jeremy whose passion for learning has seen him grow his career in our Technology Services Team.

My McAfee career journey

In 2015, I started as a contract worker to help manage network cabling in McAfee’s buildings. While I was doing that, I was also asked to help manage our voice network (think of this as phones and conference lines) for North and South America. A year after working in both of those roles, I was asked to focus on voice network engineering. After a couple of years, I began training as an engineer for our audio-visual workspace, which helps bring efficiency and centralization to our conference room communications and collaboration tools. And today, I am a Unified Communications Engineer!

My other role within McAfee is Co-President of the McAfee Veterans Community. I absolutely love the community of veterans from around the globe and our community allies. It’s a wonderful group of people who are always willing to serve their local communities. We have hosted inspiring guest speakers, and volunteer events, and continue to hold monthly virtual Coffee Talks and Happy Hours.

A typical day?

I don’t believe that I’ve ever had a typical workday. One moment I’m entering new employees into our systems, and the next I’m providing backend call-center support. I also help run our big Microsoft Teams live events. And, of course, I troubleshoot communications issues as they arise.

I truly enjoy working with the Technology Services team and especially the Voice and Video Team. Being able to collaborate with such wonderful teams is a really rewarding part of my role.

Changing my career

For about a decade in my previous role, I managed a team doing general upkeep in computer systems and I felt really comfortable doing that! I joined McAfee to do a similar role, but shortly afterward I was asked to pivot to more of an engineering role. It was a bit overwhelming at first, but luckily the team I was with was very helpful and supportive of my learning curve. Even though it was out of my comfort zone, I’m so glad I was given the opportunity – it has blessed mine and my family’s life!

​​​​​​​My advice for anyone looking to drive their career forward is

To never stop learning. There is ALWAYS something to learn and someone who can mentor you. I believe that if you are surrounded by smart people (and pay attention), you can’t help but learn and grow! I absolutely love to learn, so this has been one of top of the reasons why I have loved my job since my very first day.

The post Don’t Stop Learning! Jeremy’s McAfee Journey appeared first on McAfee Blog.

Read More

Concentric launches new data privacy and cybersecurity solution Eclipse

Read Time:33 Second

Private risk consultancy firm Concentric has announced the launch of Eclipse, a new “turnkey solution” designed to provide enhanced cybersecurity and digital privacy to users. The platform offers leveled subscription tiers, “à la carte” services, and defense-in-depth across consumer identities, devices, accounts and network connections, according to the company. The release comes as cybercrime continues to plague organizations across the globe and data becomes a key commodity of value to malicious cyber actors.

Eclipse available in multi-tier and standalone options

In a press release, Concentric stated that Eclipse packages are available to all users in three different tiers:

To read this article in full, please click here

Read More

Barracuda report: Almost everyone faced an industrial attack in the last year

Read Time:37 Second

A report commissioned by cloud security company Barracuda found that 94% of respondents have experienced some form of attack on their industrial IoT (IIoT) or operational technology (OT) systems during the last 12 months.

The State of Industrial Security in 2022 report surveyed 800 senior IT and security officers responsible for these industrial systems.

“In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organizations at risk,” said Tim Jefferson, senior vice president for data protection, network, and application security at Barracuda said in a statement accompanying the report.

To read this article in full, please click here

Read More

Introducing Nessus Expert, Now Built for the Modern Attack Surface

Read Time:2 Minute, 55 Second

Nessus has long been the undisputed leader in vulnerability assessment. With the introduction of Nessus Expert, you can now protect against new, emerging cyberthreats across cloud infrastructure and understand what’s in your external attack surface.

Since it was released over 20 years ago, Nessus has become the industry standard for vulnerability assessments. When Tenable co-founder and former CTO Renaud Deraison dropped out of college to pursue his idea of creating a tool to find software vulnerabilities, no one could have imagined the impact Nessus would have on the cybersecurity industry.

In the time since Nessus was first released in 1998, much has changed about the industry, adding complexity and challenge to the work of security professionals:

The attack surface has expanded well beyond traditional IT assets, such as servers, workstations and network infrastructure, to include cloud deployments and workloads and internet-connected assets.
The reliance on the cloud and infrastructure as code (IaC) to streamline development lifecycles has become a key part of every organization’s business. Yet, developers aren’t following security best practices before pushing to production, which increases risk.
Technological advances have made it relatively easy for individuals to spin up cloud instances without involving IT or security, leaving security professionals with limited visibility into the variety of internet-facing assets that may be in the environment.

To help infosec pros meet the challenges highlighted above, Tenable has developed a number of innovative new assessment capabilities available with Nessus Expert.

Introducing the newest member to the Nessus line-up, Nessus Expert

Nessus Expert is a new offering that builds upon Nessus Professional. Nessus Expert provides vulnerability assessment for your modern attack surface — adding Infrastructure as Code (IaC) scanning along with external attack surface discovery capabilities to identify all domains and subdomains that make up an organization’s external-facing attack surface.

When it comes to IaC, Nessus Expert enables users to programmatically detect cloud infrastructure misconfigurations and vulnerabilities in the design and build phases of the software development lifecycle.

Leveraging 500 prebuilt policies, Nessus Expert checks configuration files and code repositories for security and configuration issues before production — helping to eliminate the costly and time-intensive mistakes that can arise when developers unknowingly push vulnerabilities and misconfigurations into production. Nessus Expert allows users to:

Identify policy violations in automated pipelines
Leverage 500 prebuilt policies for IaC scanning
Prevent misconfigurations and vulnerabilities from reaching cloud instances
Prevent the downtime and additional costs and resources associated with remediating code after deployment.

Nessus Expert also contains external attack surface management functionality to continuously discover and inventory an organization’s internet-facing assets from an attacker’s perspective. Nessus Expert seamlessly scans domains to uncover the sub-domains into which security teams previously had low or no visibility. This functionality allows users to:

Scan up to five domains every 90 days to understand all associated subdomains
Gain important contextual information about internet-facing assets, such as ports secure socket layer (SSL) details and domain name system (DNS) information
Purchase additional domains as needed
Easily launch a scan on newly identified assets

Nessus Expert features at a glance

Features

Nessus Professional

Nessus Expert

Designed for…

Pen testers, consultants and SMBs

Pen testers, consultants, developers and SMBs

Real-time vulnerability updates

Vulnerability scanning

✓ 

External attack surface scanning

X

✓ five domains per quarter

Ability to add domains

X

Scan cloud infrastructure

X

Compliance audits of cloud infrastructure

X

500 prebuilt policies

Learn more

Want to see firsthand how Nessus Expert can help you? Try Nessus Expert today.

Read More