This month we got patches for 86 vulnerabilities. Of these, 4 are critical, none previously disclosed, and one is being exploited according to Microsoft.
The zero-day is an elevation of privilege affecting Windows CSRSS (CVE-2022-22047). The CSRSS (Client Server Run-Time Subsystem) is the user-mode process that controls the underlying layer for the Windows environment. According to the advisory, “an attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” The advisory also says that the attack complexity is low, the privileges required are low and no user interaction is required. The CVSS for this vulnerability is 7.8.
There is another important elevation of privilege affecting Windows CSRSS (CVE-2022-22026). As per the advisory, this is similar to the already exploited vulnerability in terms of attack vector, attack complexity, privileges required, and user interaction. However, the CVSS score is higher: 8.8 – the highest for this month.
The same CVSS score was given to the remote code execution (RCE) vulnerability in Windows Graphics Component (CVE-2022-30221) affecting different Windows products including Remote Desktop Client. To exploit this vulnerability “an attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim’s system in the context of the targeted user.”
There is also a critical tampering vulnerability with exploitability tagged as “More Likely” affecting Windows Server Service (CVE-2022-30216). The attack vector is network, the attack complexity and privileges required are low and it requires no user interaction. According to the advisory, “For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service”. The CVSS for this vulnerability is 8.8.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com.
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| AMD: CVE-2022-23816 AMD CPU Branch Type Confusion | |||||||
| %%cve:2022-23816%% | No | No | Less Likely | Less Likely | Important | ||
| AMD: CVE-2022-23825 AMD CPU Branch Type Confusion | |||||||
| %%cve:2022-23825%% | No | No | Less Likely | Less Likely | Important | ||
| Active Directory Federation Services Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-30215%% | No | No | More Likely | More Likely | Important | 7.5 | 6.5 |
| Azure Site Recovery Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-30181%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33641%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33642%% | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
| %%cve:2022-33643%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33650%% | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
| %%cve:2022-33651%% | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
| %%cve:2022-33652%% | No | No | Less Likely | Less Likely | Important | 4.4 | 4.0 |
| %%cve:2022-33653%% | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
| %%cve:2022-33654%% | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
| %%cve:2022-33655%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33656%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33657%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33658%% | No | No | Less Likely | Less Likely | Important | 4.4 | 4.0 |
| %%cve:2022-33659%% | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
| %%cve:2022-33660%% | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
| %%cve:2022-33661%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33662%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33663%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33664%% | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
| %%cve:2022-33665%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33666%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33667%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33668%% | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
| %%cve:2022-33669%% | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
| %%cve:2022-33671%% | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
| %%cve:2022-33672%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33673%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| %%cve:2022-33674%% | No | No | Less Likely | Less Likely | Important | 8.3 | 7.5 |
| %%cve:2022-33675%% | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| %%cve:2022-33677%% | No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 |
| Azure Site Recovery Remote Code Execution Vulnerability | |||||||
| %%cve:2022-33676%% | No | No | Less Likely | Less Likely | Important | 7.2 | 6.5 |
| %%cve:2022-33678%% | No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 |
| Azure Storage Library Information Disclosure Vulnerability | |||||||
| %%cve:2022-30187%% | No | No | Less Likely | Less Likely | Important | 4.7 | 4.2 |
| BitLocker Security Feature Bypass Vulnerability | |||||||
| %%cve:2022-22048%% | No | No | Less Likely | Less Likely | Important | 6.1 | 5.3 |
| Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC | |||||||
| %%cve:2022-2294%% | No | No | – | – | – | ||
| Chromium: CVE-2022-2295 Type Confusion in V8 | |||||||
| %%cve:2022-2295%% | No | No | – | – | – | ||
| HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data | |||||||
| %%cve:2022-27776%% | No | No | Less Likely | Less Likely | Important | ||
| Internet Information Services Dynamic Compression Module Denial of Service Vulnerability | |||||||
| %%cve:2022-22040%% | No | No | Less Likely | Less Likely | Important | 7.3 | 6.6 |
| Microsoft Defender for Endpoint Tampering Vulnerability | |||||||
| %%cve:2022-33637%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Microsoft Office Security Feature Bypass Vulnerability | |||||||
| %%cve:2022-33632%% | No | No | Less Likely | Less Likely | Important | 4.7 | 4.1 |
| Performance Counters for Windows Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-22036%% | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||||
| %%cve:2022-22038%% | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.3 |
| Skype for Business and Lync Remote Code Execution Vulnerability | |||||||
| %%cve:2022-33633%% | No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 |
| Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-30202%% | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
| %%cve:2022-30224%% | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| %%cve:2022-22037%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Windows BitLocker Information Disclosure Vulnerability | |||||||
| %%cve:2022-22711%% | No | No | Less Likely | Less Likely | Important | 6.7 | 5.8 |
| Windows Boot Manager Security Feature Bypass Vulnerability | |||||||
| %%cve:2022-30203%% | No | No | Less Likely | Less Likely | Important | 7.4 | 6.4 |
| Windows CSRSS Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-22026%% | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| %%cve:2022-22047%% | No | Yes | Detected | Detected | Important | 7.8 | 6.8 |
| %%cve:2022-22049%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-30220%% | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
| Windows Connected Devices Platform Service Information Disclosure Vulnerability | |||||||
| %%cve:2022-30212%% | No | No | Less Likely | Less Likely | Important | 4.7 | 4.1 |
| Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-22031%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows DNS Server Remote Code Execution Vulnerability | |||||||
| %%cve:2022-30214%% | No | No | Less Likely | Less Likely | Important | 6.6 | 5.8 |
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-22043%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Fax Service Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-22050%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Fax Service Remote Code Execution Vulnerability | |||||||
| %%cve:2022-22024%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2022-22027%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows GDI+ Information Disclosure Vulnerability | |||||||
| %%cve:2022-30213%% | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-22034%% | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||||
| %%cve:2022-30221%% | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
| Windows Group Policy Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-30205%% | No | No | Less Likely | Less Likely | Important | 6.6 | 5.8 |
| Windows Hyper-V Information Disclosure Vulnerability | |||||||
| %%cve:2022-30223%% | No | No | Less Likely | Less Likely | Important | 5.7 | 5.0 |
| %%cve:2022-22042%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows IIS Server Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-30209%% | No | No | Less Likely | Less Likely | Important | 7.4 | 6.4 |
| Windows Internet Information Services Cachuri Module Denial of Service Vulnerability | |||||||
| %%cve:2022-22025%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| %%cve:2022-21845%% | No | No | Less Likely | Less Likely | Important | 4.7 | 4.1 |
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | |||||||
| %%cve:2022-30211%% | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-30225%% | No | No | Less Likely | Less Likely | Important | 7.1 | 6.2 |
| Windows Network File System Information Disclosure Vulnerability | |||||||
| %%cve:2022-22028%% | No | No | Less Likely | Less Likely | Important | 5.9 | 5.2 |
| Windows Network File System Remote Code Execution Vulnerability | |||||||
| %%cve:2022-22029%% | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
| %%cve:2022-22039%% | No | No | Less Likely | Less Likely | Critical | 7.5 | 6.5 |
| Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | |||||||
| %%cve:2022-22023%% | No | No | Less Likely | Less Likely | Important | 6.6 | 5.8 |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-30206%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| %%cve:2022-30226%% | No | No | Less Likely | Less Likely | Important | 7.1 | 6.2 |
| %%cve:2022-22022%% | No | No | Less Likely | Less Likely | Important | 7.1 | 6.2 |
| %%cve:2022-22041%% | No | No | Less Likely | Less Likely | Important | 6.8 | 6.1 |
| Windows Security Account Manager (SAM) Denial of Service Vulnerability | |||||||
| %%cve:2022-30208%% | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows Server Service Tampering Vulnerability | |||||||
| %%cve:2022-30216%% | No | No | More Likely | More Likely | Important | 8.8 | 7.7 |
| Windows Shell Remote Code Execution Vulnerability | |||||||
| %%cve:2022-30222%% | No | No | Less Likely | Less Likely | Important | 8.4 | 7.3 |
| Windows.Devices.Picker.dll Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-22045%% | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Xbox Live Save Service Elevation of Privilege Vulnerability | |||||||
| %%cve:2022-33644%% | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
—
Renato Marinho
Morphus Labs| LinkedIn|Twitter
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
