Service Notices
Microsoft Releases July 2022 Security Updates
Jul 18, 2022 GMT+08:00
I. Overview
Microsoft has released its July 2022 security updates. A total of 84 security vulnerabilities have been disclosed, among which 4 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to perform remote code execution, escalate privileges, and leak sensitive information. The affected applications include Microsoft Windows, Microsoft Office, Windows Hyper-V, and Microsoft Edge.
For details, visit Microsoft official website:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul
The following vulnerabilities have been exploited by attackers:
Windows CSRSS Elevation of Privilege Vulnerability (CVE-2022-22047): Attackers can exploit this vulnerability to obtain system privileges. It has been exploited in the wild, and the risk is high.
Windows Graphics Component Elevation of Privilege Vulnerability (CVE-2022-22034): It is officially marked as Exploitation More Likely.
Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2022-30220): It is officially marked as Exploitation More Likely.
Windows Server Service Tampering Vulnerability (CVE-2022-30216): It is officially marked as Exploitation More Likely.
Active Directory Federation Services Elevation of Privilege Vulnerability (CVE-2022-30215): It is officially marked as Exploitation More Likely.
Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability (CVE-2022-30202): It is officially marked as Exploitation More Likely.
Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, Windows Hyper-V, Microsoft Edge, and other products.
IV. Vulnerability Details
|
CVE No. |
Vulnerability |
Severity |
Affected Product |
|
CVE-2022-22038 |
Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Important |
Windows 10, Windows 8.1/RT 8.1, Windows 11, Windows Server 2012/2012R/2016/2019/2022, Windows Server, version 20H2 |
|
CVE-2022-22029 CVE-2022-22039 |
Windows Network File System Remote Code Execution Vulnerability |
Important |
Windows Server 2008/2008R/2012/2012R/2016/2019/2022, Windows Server, version 20H2 |
|
CVE-2022-30221 |
Microsoft Graphics Components Remote Code Execution Vulnerability |
Important |
Windows 10, Windows 8.1/RT 8.1, Windows 11, Windows 7, Windows Server 2008R/2012R/2016/2019/2022, Windows Server, version 20H2, Remote Desktop client for Windows Desktop |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
Security Update Guide - Microsoft
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.