Black Arrow Cyber Advisory 13/07/2022 – Microsoft Patch Tuesday – Fixes released for Two Zero-Day flaws, One Under Active Exploitation

Executive Summary

Microsoft’s July Patch Tuesday provides updates to address security issues across its product range, including several critical patches. The standout patch in this release is for a Zero-Day flaw, affecting both client and server version of Windows, that is being actively exploited in the wild, and allows an attacker to escalate privileges within a specific Windows component to gain SYSTEM level permissions.

Security updates have also been released for other Microsoft products to tackle different issues, including the Microsoft Edge browser, which also has a Zero-Day patch, Microsoft Office, and all supported versions of Microsoft Windows.

What’s the risk to me or my business?

Security updates are available for all supported versions of Windows. As some of these updates address vulnerabilities that are known to be actively exploited, the updates should be applied as soon as possible, particularly as this release contains a patch for an actively exploited Zero-day.

What can I do?

Apply the available updates from Microsoft as soon as possible, while taking into consideration any potential downtime that these updates may cause.

Technical Summary

The aforementioned Zero-Day exploit, CVE-2022-22047, allows attackers to use privileged escalation within the Windows Client Server Runtime Subsystem (CSRSS) to gain SYSTEM permissions, effectively providing them with unlimited privileged access on a local system, allowing them to disable Endpoint Security Solutions, and allow for further privilege escalation through the installation of malicious software, allowing access to the wider organisational network. Further information on this particular vulnerability is available here: CVE-2022-22047 - Security Update Guide - Microsoft - Windows CSRSS Elevation of Privilege Vulnerability

Several vulnerabilities within the Edge browser have also been addressed, which also includes a Zero-Day flaw that Google had previously disclosed as been actively exploited in the wild earlier this month. This Zero-Day flaw has been marked as CVE-2022-2294, and further information is available here: Chrome Releases: Stable Channel Update for Desktop (googleblog.com)

Further details on other specific updates within this Patch Tuesday can be found here: Microsoft Windows Security Updates July 2022 overview - gHacks Tech News

Need help understanding your gaps, or just want some advice? Get in touch with us.

Previous
Previous

Black Arrow Cyber Threat Briefing 15 July 2022

Next
Next

Black Arrow Cyber Threat Briefing 08 July 2022