Author: Greg Wiseman

Patch Tuesday - July 2024

Microsoft is addressing 139 vulnerabilities this July 2024 Patch Tuesday, which is on the high side in terms of typical CVE counts. They’ve also republished details for 4 CVEs issued by other vendors that affect Microsoft products. Microsoft has evidence of in-the-wild exploitation for 2 of the vulnerabilities published today. At time of writing, none of the vulnerabilities patched today are listed in CISA’s Known Exploited Vulnerabilities catalog, though we can expect CVE-2024-38080 and CVE-2024-38112 to appear there in short order. Microsoft is also patching 5 critical remote code execution (RCE) vulnerabilities today.

Windows Hyper-V: zero-day EoP

CVE-2024-38080 is an elevation of privilege (EoP) vulnerability affecting Microsoft’s Hyper-V virtualization functionality. Successful exploitation will give an attacker SYSTEM-level privileges. Only more recent editions of Windows are affected; Windows 11 since version 21H2 and Windows Server 2022 (including Server Core).

Windows MSHTML Platform: zero-day Spoofing

The other vulnerability seen exploited in the wild this month is CVE-2024-38112, a Spoofing vulnerability affecting Microsoft’s MSHTML browser engine which can be found on all versions of Windows, including Server editions. User interaction is required for exploitation – for example, a threat actor would need to send the victim a malicious file and convince them to open it. Microsoft is characteristically cagey about what exactly can be spoofed here, though they do indicate that the associated Common Weakness Enumeration (CWE) is CWE-668: Exposure of Resource to Wrong Sphere, which is defined as providing unintended actors with inappropriate access to a resource.

SharePoint: critical post-auth RCE

Similar to a vulnerability seen in May, CVE-2024-38023 is a SharePoint vulnerability that could allow an authenticated attacker with Site Owner permissions or higher to upload a specially crafted file to a SharePoint Server, then craft malicious API requests to trigger deserialization of the file's parameters, thus enabling them to achieve remote code execution in the context of the SharePoint Server. The CVSS base score of 7.2 reflects the requirement of Site Owner privileges or higher to exploit the vulnerability.

Windows Imaging: critical RCE

All supported versions of Windows (and almost certainly unsupported versions as well) are vulnerable to CVE-2024-38060, a flaw in the Windows Imaging Component related to TIFF (Tagged Image File Format) image processing that could allow an attacker to execute arbitrary code on a system. The example scenario Microsoft provides is simply of an authenticated attacker uploading a specially crafted TIFF image to a server in order to exploit this.

Remote Desktop Licensing Service: multiple critical RCEs

Three critical CVEs related to the Windows Remote Desktop Licensing Service were patched this month. CVE-2024-38074, CVE-2024-38076, and CVE-2024-38077. All three of these carry a CVSS 3.1 base score of 9.8 – if you rely on the Remote Desktop licensing service, best get patching immediately. As a mitigation, consider disabling the service entirely until there is an opportunity to apply the update.

SQL Server

Microsoft has patched a host of CVEs affecting SQL Server, all with a CVSS 3.1 base score of 8.8 and allowing RCE. These specifically affect the OLE DB Provider, so not only do SQL Server instances need to be updated, but client code running vulnerable versions of the connection driver will also need to be addressed. For example, an attacker could use social engineering tactics to dupe an authenticated user into attempting to connect to a SQL Server database configured to return malicious data, allowing arbitrary code execution on the client.

Lifecycle update

Also in SQL Server news this month, Microsoft SQL Server 2014 moves past the end of extended support. From this point onward, Microsoft only guarantees to provide SQL Server 2014 security updates to customers who pay for the Extended Security Updates program.

Summary charts

Patch Tuesday - July 2024
Patch Tuesday - July 2024
Patch Tuesday - July 2024

Summary tables

Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-38092 Azure CycleCloud Elevation of Privilege Vulnerability No No 8.8
CVE-2024-35261 Azure Network Watcher VM Extension Elevation of Privilege Vulnerability No No 7.8
CVE-2024-35266 Azure DevOps Server Spoofing Vulnerability No No 7.6
CVE-2024-35267 Azure DevOps Server Spoofing Vulnerability No No 7.6
CVE-2024-38086 Azure Kinect SDK Remote Code Execution Vulnerability No No 6.4

Developer Tools vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-35264 .NET and Visual Studio Remote Code Execution Vulnerability No Yes 8.1
CVE-2024-38095 .NET and Visual Studio Denial of Service Vulnerability No No 7.5
CVE-2024-30105 .NET Core and Visual Studio Denial of Service Vulnerability No No 7.5
CVE-2024-38081 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability No No 7.3

ESU Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-38077 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability No No 9.8
CVE-2024-38074 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability No No 9.8
CVE-2024-38053 Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability No No 8.8
CVE-2024-38060 Windows Imaging Component Remote Code Execution Vulnerability No No 8.8
CVE-2024-38104 Windows Fax Service Remote Code Execution Vulnerability No No 8.8
CVE-2024-28899 Secure Boot Security Feature Bypass Vulnerability No No 8.8
CVE-2024-37973 Secure Boot Security Feature Bypass Vulnerability No No 8.4
CVE-2024-37984 Secure Boot Security Feature Bypass Vulnerability No No 8.4
CVE-2024-37969 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-37970 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-37974 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-37986 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-37987 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-37971 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-37972 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-37975 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-37988 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-37989 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-38010 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-38011 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-38050 Windows Workstation Service Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38066 Windows Win32k Elevation of Privilege Vulnerability No No 7.8
CVE-2024-30079 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38070 Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability No No 7.8
CVE-2024-38051 Windows Graphics Component Remote Code Execution Vulnerability No No 7.8
CVE-2024-38085 Windows Graphics Component Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38079 Windows Graphics Component Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38034 Windows Filtering Platform Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38054 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38052 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38057 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability No No 7.8
CVE-2024-39684 Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38064 Windows TCP/IP Information Disclosure Vulnerability No No 7.5
CVE-2024-38071 Windows Remote Desktop Licensing Service Denial of Service Vulnerability No No 7.5
CVE-2024-38073 Windows Remote Desktop Licensing Service Denial of Service Vulnerability No No 7.5
CVE-2024-38015 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability No No 7.5
CVE-2024-38031 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability No No 7.5
CVE-2024-38067 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability No No 7.5
CVE-2024-38068 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability No No 7.5
CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability Yes No 7.5
CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability No No 7.5
CVE-2024-38091 Microsoft WS-Discovery Denial of Service Vulnerability No No 7.5
CVE-2024-38061 DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability No No 7.5
CVE-2024-3596 CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability No No 7.5
CVE-2024-38033 PowerShell Elevation of Privilege Vulnerability No No 7.3
CVE-2024-38025 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability No No 7.2
CVE-2024-38019 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability No No 7.2
CVE-2024-38028 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability No No 7.2
CVE-2024-38044 DHCP Server Service Remote Code Execution Vulnerability No No 7.2
CVE-2024-30081 Windows NTLM Spoofing Vulnerability No No 7.1
CVE-2024-38022 Windows Image Acquisition Elevation of Privilege Vulnerability No No 7
CVE-2024-38065 Secure Boot Security Feature Bypass Vulnerability No No 6.8
CVE-2024-38058 BitLocker Security Feature Bypass Vulnerability No No 6.8
CVE-2024-38013 Microsoft Windows Server Backup Elevation of Privilege Vulnerability No No 6.7
CVE-2024-38049 Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability No No 6.6
CVE-2024-38030 Windows Themes Spoofing Vulnerability No No 6.5
CVE-2024-38048 Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability No No 6.5
CVE-2024-38027 Windows Line Printer Daemon Service Denial of Service Vulnerability No No 6.5
CVE-2024-38102 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability No No 6.5
CVE-2024-38101 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability No No 6.5
CVE-2024-38105 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability No No 6.5
CVE-2024-38099 Windows Remote Desktop Licensing Service Denial of Service Vulnerability No No 5.9
CVE-2024-38055 Microsoft Windows Codecs Library Information Disclosure Vulnerability No No 5.5
CVE-2024-38056 Microsoft Windows Codecs Library Information Disclosure Vulnerability No No 5.5
CVE-2024-38017 Microsoft Message Queuing Information Disclosure Vulnerability No No 5.5
CVE-2024-35270 Windows iSCSI Service Denial of Service Vulnerability No No 5.3
CVE-2024-30071 Windows Remote Access Connection Manager Information Disclosure Vulnerability No No 4.7

Microsoft Dynamics vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-30061 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability No No 7.3

Microsoft Office vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-38021 Microsoft Office Remote Code Execution Vulnerability No No 8.8
CVE-2024-32987 Microsoft SharePoint Server Information Disclosure Vulnerability No No 7.5
CVE-2024-38023 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 7.2
CVE-2024-38024 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 7.2
CVE-2024-38094 Microsoft SharePoint Remote Code Execution Vulnerability No No 7.2
CVE-2024-38020 Microsoft Outlook Spoofing Vulnerability No No 6.5

SQL Server vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-38088 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-38087 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21332 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21333 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21335 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21373 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21398 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21414 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21415 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21428 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37318 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37332 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37331 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-35271 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-35272 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-20701 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21303 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21308 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21317 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21331 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21425 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37319 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37320 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37321 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37322 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37323 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37324 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-21449 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37326 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37327 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37328 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37329 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37330 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37333 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37336 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-28928 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-35256 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability No No 8.8
CVE-2024-37334 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability No No 8.8

System Center vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-38089 Microsoft Defender for IoT Elevation of Privilege Vulnerability No No 9.1

Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-38076 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability No No 9.8
CVE-2024-21417 Windows Text Services Framework Elevation of Privilege Vulnerability No No 8.8
CVE-2024-30013 Windows MultiPoint Services Remote Code Execution Vulnerability No No 8.8
CVE-2024-37981 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-37977 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-37978 Secure Boot Security Feature Bypass Vulnerability No No 8
CVE-2024-38062 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38080 Windows Hyper-V Elevation of Privilege Vulnerability Yes No 7.8
CVE-2024-38100 Windows File Explorer Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38059 Win32k Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38043 PowerShell Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38047 PowerShell Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38517 Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability No No 7.8
CVE-2024-38078 Xbox Wireless Adapter Remote Code Execution Vulnerability No No 7.5
CVE-2024-38072 Windows Remote Desktop Licensing Service Denial of Service Vulnerability No No 7.5
CVE-2024-38032 Microsoft Xbox Remote Code Execution Vulnerability No No 7.1
CVE-2024-38069 Windows Enroll Engine Security Feature Bypass Vulnerability No No 7
CVE-2024-26184 Secure Boot Security Feature Bypass Vulnerability No No 6.8
CVE-2024-37985 Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers No Yes 5.9
CVE-2024-38041 Windows Kernel Information Disclosure Vulnerability No No 5.5

Patch Tuesday - January 2023

Microsoft is starting the new year with a bang! Today’s Patch Tuesday release addresses almost 100 CVEs. After a relatively mild holiday season, defenders and admins now have a wide range of exciting new vulnerabilities to consider.

Two zero-day vulnerabilities emerged today, both affecting a wide range of current Windows operating systems.

CVE-2023-21674 allows Local Privilege Escalation (LPE) to SYSTEM via a vulnerability in Windows Advanced Local Procedure Call (ALPC), which Microsoft has already seen exploited in the wild. Given its low attack complexity, the existence of functional proof-of-concept code, and the potential for sandbox escape, this may be a vulnerability to keep a close eye on. An ALPC zero-day back in 2018 swiftly found its way into a malware campaign.

CVE-2023-21549 is Windows SMB elevation for which Microsoft has not yet seen in-the-wild exploitation or a solid proof-of-concept, although Microsoft has marked it as publicly disclosed.

This Patch Tuesday also includes a batch of seven Critical Remote Code Execution (RCE) vulnerabilities. These are split between Windows Secure Socket Tunneling Protocol (SSTP) – source of another Critical RCE last month – and Windows Layer 2 Tunneling Protocol (L2TP). Happily, none of these has yet been seen exploited in the wild, and Microsoft has assessed all seven as “exploitation less likely” (though time will tell).

Today’s haul includes two Office Remote Code Execution vulnerabilities. Both CVE-2023-21734 and CVE-2023-21735 sound broadly familiar: a user needs to be tricked into running malicious files. Unfortunately, the security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available, so admins with affected assets will need to check back later and rely on other defenses for now.

On the server side, five CVEs affecting Microsoft Exchange Server were addressed today: two Spoofing vulnerabilities, two Elevation of Privilege, and an Information Disclosure. Any admins who no longer wish to run on-prem Exchange may wish to add these to the evidence pile.

Anyone responsible for a SharePoint Server instance has three new vulnerabilities to consider. Perhaps the most noteworthy is CVE-2023-21743, a remote authentication bypass. Remediation requires additional admin action after the installation of the SharePoint Server security update; however, exploitation requires no user interaction, and Microsoft already assesses it as “Exploitation More Likely”. This regrettable combination of properties explains the Critical severity assigned by Microsoft despite the relatively low CVSS score.

Another step further away from the Ballmer era: Microsoft recently announced the potential inclusion of CBL-Mariner CVEs as part of Security Update Guide guidance starting as early as tomorrow (Jan 11). First released on the carefully-selected date of April 1, 2020, CBL-Mariner is the Microsoft-developed Linux distro which acts as the base container OS for Azure services, and also underpins elements of WSL2.

Farewell Windows 8.1, we hardly knew ye: today’s security patches include fixes for Windows 8.1 for the final time, since Extended Support for most editions of Windows 8.1 ends today.

Summary charts

Patch Tuesday - January 2023
Patch Tuesday - January 2023
Patch Tuesday - January 2023
Patch Tuesday - January 2023

Summary tables

Apps vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2023-21780 3D Builder Remote Code Execution Vulnerability No No 7.8
CVE-2023-21781 3D Builder Remote Code Execution Vulnerability No No 7.8
CVE-2023-21782 3D Builder Remote Code Execution Vulnerability No No 7.8
CVE-2023-21784 3D Builder Remote Code Execution Vulnerability No No 7.8
CVE-2023-21786 3D Builder Remote Code Execution Vulnerability No No 7.8
CVE-2023-21791 3D Builder Remote Code Execution Vulnerability No No 7.8
CVE-2023-21793 3D Builder Remote Code Execution Vulnerability No No 7.8
CVE-2023-21783 3D Builder Remote Code Execution Vulnerability No No 7.8
CVE-2023-21785 3D Builder Remote Code Execution Vulnerability No No 7.8
CVE-2023-21787 3D Builder Remote Code Execution Vulnerability No No 7.8
CVE-2023-21788 3D Builder Remote Code Execution Vulnerability No No 7.8
CVE-2023-21789 3D Builder Remote Code Execution Vulnerability No No 7.8
CVE-2023-21790 3D Builder Remote Code Execution Vulnerability No No 7.8
CVE-2023-21792 3D Builder Remote Code Execution Vulnerability No No 7.8

Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2023-21531 Azure Service Fabric Container Elevation of Privilege Vulnerability No No 7

Developer Tools vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2023-21538 .NET Denial of Service Vulnerability No No 7.5
CVE-2023-21779 Visual Studio Code Remote Code Execution No No 7.3

Exchange Server vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2023-21762 Microsoft Exchange Server Spoofing Vulnerability No No 8
CVE-2023-21745 Microsoft Exchange Server Spoofing Vulnerability No No 8
CVE-2023-21763 Microsoft Exchange Server Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21764 Microsoft Exchange Server Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21761 Microsoft Exchange Server Information Disclosure Vulnerability No No 7.5

Microsoft Office vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2023-21742 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8
CVE-2023-21744 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8
CVE-2023-21736 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8
CVE-2023-21737 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8
CVE-2023-21734 Microsoft Office Remote Code Execution Vulnerability No No 7.8
CVE-2023-21735 Microsoft Office Remote Code Execution Vulnerability No No 7.8
CVE-2023-21738 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.1
CVE-2023-21741 Microsoft Office Visio Information Disclosure Vulnerability No No 7.1
CVE-2023-21743 Microsoft SharePoint Server Security Feature Bypass Vulnerability No No 5.3

System Center vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2023-21725 Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability No No 6.3

Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2023-21676 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability No No 8.8
CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Yes No 8.8
CVE-2023-21767 Windows Overlay Filter Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21755 Windows Kernel Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21558 Windows Error Reporting Service Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21768 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21724 Microsoft DWM Core Library Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21551 Microsoft Cryptographic Services Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21677 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability No No 7.5
CVE-2023-21683 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability No No 7.5
CVE-2023-21758 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability No No 7.5
CVE-2023-21539 Windows Authentication Remote Code Execution Vulnerability No No 7.5
CVE-2023-21547 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability No No 7.5
CVE-2023-21771 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability No No 7
CVE-2023-21739 Windows Bluetooth Driver Elevation of Privilege Vulnerability No No 7
CVE-2023-21733 Windows Bind Filter Driver Elevation of Privilege Vulnerability No No 7
CVE-2023-21540 Windows Cryptographic Information Disclosure Vulnerability No No 5.5
CVE-2023-21550 Windows Cryptographic Information Disclosure Vulnerability No No 5.5
CVE-2023-21559 Windows Cryptographic Information Disclosure Vulnerability No No 5.5
CVE-2023-21753 Event Tracing for Windows Information Disclosure Vulnerability No No 5.5
CVE-2023-21766 Windows Overlay Filter Information Disclosure Vulnerability No No 4.7
CVE-2023-21536 Event Tracing for Windows Information Disclosure Vulnerability No No 4.7
CVE-2023-21759 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability No No 3.3

Windows ESU vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2023-21549 Windows SMB Witness Service Elevation of Privilege Vulnerability No Yes 8.8
CVE-2023-21681 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability No No 8.8
CVE-2023-21732 Microsoft ODBC Driver Remote Code Execution Vulnerability No No 8.8
CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability No No 8.8
CVE-2023-21535 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability No No 8.1
CVE-2023-21548 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability No No 8.1
CVE-2023-21546 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability No No 8.1
CVE-2023-21543 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability No No 8.1
CVE-2023-21555 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability No No 8.1
CVE-2023-21556 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability No No 8.1
CVE-2023-21679 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability No No 8.1
CVE-2023-21680 Windows Win32k Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21541 Windows Task Scheduler Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21678 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21765 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21746 Windows NTLM Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21524 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21747 Windows Kernel Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21748 Windows Kernel Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21749 Windows Kernel Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21754 Windows Kernel Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21772 Windows Kernel Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21773 Windows Kernel Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21774 Windows Kernel Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21675 Windows Kernel Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21552 Windows GDI Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21726 Windows Credential Manager User Interface Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21537 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21730 Microsoft Cryptographic Services Elevation of Privilege Vulnerability No No 7.8
CVE-2023-21527 Windows iSCSI Service Denial of Service Vulnerability No No 7.5
CVE-2023-21728 Windows Netlogon Denial of Service Vulnerability No No 7.5
CVE-2023-21557 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability No No 7.5
CVE-2023-21757 Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability No No 7.5
CVE-2023-21760 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.1
CVE-2023-21750 Windows Kernel Elevation of Privilege Vulnerability No No 7.1
CVE-2023-21752 Windows Backup Service Elevation of Privilege Vulnerability No No 7.1
CVE-2023-21542 Windows Installer Elevation of Privilege Vulnerability No No 7
CVE-2023-21532 Windows GDI Elevation of Privilege Vulnerability No No 7
CVE-2023-21563 BitLocker Security Feature Bypass Vulnerability No No 6.8
CVE-2023-21560 Windows Boot Manager Security Feature Bypass Vulnerability No No 6.6
CVE-2023-21776 Windows Kernel Information Disclosure Vulnerability No No 5.5
CVE-2023-21682 Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability No No 5.3
CVE-2023-21525 Remote Procedure Call Runtime Denial of Service Vulnerability No No 5.3

Patch Tuesday - December 2022

As far as Patch Tuesdays go, defenders have a relatively light month to close out the year with only 48 CVEs being published by Microsoft today. (This does not include the 24 previously disclosed vulnerabilities affecting their Chromium-based Edge browser.)

There are two zero-days in the mix today. CVE-2022-44698 is a bypass of the Windows SmartScreen security feature, and has been seen exploited in the wild. It allows attackers to craft documents that won’t get tagged with Microsoft’s “Mark of the Web” despite being downloaded from untrusted sites. This means no Protected View for Microsoft Office documents, making it easier to get users to do sketchy things like execute malicious macros. Publicly disclosed, but not seen actively exploited, is CVE-2022-44710. It’s a classic elevation of privilege vulnerability affecting the DirectX graphics kernel on Windows 11 22H2 systems.

Administrators for SharePoint and Microsoft Dynamics deployments should be aware of Critical Remote Code Execution (RCE) vulnerabilities that need to be patched. Other Critical RCEs this month affect the Windows Secure Socket Tunneling Protocol (CVE-2022-44676 and CVE-2022-44670), .NET Framework (CVE-2022-41089), and PowerShell (CVE-2022-41076).

Happy holidays, and may your patching be merry and bright!

Summary charts

Patch Tuesday - December 2022
Patch Tuesday - December 2022
Patch Tuesday - December 2022
Patch Tuesday - December 2022

Summary tables

Apps vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-44702 Windows Terminal Remote Code Execution Vulnerability No No 7.8
CVE-2022-24480 Outlook for Android Elevation of Privilege Vulnerability No No 6.3

Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-44699 Azure Network Watcher Agent Security Feature Bypass Vulnerability No No 5.5

Browser vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-44708 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3
CVE-2022-41115 Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability No No 6.6
CVE-2022-44688 Microsoft Edge (Chromium-based) Spoofing Vulnerability No No 4.3
CVE-2022-4195 Chromium: CVE-2022-4195 Insufficient policy enforcement in Safe Browsing No No N/A
CVE-2022-4194 Chromium: CVE-2022-4194 Use after free in Accessibility No No N/A
CVE-2022-4193 Chromium: CVE-2022-4193 Insufficient policy enforcement in File System API No No N/A
CVE-2022-4192 Chromium: CVE-2022-4192 Use after free in Live Caption No No N/A
CVE-2022-4191 Chromium: CVE-2022-4191 Use after free in Sign-In No No N/A
CVE-2022-4190 Chromium: CVE-2022-4190 Insufficient data validation in Directory No No N/A
CVE-2022-4189 Chromium: CVE-2022-4189 Insufficient policy enforcement in DevTools No No N/A
CVE-2022-4188 Chromium: CVE-2022-4188 Insufficient validation of untrusted input in CORS No No N/A
CVE-2022-4187 Chromium: CVE-2022-4187 Insufficient policy enforcement in DevTools No No N/A
CVE-2022-4186 Chromium: CVE-2022-4186 Insufficient validation of untrusted input in Downloads No No N/A
CVE-2022-4185 Chromium: CVE-2022-4185 Inappropriate implementation in Navigation No No N/A
CVE-2022-4184 Chromium: CVE-2022-4184 Insufficient policy enforcement in Autofill No No N/A
CVE-2022-4183 Chromium: CVE-2022-4183 Insufficient policy enforcement in Popup Blocker No No N/A
CVE-2022-4182 Chromium: CVE-2022-4182 Inappropriate implementation in Fenced Frames No No N/A
CVE-2022-4181 Chromium: CVE-2022-4181 Use after free in Forms No No N/A
CVE-2022-4180 Chromium: CVE-2022-4180 Use after free in Mojo No No N/A
CVE-2022-4179 Chromium: CVE-2022-4179 Use after free in Audio No No N/A
CVE-2022-4178 Chromium: CVE-2022-4178 Use after free in Mojo No No N/A
CVE-2022-4177 Chromium: CVE-2022-4177 Use after free in Extensions No No N/A
CVE-2022-4175 Chromium: CVE-2022-4175 Use after free in Camera Capture No No N/A
CVE-2022-4174 Chromium: CVE-2022-4174 Type Confusion in V8 No No N/A

Developer Tools vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-41089 .NET Framework Remote Code Execution Vulnerability No No 8.8
CVE-2022-44704 Microsoft Windows Sysmon Elevation of Privilege Vulnerability No No 7.8

Developer Tools Windows ESU vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-41076 PowerShell Remote Code Execution Vulnerability No No 8.5

Microsoft Dynamics vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-41127 Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability No No 8.5

Microsoft Office vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-44690 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8
CVE-2022-44693 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8
CVE-2022-44694 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8
CVE-2022-44695 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8
CVE-2022-44696 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8
CVE-2022-44691 Microsoft Office OneNote Remote Code Execution Vulnerability No No 7.8
CVE-2022-44692 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8
CVE-2022-26804 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8
CVE-2022-26805 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8
CVE-2022-26806 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8
CVE-2022-47211 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8
CVE-2022-47212 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8
CVE-2022-47213 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8
CVE-2022-44713 Microsoft Outlook for Mac Spoofing Vulnerability No No 7.5

Open Source Software Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-44689 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability No No 7.8

Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-44677 Windows Projected File System Elevation of Privilege Vulnerability No No 7.8
CVE-2022-44683 Windows Kernel Elevation of Privilege Vulnerability No No 7.8
CVE-2022-44680 Windows Graphics Component Elevation of Privilege Vulnerability No No 7.8
CVE-2022-44671 Windows Graphics Component Elevation of Privilege Vulnerability No No 7.8
CVE-2022-44687 Raw Image Extension Remote Code Execution Vulnerability No No 7.8
CVE-2022-44710 DirectX Graphics Kernel Elevation of Privilege Vulnerability No Yes 7.8
CVE-2022-44669 Windows Error Reporting Elevation of Privilege Vulnerability No No 7
CVE-2022-44682 Windows Hyper-V Denial of Service Vulnerability No No 6.8
CVE-2022-44707 Windows Kernel Denial of Service Vulnerability No No 6.5
CVE-2022-44679 Windows Graphics Component Information Disclosure Vulnerability No No 6.5
CVE-2022-44674 Windows Bluetooth Driver Information Disclosure Vulnerability No No 5.5
CVE-2022-44698 Windows SmartScreen Security Feature Bypass Vulnerability Yes No 5.4

Windows ESU vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-44676 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability No No 8.1
CVE-2022-44670 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability No No 8.1
CVE-2022-44678 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8
CVE-2022-44681 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8
CVE-2022-44667 Windows Media Remote Code Execution Vulnerability No No 7.8
CVE-2022-44668 Windows Media Remote Code Execution Vulnerability No No 7.8
CVE-2022-41094 Windows Hyper-V Elevation of Privilege Vulnerability No No 7.8
CVE-2022-44697 Windows Graphics Component Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41121 Windows Graphics Component Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41077 Windows Fax Compose Form Elevation of Privilege Vulnerability No No 7.8
CVE-2022-44666 Windows Contacts Remote Code Execution Vulnerability No No 7.8
CVE-2022-44675 Windows Bluetooth Driver Elevation of Privilege Vulnerability No No 7.8
CVE-2022-44673 Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability No No 7
CVE-2022-41074 Windows Graphics Component Information Disclosure Vulnerability No No 5.5
Patch Tuesday - November 2022

It’s a relatively light Patch Tuesday this month by the numbers – Microsoft has only published 67 new CVEs, most of which affect their flagship Windows operating system. However, four of these are zero-days, having been observed as exploited in the wild.

The big news is that two older zero-day CVEs affecting Exchange Server, made public at the end of September, have finally been fixed. CVE-2022-41040 is a “Critical” elevation of privilege vulnerability, and CVE-2022-41082 is considered Important, allowing Remote Code Execution (RCE) when PowerShell is accessible to the attacker. Both vulnerabilities have been exploited in the wild. Four other CVEs affecting Exchange Server have also been addressed this month. Three are rated as Important, and CVE-2022-41080 is another privilege escalation vulnerability considered Critical. Customers are advised to update their Exchange Server systems immediately, regardless of whether any previously recommended mitigation steps have been applied. The mitigation rules are no longer recommended once systems have been patched.

Three of the new zero-day vulnerabilities are:

  • CVE-2022-41128, a Critical RCE affecting the JScript9 scripting language (Microsoft’s legacy JavaScript dialect, used by their Internet Explorer browser).
  • CVE-2022-41073 is the latest in a storied history of vulnerabilities affecting the Windows Print Spooler, allowing privilege escalation and considered Important.
  • CVE-2022-41125 is also an Important privilege escalation vulnerability, affecting the Windows Next-generation Cryptography (CNG) Key Isolation service.

The fourth zero-day, CVE-2022-41091, was previously disclosed and widely reported on in October. It is a Security Feature Bypass of “Windows Mark of the Web” – a mechanism meant to flag files that have come from an untrusted source.

Exchange Server admins are not the only ones on the hook this month: SharePoint Server is affected by CVE-2022-41062, an Important RCE that could allow an attacker who has Site Member privileges to execute code remotely on the server. CVE-2022-41122, a Spoofing vulnerability that Microsoft rates as “Exploitation more likely” than not, was actually addressed in September’s SharePoint patches but not included in their Security Update Guide at the time.

This month also sees Microsoft’s third non-CVE security advisory of the year, ADV220003, which is a “defense-in-depth” update for older versions of Microsoft Office (2013 and 2016) that improves validation of documents protected via Microsoft’s Information Rights Management (IRM) technology – a feature of somewhat dubious value, meant to help prevent sensitive information from being printed, forwarded, or copied without authorization.

Summary charts

Patch Tuesday - November 2022

Patch Tuesday - November 2022

Patch Tuesday - November 2022

Patch Tuesday - November 2022

Summary tables

Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-41051 Azure RTOS GUIX Studio Remote Code Execution Vulnerability No No 7.8
CVE-2022-41085 Azure CycleCloud Elevation of Privilege Vulnerability No No 7.5
CVE-2022-39327 GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI No No N/A

Developer Tools vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-41119 Visual Studio Remote Code Execution Vulnerability No No 7.8
CVE-2022-41120 Microsoft Windows Sysmon Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41064 .NET Framework Information Disclosure Vulnerability No No 5.8
CVE-2022-39253 GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default No No N/A

ESU vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-41044 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability No No 8.1
CVE-2022-41116 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability No No 5.9

ESU Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-41128 Windows Scripting Languages Remote Code Execution Vulnerability Yes No 8.8
CVE-2022-41047 Microsoft ODBC Driver Remote Code Execution Vulnerability No No 8.8
CVE-2022-41048 Microsoft ODBC Driver Remote Code Execution Vulnerability No No 8.8
CVE-2022-41039 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability No No 8.1
CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability No No 8.1
CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability No No 8.1
CVE-2022-41109 Windows Win32k Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41073 Windows Print Spooler Elevation of Privilege Vulnerability Yes No 7.8
CVE-2022-41057 Windows HTTP.sys Elevation of Privilege Vulnerability No No 7.8
CVE-2022-37992 Windows Group Policy Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41095 Windows Digital Media Receiver Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41045 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41118 Windows Scripting Languages Remote Code Execution Vulnerability No No 7.5
CVE-2022-41058 Windows Network Address Translation (NAT) Denial of Service Vulnerability No No 7.5
CVE-2022-41053 Windows Kerberos Denial of Service Vulnerability No No 7.5
CVE-2022-41056 Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability No No 7.5
CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability No No 7.2
CVE-2022-41097 Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability No No 6.5
CVE-2022-41086 Windows Group Policy Elevation of Privilege Vulnerability No No 6.4
CVE-2022-41090 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability No No 5.9
CVE-2022-41098 Windows GDI+ Information Disclosure Vulnerability No No 5.5
CVE-2022-23824 AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions No No N/A

Exchange Server vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-41080 Microsoft Exchange Server Elevation of Privilege Vulnerability No No 8.8
CVE-2022-41078 Microsoft Exchange Server Spoofing Vulnerability No No 8
CVE-2022-41079 Microsoft Exchange Server Spoofing Vulnerability No No 8
CVE-2022-41123 Microsoft Exchange Server Elevation of Privilege Vulnerability No No 7.8

Microsoft Dynamics vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-41066 Microsoft Business Central Information Disclosure Vulnerability No No 4.4

Microsoft Office vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-41062 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8
CVE-2022-41061 Microsoft Word Remote Code Execution Vulnerability No No 7.8
CVE-2022-41107 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8
CVE-2022-41106 Microsoft Excel Remote Code Execution Vulnerability No No 7.8
CVE-2022-41063 Microsoft Excel Remote Code Execution Vulnerability No No 7.8
CVE-2022-41122 Microsoft SharePoint Server Spoofing Vulnerability No No 6.5
CVE-2022-41060 Microsoft Word Information Disclosure Vulnerability No No 5.5
CVE-2022-41103 Microsoft Word Information Disclosure Vulnerability No No 5.5
CVE-2022-41104 Microsoft Excel Security Feature Bypass Vulnerability No No 5.5
CVE-2022-41105 Microsoft Excel Information Disclosure Vulnerability No No 5.5

Open Source Software Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-38014 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability No No 7
CVE-2022-3786 OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun No No N/A
CVE-2022-3602 OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun No No N/A

Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-41088 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability No No 8.1
CVE-2022-41092 Windows Win32k Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41113 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41054 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41101 Windows Overlay Filter Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41102 Windows Overlay Filter Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41052 Windows Graphics Component Remote Code Execution Vulnerability No No 7.8
CVE-2022-41050 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41125 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Yes No 7.8
CVE-2022-41100 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41093 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41096 Microsoft DWM Core Library Elevation of Privilege Vulnerability No No 7.8
CVE-2022-41114 Windows Bind Filter Driver Elevation of Privilege Vulnerability No No 7
CVE-2022-38015 Windows Hyper-V Denial of Service Vulnerability No No 6.5
CVE-2022-41055 Windows Human Interface Device Information Disclosure Vulnerability No No 5.5
CVE-2022-41091 Windows Mark of the Web Security Feature Bypass Vulnerability Yes Yes 5.4
CVE-2022-41049 Windows Mark of the Web Security Feature Bypass Vulnerability No No 5.4
CVE-2022-41099 BitLocker Security Feature Bypass Vulnerability No No 4.6
Patch Tuesday - October 2022

The October batch of CVEs published by Microsoft includes 96 vulnerabilities, including 12 fixed earlier this month that affect the Chromium project used by their Edge browser.

Top of mind for many this month is whether Microsoft would patch the two Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) disclosed at the end of September. While Microsoft was relatively quick to acknowledge the vulnerabilities and provide mitigation steps, their guidance has continually changed as the recommended rules to block attack traffic get bypassed. This whack-a-mole approach seems likely to continue until a proper patch addressing the root causes is available; unfortunately, it doesn’t look like that will be happening today. Thankfully, the impact should be more limited than 2021’s ProxyShell and ProxyLogon vulnerabilities due to attackers needing to be authenticated to the server for successful exploitation. Reports are also surfacing about an additional zero-day distinct from these being used in ransomware attacks; however, these have not yet been substantiated.

Microsoft did address two other zero-day vulnerabilities with today’s patches. CVE-2022-41033, an Elevation of Privilege vulnerability affecting the COM+ Event System Service in all supported versions of Windows, has been seen exploited in the wild. CVE-2022-41043 is an Information Disclosure vulnerability affecting Office for Mac that was publicly disclosed but not (yet) seen exploited in the wild.

Nine CVEs categorized as Remote Code Execution (RCE) with Critical severity were also patched today – seven of them affect the Point-to-Point Tunneling Protocol, and like those fixed last month, require an attacker to win a race condition to exploit them. CVE-2022-38048 affects all supported versions of Office, and CVE-2022-41038 could allow an attacker authenticated to SharePoint to execute arbitrary code on the server, provided the account has “Manage List” permissions.

Maxing out the CVSS base score with a 10.0 this month is CVE-2022-37968, an Elevation of Privilege vulnerability in the Azure Arc-enabled Kubernetes cluster Connect component. It’s unclear why Microsoft has assigned such a high score, given that an attacker would need to know the randomly generated external DNS endpoint for an Azure Arc-enabled Kubernetes cluster (arguably making the Attack Complexity “High”). That said, if this condition is met then an unauthenticated user could become a cluster admin and potentially gain control over the Kubernetes cluster. Users of Azure Arc and Azure Stack Edge should check whether auto-updates are turned on, and if not, upgrade manually as soon as possible.

Summary charts

Patch Tuesday - October 2022
Patch Tuesday - October 2022
Patch Tuesday - October 2022
Patch Tuesday - October 2022

Summary tables

Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-37968 Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability No No 10 Yes
CVE-2022-38017 StorSimple 8000 Series Elevation of Privilege Vulnerability No No 6.8 Yes
CVE-2022-35829 Service Fabric Explorer Spoofing Vulnerability No No 6.2 Yes

Browser vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-41035 Microsoft Edge (Chromium-based) Spoofing Vulnerability No No 8.3 Yes
CVE-2022-3373 Chromium: CVE-2022-3373 Out of bounds write in V8 No No N/A Yes
CVE-2022-3370 Chromium: CVE-2022-3370 Use after free in Custom Elements No No N/A Yes
CVE-2022-3317 Chromium: CVE-2022-3317 Insufficient validation of untrusted input in Intents No No N/A Yes
CVE-2022-3316 Chromium: CVE-2022-3316 Insufficient validation of untrusted input in Safe Browsing No No N/A Yes
CVE-2022-3315 Chromium: CVE-2022-3315 Type confusion in Blink No No N/A Yes
CVE-2022-3313 Chromium: CVE-2022-3313 Incorrect security UI in Full Screen No No N/A Yes
CVE-2022-3311 Chromium: CVE-2022-3311 Use after free in Import No No N/A Yes
CVE-2022-3310 Chromium: CVE-2022-3310 Insufficient policy enforcement in Custom Tabs No No N/A Yes
CVE-2022-3308 Chromium: CVE-2022-3308 Insufficient policy enforcement in Developer Tools No No N/A Yes
CVE-2022-3307 Chromium: CVE-2022-3307 Use after free in Media No No N/A Yes
CVE-2022-3304 Chromium: CVE-2022-3304 Use after free in CSS No No N/A Yes

Developer Tools vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-41034 Visual Studio Code Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-41083 Visual Studio Code Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-41032 NuGet Client Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-41042 Visual Studio Code Information Disclosure Vulnerability No No 7.4 Yes

Microsoft Office vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-41038 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-41036 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-41037 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-38053 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-41031 Microsoft Word Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-38048 Microsoft Office Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-38049 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-38001 Microsoft Office Spoofing Vulnerability No No 6.5 Yes
CVE-2022-41043 Microsoft Office Information Disclosure Vulnerability No Yes 3.3 Yes

System Center vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-37971 Microsoft Windows Defender Elevation of Privilege Vulnerability No No 7.1 Yes

Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-38016 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability No No 8.8 Yes
CVE-2022-38045 Server Service Remote Protocol Elevation of Privilege Vulnerability No No 8.8 Yes
CVE-2022-37984 Windows WLAN Service Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-38003 Windows Resilient File System Elevation of Privilege No No 7.8 Yes
CVE-2022-38028 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-38039 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37995 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37979 Windows Hyper-V Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37970 Windows DWM Core Library Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37980 Windows DHCP Client Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-38050 Win32k Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37983 Microsoft DWM Core Library Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37998 Windows Local Session Manager (LSM) Denial of Service Vulnerability No No 7.7 Yes
CVE-2022-37973 Windows Local Session Manager (LSM) Denial of Service Vulnerability No No 7.7 Yes
CVE-2022-38036 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability No No 7.5 No
CVE-2022-38027 Windows Storage Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-38021 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-37974 Windows Mixed Reality Developer Tools Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-38046 Web Account Manager Information Disclosure Vulnerability No No 6.2 Yes
CVE-2022-37965 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability No No 5.9 Yes
CVE-2022-37996 Windows Kernel Memory Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-38025 Windows Distributed File System (DFS) Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-38030 Windows USB Serial Driver Information Disclosure Vulnerability No No 4.3 Yes

Windows ESU vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-37982 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-38031 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-38040 Microsoft ODBC Driver Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-37976 Active Directory Certificate Services Elevation of Privilege Vulnerability No No 8.8 Yes
CVE-2022-30198 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-22035 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-24504 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-33634 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-38047 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-38000 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-41081 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-37986 Windows Win32k Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37988 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-38037 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-38038 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37990 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37991 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37999 Windows Group Policy Preference Client Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37993 Windows Group Policy Preference Client Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37994 Windows Group Policy Preference Client Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37975 Windows Group Policy Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-38051 Windows Graphics Component Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37997 Windows Graphics Component Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-33635 Windows GDI+ Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-37987 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37989 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-41033 Windows COM+ Event System Service Elevation of Privilege Vulnerability Yes No 7.8 Yes
CVE-2022-38044 Windows CD-ROM File System Driver Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-33645 Windows TCP/IP Driver Denial of Service Vulnerability No No 7.5 No
CVE-2022-38041 Windows Secure Channel Denial of Service Vulnerability No No 7.5 No
CVE-2022-34689 Windows CryptoAPI Spoofing Vulnerability No No 7.5 Yes
CVE-2022-37978 Windows Active Directory Certificate Services Security Feature Bypass No No 7.5 Yes
CVE-2022-38042 Active Directory Domain Services Elevation of Privilege Vulnerability No No 7.1 Yes
CVE-2022-38029 Windows ALPC Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-38033 Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-35770 Windows NTLM Spoofing Vulnerability No No 6.5 Yes
CVE-2022-37977 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability No No 6.5 No
CVE-2022-38032 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability No No 5.9 Yes
CVE-2022-38043 Windows Security Support Provider Interface Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-37985 Windows Graphics Component Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-38026 Windows DHCP Client Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-38034 Windows Workstation Service Elevation of Privilege Vulnerability No No 4.3 Yes
CVE-2022-37981 Windows Event Logging Service Denial of Service Vulnerability No No 4.3 Yes
CVE-2022-38022 Windows Kernel Elevation of Privilege Vulnerability No No 2.5 Yes
Patch Tuesday - September 2022

This month’s Patch Tuesday is on the lighter side, with 79 CVEs being fixed by Microsoft (including 16 CVEs affecting Chromium, used by their Edge browser, that were already available). One zero-day was announced: CVE-2022-37969 is an elevation of privilege vulnerability affecting the Log File System Driver in all supported versions of Windows, allowing attackers to gain SYSTEM-level access on an asset they’ve already got an initial foothold in. Interestingly, Microsoft credits four separate researchers/organizations for independently reporting this, which may be indicative of relatively widespread exploitation. Also previously disclosed (in March), though less useful to attackers, Microsoft has released a fix for CVE-2022-23960 (aka Spectre-BHB) for Windows 11 on ARM64.

Some of the more noteworthy vulnerabilities this month affect Windows systems with IPSec enabled. CVE-2022-34718 allows remote code execution (RCE) on any Windows system reachable via IPv6; CVE-2022-34721 and CVE-2022-34722 are RCE vulnerabilities in the Windows Internet Key Exchange (IKE) Protocol Extensions. All three CVEs are ranked Critical and carry a CVSSv3 base score of 9.8. Rounding out the Critical RCEs this month are CVE-2022-35805 and CVE-2022-34700, both of which affect Microsoft Dynamics (on-premise) and have a CVSSv3 base score of 8.8. Any such systems should be updated immediately.

SharePoint administrators should also be aware of four separate RCEs being addressed this month. They’re ranked Important, meaning Microsoft recommends applying the updates at the earliest opportunity. Finally, a large swath of CVEs affecting OLE DB Provider for SQL Server and the Microsoft ODBC Driver were also fixed. These require some social engineering to exploit, by convincing a user to either connect to a malicious SQL Server or open a maliciously crafted .mdb (Access) file.

Summary charts

Patch Tuesday - September 2022
Patch Tuesday - September 2022
Patch Tuesday - September 2022
Patch Tuesday - September 2022

Summary tables

Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-38007 Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability No No 7.8 Yes

Browser vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-38012 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability No No 7.7 Yes
CVE-2022-3075 Chromium: CVE-2022-3075 Insufficient data validation in Mojo No No N/A Yes
CVE-2022-3058 Chromium: CVE-2022-3058 Use after free in Sign-In Flow No No N/A Yes
CVE-2022-3057 Chromium: CVE-2022-3057 Inappropriate implementation in iframe Sandbox No No N/A Yes
CVE-2022-3056 Chromium: CVE-2022-3056 Insufficient policy enforcement in Content Security Policy No No N/A Yes
CVE-2022-3055 Chromium: CVE-2022-3055 Use after free in Passwords No No N/A Yes
CVE-2022-3054 Chromium: CVE-2022-3054 Insufficient policy enforcement in DevTools No No N/A Yes
CVE-2022-3053 Chromium: CVE-2022-3053 Inappropriate implementation in Pointer Lock No No N/A Yes
CVE-2022-3047 Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions API No No N/A Yes
CVE-2022-3046 Chromium: CVE-2022-3046 Use after free in Browser Tag No No N/A Yes
CVE-2022-3045 Chromium: CVE-2022-3045 Insufficient validation of untrusted input in V8 No No N/A Yes
CVE-2022-3044 Chromium: CVE-2022-3044 Inappropriate implementation in Site Isolation No No N/A Yes
CVE-2022-3041 Chromium: CVE-2022-3041 Use after free in WebSQL No No N/A Yes
CVE-2022-3040 Chromium: CVE-2022-3040 Use after free in Layout No No N/A Yes
CVE-2022-3039 Chromium: CVE-2022-3039 Use after free in WebSQL No No N/A Yes
CVE-2022-3038 Chromium: CVE-2022-3038 Use after free in Network Service No No N/A Yes

Developer Tools vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-26929 .NET Framework Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-38013 .NET Core and Visual Studio Denial of Service Vulnerability No No 7.5 No
CVE-2022-38020 Visual Studio Code Elevation of Privilege Vulnerability No No 7.3 Yes

ESU vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-37964 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 No

Microsoft Dynamics vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-35805 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-34700 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability No No 8.8 Yes

Microsoft Office vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-38008 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-38009 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-37961 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-35823 Microsoft SharePoint Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-37962 Microsoft PowerPoint Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-38010 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-37963 Microsoft Office Visio Remote Code Execution Vulnerability No No 7.8 Yes

System Center vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-35828 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability No No 7.8 Yes

Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-35841 Windows Enterprise App Management Service Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-30196 Windows Secure Channel Denial of Service Vulnerability No No 8.2 Yes
CVE-2022-37957 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37954 DirectX Graphics Kernel Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-38019 AV1 Video Extension Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-35838 HTTP V3 Denial of Service Vulnerability No No 7.5 No
CVE-2022-38011 Raw Image Extension Remote Code Execution Vulnerability No No 7.3 Yes
CVE-2022-26928 Windows Photo Import API Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-34725 Windows ALPC Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-37959 Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability No No 6.5 Yes
CVE-2022-35831 Windows Remote Access Connection Manager Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-34723 Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-23960 Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability No Yes N/A Yes

Windows ESU vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-34718 Windows TCP/IP Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-34721 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-34722 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-35834 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-35835 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-35836 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-35840 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-34731 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-34733 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-34726 Microsoft ODBC Driver Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-34727 Microsoft ODBC Driver Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-34730 Microsoft ODBC Driver Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-34732 Microsoft ODBC Driver Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-34734 Microsoft ODBC Driver Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-33679 Windows Kerberos Elevation of Privilege Vulnerability No No 8.1 Yes
CVE-2022-33647 Windows Kerberos Elevation of Privilege Vulnerability No No 8.1 Yes
CVE-2022-35830 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-38005 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-30200 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-37956 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37955 Windows Group Policy Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-34729 Windows GDI Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-38004 Windows Fax Service Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-34719 Windows Distributed File System (DFS) Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-37969 Windows Common Log File System Driver Elevation of Privilege Vulnerability Yes Yes 7.8 Yes
CVE-2022-35803 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35833 Windows Secure Channel Denial of Service Vulnerability No No 7.5 No
CVE-2022-34720 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability No No 7.5 No
CVE-2022-34724 Windows DNS Server Denial of Service Vulnerability No No 7.5 No
CVE-2022-37958 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability No No 7.5 Yes
CVE-2022-30170 Windows Credential Roaming Service Elevation of Privilege Vulnerability No No 7.3 Yes
CVE-2022-38006 Windows Graphics Component Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-34728 Windows Graphics Component Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-35832 Windows Event Tracing Denial of Service Vulnerability No No 5.5 No
CVE-2022-35837 Windows Graphics Component Information Disclosure Vulnerability No No 5 Yes

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


Patch Tuesday - August 2022

It's the week of Hacker Summer Camp in Las Vegas, and Microsoft has published fixes for 141 separate vulnerabilities in their swath of August updates. This is a new monthly record by raw CVE count, but from a patching perspective, the numbers are slightly less dire. 20 CVEs affect their Chromium-based Edge browser, and 34 affect Azure Site Recovery (up from 32 CVEs affecting that product last month). As usual, OS-level updates will address a lot of these, but note that some extra configuration is required to fully protect Exchange Server this month.

There is one 0-day being patched this month. CVE-2022-34713 is a remote code execution (RCE) vulnerability affecting the Microsoft Windows Support Diagnostic Tool (MSDT) – it carries a CVSSv3 base score of 7.8, as it requires convincing a potential victim to open a malicious file. The advisory indicates that this CVE is a variant of the “Dogwalk” vulnerability, which made news alongside Follina (CVE-2022-30190) back in May.

Publicly disclosed, but not (yet) exploited is CVE-2022-30134, an Information Disclosure vulnerability affecting Exchange Server. In this case, simply patching is not sufficient to protect against attackers being able to read targeted email messages. Administrators should enable Extended Protection in order to fully remediate this vulnerability, as well as the five other vulnerabilities affecting Exchange this month. Details about how to accomplish this are available via the Exchange Blog.

Microsoft also patched several flaws affecting Remote Access Server (RAS). The most severe of these (CVE-2022-30133 and CVE-2022-35744) are related to Windows Point-to-Point Tunneling Protocol and could allow RCE simply by sending a malicious connection request to a server. Seven CVEs affecting the Windows Secure Socket Tunneling Protocol (SSTP) on RAS were also fixed this month: six RCEs and one Denial of Service. If you have RAS in your environment but are unable to patch immediately, consider blocking traffic on port 1723 from your network.

Vulnerabilities affecting Windows Network File System (NFS) have been trending in recent months, and today sees Microsoft patching CVE-2022-34715 (RCE, CVSS 9.8) affecting NFSv4.1 on Windows Server 2022.

This is the worst of it. One last vulnerability to highlight: CVE-2022-35797 is a Security Feature Bypass in Windows Hello – Microsoft’s biometric authentication mechanism for Windows 10. Successful exploitation requires physical access to a system, but would allow an attacker to bypass a facial recognition check.

Summary charts

Patch Tuesday - August 2022
Patch Tuesday - August 2022
Patch Tuesday - August 2022
Patch Tuesday - August 2022

Summary tables

Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-35802 Azure Site Recovery Elevation of Privilege Vulnerability No No 8.1 Yes
CVE-2022-30175 Azure RTOS GUIX Studio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-30176 Azure RTOS GUIX Studio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-34687 Azure RTOS GUIX Studio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-35773 Azure RTOS GUIX Studio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-35779 Azure RTOS GUIX Studio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-35806 Azure RTOS GUIX Studio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-35772 Azure Site Recovery Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-35824 Azure Site Recovery Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-33646 Azure Batch Node Agent Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-35780 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35781 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35799 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35775 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35801 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35807 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35808 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35782 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35809 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35784 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35810 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35811 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35785 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35786 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35813 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35788 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35814 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35789 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35815 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35790 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35816 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35817 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35791 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35818 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35819 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-35776 Azure Site Recovery Denial of Service Vulnerability No No 6.2 Yes
CVE-2022-34685 Azure RTOS GUIX Studio Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-34686 Azure RTOS GUIX Studio Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-35774 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-35800 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-35787 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-35821 Azure Sphere Information Disclosure Vulnerability No No 4.4 Yes
CVE-2022-35783 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.4 Yes
CVE-2022-35812 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.4 Yes

Browser vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-33649 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability No No 9.6 Yes
CVE-2022-33636 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability No No 8.3 Yes
CVE-2022-35796 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 7.5 Yes
CVE-2022-2624 Chromium: CVE-2022-2624 Heap buffer overflow in PDF No No N/A Yes
CVE-2022-2623 Chromium: CVE-2022-2623 Use after free in Offline No No N/A Yes
CVE-2022-2622 Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing No No N/A Yes
CVE-2022-2621 Chromium: CVE-2022-2621 Use after free in Extensions No No N/A Yes
CVE-2022-2619 Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings No No N/A Yes
CVE-2022-2618 Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals No No N/A Yes
CVE-2022-2617 Chromium: CVE-2022-2617 Use after free in Extensions API No No N/A Yes
CVE-2022-2616 Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API No No N/A Yes
CVE-2022-2615 Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies No No N/A Yes
CVE-2022-2614 Chromium: CVE-2022-2614 Use after free in Sign-In Flow No No N/A Yes
CVE-2022-2612 Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input No No N/A Yes
CVE-2022-2611 Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API No No N/A Yes
CVE-2022-2610 Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch No No N/A Yes
CVE-2022-2606 Chromium: CVE-2022-2606 Use after free in Managed devices API No No N/A Yes
CVE-2022-2605 Chromium: CVE-2022-2605 Out of bounds read in Dawn No No N/A Yes
CVE-2022-2604 Chromium: CVE-2022-2604 Use after free in Safe Browsing No No N/A Yes
CVE-2022-2603 Chromium: CVE-2022-2603 Use after free in Omnibox No No N/A Yes

Developer Tools vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-35777 Visual Studio Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-35825 Visual Studio Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-35826 Visual Studio Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-35827 Visual Studio Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-34716 .NET Spoofing Vulnerability No No 5.9 Yes

ESU Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-30133 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-35744 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-34691 Active Directory Domain Services Elevation of Privilege Vulnerability No No 8.8 Yes
CVE-2022-34714 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-35745 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-35752 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-35753 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-34702 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-35767 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-34706 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-34707 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35768 Windows Kernel Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35756 Windows Kerberos Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35751 Windows Hyper-V Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35795 Windows Error Reporting Service Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35820 Windows Bluetooth Driver Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35750 Win32k Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-34713 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Yes Yes 7.8 Yes
CVE-2022-35743 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-35760 Microsoft ATA Port Driver Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-30194 Windows WebBrowser Control Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-35769 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability No No 7.5 No
CVE-2022-35793 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.3 Yes
CVE-2022-34690 Windows Fax Service Elevation of Privilege Vulnerability No No 7.1 Yes
CVE-2022-35759 Windows Local Security Authority (LSA) Denial of Service Vulnerability No No 6.5 No
CVE-2022-35747 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability No No 5.9 Yes
CVE-2022-35758 Windows Kernel Memory Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-34708 Windows Kernel Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-34701 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability No No 5.3 No

Exchange Server vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-21980 Microsoft Exchange Server Elevation of Privilege Vulnerability No No 8 Yes
CVE-2022-24516 Microsoft Exchange Server Elevation of Privilege Vulnerability No No 8 Yes
CVE-2022-24477 Microsoft Exchange Server Elevation of Privilege Vulnerability No No 8 Yes
CVE-2022-30134 Microsoft Exchange Information Disclosure Vulnerability No Yes 7.6 Yes
CVE-2022-34692 Microsoft Exchange Information Disclosure Vulnerability No No 5.3 Yes
CVE-2022-21979 Microsoft Exchange Information Disclosure Vulnerability No No 4.8 Yes

Microsoft Office vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-34717 Microsoft Office Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-33648 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-35742 Microsoft Outlook Denial of Service Vulnerability No No 7.5 Yes
CVE-2022-33631 Microsoft Excel Security Feature Bypass Vulnerability No No 7.3 Yes

System Center Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-33640 System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability No No 7.8 Yes

Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-34715 Windows Network File System Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-35804 SMB Client and Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-35761 Windows Kernel Elevation of Privilege Vulnerability No No 8.4 Yes
CVE-2022-35766 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-35794 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-34699 Windows Win32k Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-33670 Windows Partition Management Driver Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-34703 Windows Partition Management Driver Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-34696 Windows Hyper-V Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-35746 Windows Digital Media Receiver Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35749 Windows Digital Media Receiver Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-34705 Windows Defender Credential Guard Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35771 Windows Defender Credential Guard Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35762 Storage Spaces Direct Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35763 Storage Spaces Direct Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35764 Storage Spaces Direct Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35765 Storage Spaces Direct Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-35792 Storage Spaces Direct Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-30144 Windows Bluetooth Service Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-35748 HTTP.sys Denial of Service Vulnerability No No 7.5 Yes
CVE-2022-35755 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.3 Yes
CVE-2022-35757 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability No No 7.3 Yes
CVE-2022-35754 Unified Write Filter Elevation of Privilege Vulnerability No No 6.7 Yes
CVE-2022-35797 Windows Hello Security Feature Bypass Vulnerability No No 6.1 Yes
CVE-2022-34709 Windows Defender Credential Guard Security Feature Bypass Vulnerability No No 6 Yes
CVE-2022-30197 Windows Kernel Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-34710 Windows Defender Credential Guard Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-34712 Windows Defender Credential Guard Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-34704 Windows Defender Credential Guard Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-34303 CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass No No N/A Yes
CVE-2022-34302 CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass No No N/A Yes
CVE-2022-34301 CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass No No N/A Yes

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


Patch Tuesday - July 2022

Microsoft’s updates for July's Patch Tuesday fix 86 CVEs, including two vulnerabilities in their Chromium-based Edge browser that were patched earlier in the month.

One 0-day vulnerability has been patched: CVE-2022-22047 affects all currently supported versions of Microsoft’s pervasive operating system. This is an elevation-of-privilege vulnerability in the Windows Client Server Runtime Subsystem (CSRSS), a critical service that is often impersonated by malware. An attacker with an already-existing foothold can exploit this vulnerability to gain SYSTEM-level privileges. Two similar vulnerabilities in CSRSS (CVE-2022-22049 and CVE-2022-22026) were also fixed, likely as a result of Microsoft’s investigation into the in-the-wild exploitation of CVE-2022-22047.

Four critical remote code execution (RCE) vulnerabilities were fixed today. CVE-2022-22029 and CVE-2022-22039 affect network file system (NFS) servers, and CVE-2022-22038 affects the remote procedure call (RPC) runtime. Although all three of these will be relatively tricky for attackers to exploit due to the amount of sustained data that needs to be transmitted, administrators should patch sooner rather than later. CVE-2022-30221 supposedly affects the Windows Graphics Component, though Microsoft’s FAQ indicates that exploitation requires users to access a malicious RDP server.

Over a third of today’s vulnerabilities (a whopping 32 CVEs) affect their Azure Site Recovery offering. Anyone making use of this VMWare-to-Azure backup solution should be sure to upgrade to version 9.49 of the Microsoft Azure Site Recovery Unified Setup, available in Update rollup 62.

Summary charts

Patch Tuesday - July 2022
Patch Tuesday - July 2022
Patch Tuesday - July 2022
Patch Tuesday - July 2022

Summary tables

Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-33676 Azure Site Recovery Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-33678 Azure Site Recovery Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-33674 Azure Site Recovery Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-33675 Azure Site Recovery Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-33677 Azure Site Recovery Elevation of Privilege Vulnerability No No 7.2 Yes
CVE-2022-30181 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33641 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33643 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33655 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33656 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33657 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33661 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33662 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33663 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33665 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33666 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33667 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33672 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33673 Azure Site Recovery Elevation of Privilege Vulnerability No No 6.5 Yes
CVE-2022-33642 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-33650 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-33651 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-33653 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-33654 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-33659 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-33660 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-33664 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-33668 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-33669 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-33671 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.9 Yes
CVE-2022-33652 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.4 Yes
CVE-2022-33658 Azure Site Recovery Elevation of Privilege Vulnerability No No 4.4 Yes

Azure Microsoft Dynamics vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-30187 Azure Storage Library Information Disclosure Vulnerability No No 4.7 Yes

Browser vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-2295 Chromium: CVE-2022-2295 Type Confusion in V8 No No N/A Yes
CVE-2022-2294 Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC No No N/A Yes

Microsoft Office vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-33633 Skype for Business and Lync Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-33632 Microsoft Office Security Feature Bypass Vulnerability No No 4.7 Yes

System Center vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-33637 Microsoft Defender for Endpoint Tampering Vulnerability No No 6.5 Yes

Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-33644 Xbox Live Save Service Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-22045 Windows.Devices.Picker.dll Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-30222 Windows Shell Remote Code Execution Vulnerability No No 8.4 Yes
CVE-2022-30216 Windows Server Service Tampering Vulnerability No No 8.8 Yes
CVE-2022-22041 Windows Print Spooler Elevation of Privilege Vulnerability No No 6.8 Yes
CVE-2022-30214 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-22031 Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-30212 Windows Connected Devices Platform Service Information Disclosure Vulnerability No No 4.7 Yes
CVE-2022-22711 Windows BitLocker Information Disclosure Vulnerability No No 6.7 Yes
CVE-2022-22038 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-27776 HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data No No N/A Yes
CVE-2022-30215 Active Directory Federation Services Elevation of Privilege Vulnerability No No 7.5 Yes

Windows ESU vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-30208 Windows Security Account Manager (SAM) Denial of Service Vulnerability No No 6.5 No
CVE-2022-30206 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-30226 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.1 Yes
CVE-2022-22022 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.1 Yes
CVE-2022-22023 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability No No 6.6 Yes
CVE-2022-22029 Windows Network File System Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-22039 Windows Network File System Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-22028 Windows Network File System Information Disclosure Vulnerability No No 5.9 Yes
CVE-2022-30225 Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability No No 7.1 Yes
CVE-2022-30211 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-21845 Windows Kernel Information Disclosure Vulnerability No No 4.7 Yes
CVE-2022-22025 Windows Internet Information Services Cachuri Module Denial of Service Vulnerability No No 7.5 No
CVE-2022-30209 Windows IIS Server Elevation of Privilege Vulnerability No No 7.4 Yes
CVE-2022-22042 Windows Hyper-V Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-30223 Windows Hyper-V Information Disclosure Vulnerability No No 5.7 Yes
CVE-2022-30205 Windows Group Policy Elevation of Privilege Vulnerability No No 6.6 Yes
CVE-2022-30221 Windows Graphics Component Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-22034 Windows Graphics Component Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-30213 Windows GDI+ Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-22024 Windows Fax Service Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-22027 Windows Fax Service Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-22050 Windows Fax Service Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-22043 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-30220 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-22026 Windows CSRSS Elevation of Privilege Vulnerability No No 8.8 Yes
CVE-2022-22047 Windows CSRSS Elevation of Privilege Vulnerability Yes No 7.8 Yes
CVE-2022-22049 Windows CSRSS Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-30203 Windows Boot Manager Security Feature Bypass Vulnerability No No 7.4 Yes
CVE-2022-22037 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability No No 7.5 Yes
CVE-2022-30202 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-30224 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-22036 Performance Counters for Windows Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-22040 Internet Information Services Dynamic Compression Module Denial of Service Vulnerability No No 7.3 Yes
CVE-2022-22048 BitLocker Security Feature Bypass Vulnerability No No 6.1 Yes
CVE-2022-23825 AMD: CVE-2022-23825 AMD CPU Branch Type Confusion No No N/A Yes
CVE-2022-23816 AMD: CVE-2022-23816 AMD CPU Branch Type Confusion No No N/A Yes

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


Patch Tuesday - June 2022

July's Patch Tuesday sees Microsoft releasing fixes for over 60 CVEs. Top of mind for many administrators this month is CVE-2022-30190, also known as Follina, which was observed being exploited in the wild at the end of May. Microsoft provided mitigation instructions (disabling the MSDT URL protocol via the registry), but actual patches were not available until today’s cumulative Windows Updates. Even if the mitigation was previously applied, installing the updates is highly recommended.

None of the other CVEs being addressed this month have been previously disclosed or seen exploited yet. However, it won’t be long before attackers start looking at CVE-2022-30136, a critical remote code execution (RCE) vulnerability affecting the Windows Network File System (NFS). Last month, Microsoft fixed a similar vulnerability (CVE-2022-26937) affecting NFS v2.0 and v3.0. CVE-2022-30136, on the other hand, is only exploitable in NFS v4.1. Microsoft has provided mitigation guidance to disable NFS v4.1, which should only be done if the May updates fixing previous NFS versions have been applied. Again, even if the mitigation has been put into place, best to patch sooner rather than later.

Also reminiscent of last month is CVE-2022-30139, a critical RCE in LDAP carrying a CVSSv3 base score of 7.1, which again is only exploitable if the MaxReceiveBuffer LDAP policy value is set higher than the default. Rounding out the critical RCEs for July is CVE-2022-30163, which could allow a malicious application running on a Hyper-V guest to execute code on the host OS.

The other big news this month is the end of support for Internet Explorer 11 (IE11) on Windows 10 Semi-Annual Channels and Windows 10 IoT Semi-Annual Channels, as Microsoft encourages users to adopt the Chromium-based Edge browser (which saw fixes for 5 CVEs this month). Internet Explorer 11 on other versions of Windows should continue receiving security updates and technical support based on the OS support lifecycle, so this is only the beginning of the end for the legacy browser.

Summary charts

Patch Tuesday - June 2022
Patch Tuesday - June 2022
Patch Tuesday - June 2022
Patch Tuesday - June 2022

Summary tables

Apps vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-30168 Microsoft Photos App Remote Code Execution Vulnerability No No 7.8 Yes

Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-30137 Azure Service Fabric Container Elevation of Privilege Vulnerability No No 6.7 Yes
CVE-2022-30177 Azure RTOS GUIX Studio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-30178 Azure RTOS GUIX Studio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-30179 Azure RTOS GUIX Studio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-30180 Azure RTOS GUIX Studio Information Disclosure Vulnerability No No 7.8 Yes

Azure System Center vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-29149 Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability No No 7.8 Yes

Browser vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-22021 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability No No 8.3 Yes
CVE-2022-2011 Chromium: CVE-2022-2011 Use after free in ANGLE No No N/A Yes
CVE-2022-2010 Chromium: CVE-2022-2010 Out of bounds read in compositing No No N/A Yes
CVE-2022-2008 Chromium: CVE-2022-2008 Out of bounds memory access in WebGL No No N/A Yes
CVE-2022-2007 Chromium: CVE-2022-2007 Use after free in WebGPU No No N/A Yes

Developer Tools vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-30184 .NET and Visual Studio Information Disclosure Vulnerability No No 5.5 Yes

ESU Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-30140 Windows iSCSI Discovery Service Remote Code Execution Vulnerability No No 7.1 Yes
CVE-2022-30152 Windows Network Address Translation (NAT) Denial of Service Vulnerability No No 7.5 No
CVE-2022-30135 Windows Media Center Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-30153 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-30161 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-30141 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-30143 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-30149 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-30146 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-30155 Windows Kernel Denial of Service Vulnerability No No 5.5 Yes
CVE-2022-30147 Windows Installer Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-30163 Windows Hyper-V Remote Code Execution Vulnerability No No 8.5 Yes
CVE-2022-30142 Windows File History Remote Code Execution Vulnerability No No 7.1 Yes
CVE-2022-30151 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-30160 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-30166 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-21166 Intel: CVE-2022-21166 Device Register Partial Write (DRPW) No No N/A Yes
CVE-2022-21127 Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) No No N/A Yes
CVE-2022-21125 Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) No No N/A Yes
CVE-2022-21123 Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) No No N/A Yes

Microsoft Office vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-30157 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-30158 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-30174 Microsoft Office Remote Code Execution Vulnerability No No 7.4 Yes
CVE-2022-30159 Microsoft Office Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-30171 Microsoft Office Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-30172 Microsoft Office Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-30173 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes

SQL Server vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-29143 Microsoft SQL Server Remote Code Execution Vulnerability No No 7.5 Yes

Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-32230 Windows SMB Denial of Service Vulnerability No No N/A Yes
CVE-2022-30136 Windows Network File System Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-30139 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-30162 Windows Kernel Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-30165 Windows Kerberos Elevation of Privilege Vulnerability No No 8.8 Yes
CVE-2022-30145 Windows Encrypting File System (EFS) Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-30148 Windows Desired State Configuration (DSC) Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-30150 Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability No No 7.5 Yes
CVE-2022-30132 Windows Container Manager Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-30131 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-30189 Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability No No 6.5 Yes
CVE-2022-30154 Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability No No 5.3 Yes
CVE-2022-30164 Kerberos AppContainer Security Feature Bypass Vulnerability No No 8.4 Yes
CVE-2022-29111 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-22018 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-30188 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-29119 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-30167 AV1 Video Extension Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-30193 AV1 Video Extension Remote Code Execution Vulnerability No No 7.8 Yes

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


Additional reading:

Patch Tuesday - May 2022

This month is par for the course in terms of both number and severity of vulnerabilities being patched by Microsoft. That means there’s plenty of work to be done by system and network administrators, as usual.

There is one 0-day this month: CVE-2022-26925, a Spoofing vulnerability in the Windows Local Security Authority (LSA) subsystem, which allows attackers able to perform a man-in-the-middle attack to force domain controllers to authenticate to the attacker using NTLM authentication. This is very bad news when used in conjunction with an NTLM relay attack, potentially leading to remote code execution (RCE). This bug affects all supported versions of Windows, but Domain Controllers should be patched on a priority basis before updating other servers.

Two other CVEs were also publicly disclosed before today’s releases, though they have not yet been seen exploited in the wild. CVE-2022-22713 is a denial-of-service vulnerability that affects Hyper-V servers running relatively recent versions of Windows (20H2 and later). CVE-2022-29972 is a Critical RCE that affects the Amazon Redshift ODBC driver used by Microsoft’s Self-hosted Integration Runtime (a client agent that enables on-premises data sources to exchange data with cloud services such as Azure Data Factory and Azure Synapse Pipelines). This vulnerability also prompted Microsoft to publish their first guidance-based advisory of the year, ADV220001, indicating their plans to strengthen tenant isolation in their cloud services without actually providing any specific details or actions to be taken by customers.

All told, 74 CVEs were fixed this month, the vast majority of which affect functionality within the Windows operating system. Other notable vulnerabilities include CVE-2022-21972 and CVE-2022-23270, critical RCEs in the Point-to-Point Tunneling Protocol. Exploitation requires attackers to win a race condition, which increases the complexity, but if you have any RAS servers in your environment, patch sooner rather than later.

CVE-2022-26937 carries a CVSSv3 score of 9.8 and affects services using the Windows Network File System (NFS). This can be mitigated by disabling NFSV2 and NFSV3 on the server; however, this may cause compatibility issues, and upgrading is highly recommended.

CVE-2022-22017 is yet another client-side Remote Desktop Protocol (RDP) vulnerability. While not as worrisome as when an RCE affects RDP servers, if a user can be enticed to connect to a malicious RDP server via social engineering tactics, an attacker will gain RCE on their system.

Sharepoint Server administrators should be aware of CVE-2022-29108, a post-authentication RCE fixed today. Exchange admins have CVE-2022-21978 to worry about, which could allow an attacker with elevated privileges on an Exchange server to gain the rights of a Domain Administrator.

A host of Lightweight Directory Access Protocol (LDAP) vulnerabilities were also addressed this month, including CVE-2022-22012 and CVE-2022-29130 – both RCEs that, thankfully, are only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value.

Although there are no browser vulnerabilities this month, two RCEs affecting Excel (CVE-2022-29109 and CVE-2022-29110) and one Security Feature Bypass affecting Office (CVE-2022-29107) mean there is still some endpoint application patching to do.

Summary charts

Patch Tuesday - May 2022
Patch Tuesday - May 2022
Patch Tuesday - May 2022
Patch Tuesday - May 2022

Summary tables

Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-29972 Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver No Yes N/A Yes

Developer Tools vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-29148 Visual Studio Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-30129 Visual Studio Code Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-23267 .NET and Visual Studio Denial of Service Vulnerability No No 7.5 No
CVE-2022-29117 .NET and Visual Studio Denial of Service Vulnerability No No 7.5 No
CVE-2022-29145 .NET and Visual Studio Denial of Service Vulnerability No No 7.5 No
CVE-2022-30130 .NET Framework Denial of Service Vulnerability No No 3.3 No

ESU Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-26935 Windows WLAN AutoConfig Service Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-29121 Windows WLAN AutoConfig Service Denial of Service Vulnerability No No 6.5 Yes
CVE-2022-26936 Windows Server Service Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-22015 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-29103 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-29132 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26937 Windows Network File System Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-26925 Windows LSA Spoofing Vulnerability Yes Yes 8.1 Yes
CVE-2022-22012 Windows LDAP Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-29130 Windows LDAP Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-22013 Windows LDAP Remote Code Execution Vulnerability No No 8.8 No
CVE-2022-22014 Windows LDAP Remote Code Execution Vulnerability No No 8.8 No
CVE-2022-29128 Windows LDAP Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-29129 Windows LDAP Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-29137 Windows LDAP Remote Code Execution Vulnerability No No 8.8 No
CVE-2022-29139 Windows LDAP Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-29141 Windows LDAP Remote Code Execution Vulnerability No No 8.8 No
CVE-2022-26931 Windows Kerberos Elevation of Privilege Vulnerability No No 7.5 Yes
CVE-2022-26934 Windows Graphics Component Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-29112 Windows Graphics Component Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-22011 Windows Graphics Component Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-29115 Windows Fax Service Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-26926 Windows Address Book Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-22019 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-21972 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-23270 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-29105 Microsoft Windows Media Foundation Remote Code Execution Vulnerability No No 7.8 No
CVE-2022-29127 BitLocker Security Feature Bypass Vulnerability No No 4.2 Yes

Exchange Server vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-21978 Microsoft Exchange Server Elevation of Privilege Vulnerability No No 8.2 Yes

Microsoft Office vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-29108 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-29107 Microsoft Office Security Feature Bypass Vulnerability No No 5.5 Yes
CVE-2022-29109 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-29110 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes

Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-26930 Windows Remote Access Connection Manager Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-29125 Windows Push Notifications Apps Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-29114 Windows Print Spooler Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-29140 Windows Print Spooler Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-29104 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-22016 Windows PlayToManager Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-26933 Windows NTFS Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-29131 Windows LDAP Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-29116 Windows Kernel Information Disclosure Vulnerability No No 4.7 Yes
CVE-2022-29133 Windows Kernel Elevation of Privilege Vulnerability No No 8.8 Yes
CVE-2022-29142 Windows Kernel Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-29106 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-24466 Windows Hyper-V Security Feature Bypass Vulnerability No No 4.1 Yes
CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability No Yes 5.6 Yes
CVE-2022-26927 Windows Graphics Component Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-29102 Windows Failover Cluster Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-29113 Windows Digital Media Receiver Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-29134 Windows Clustered Shared Volume Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-29120 Windows Clustered Shared Volume Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-29122 Windows Clustered Shared Volume Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-29123 Windows Clustered Shared Volume Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-29138 Windows Clustered Shared Volume Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-29135 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-29150 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-29151 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-26913 Windows Authentication Security Feature Bypass Vulnerability No No 7.4 Yes
CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-29126 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-26932 Storage Spaces Direct Elevation of Privilege Vulnerability No No 8.2 Yes
CVE-2022-26938 Storage Spaces Direct Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-26939 Storage Spaces Direct Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-26940 Remote Desktop Protocol Client Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-22017 Remote Desktop Client Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-26923 Active Directory Domain Services Elevation of Privilege Vulnerability No No 8.8 Yes

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.