Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0137 Microsoft Patch Tuesday update for Microsoft Windows for July 2022 13 July 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows 10 Windows 11 Windows 8.1 Windows RT 8.1 Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022 Operating System: Windows Resolution: Patch/Upgrade CVE Names: CVE-2022-33644 CVE-2022-30226 CVE-2022-30225 CVE-2022-30224 CVE-2022-30223 CVE-2022-30222 CVE-2022-30221 CVE-2022-30220 CVE-2022-30216 CVE-2022-30215 CVE-2022-30214 CVE-2022-30213 CVE-2022-30212 CVE-2022-30211 CVE-2022-30209 CVE-2022-30208 CVE-2022-30206 CVE-2022-30205 CVE-2022-30203 CVE-2022-30202 CVE-2022-27776 CVE-2022-23825 CVE-2022-23816 CVE-2022-22711 CVE-2022-22050 CVE-2022-22049 CVE-2022-22048 CVE-2022-22047 CVE-2022-22045 CVE-2022-22043 CVE-2022-22042 CVE-2022-22041 CVE-2022-22040 CVE-2022-22039 CVE-2022-22038 CVE-2022-22037 CVE-2022-22036 CVE-2022-22034 CVE-2022-22031 CVE-2022-22029 CVE-2022-22028 CVE-2022-22027 CVE-2022-22026 CVE-2022-22025 CVE-2022-22024 CVE-2022-22023 CVE-2022-22022 CVE-2022-21845 Comment: CVSS (Max): 8.8* CVE-2022-22026 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C) CVSS Source: Microsoft Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C * Not all CVSS available when published Microsoft has noted that CVE-2022-22047 is being actively exploited OVERVIEW Microsoft has released its monthly security patch update for the month of July 2022. This update resolves 49 vulnerabilities across the following product(s): [1] Remote Desktop client Windows 10 Windows 11 Windows 8.1 Windows RT 8.1 Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2022-21845 Information Disclosure Important CVE-2022-22022 Elevation of Privilege Important CVE-2022-22023 Security Feature Bypass Important CVE-2022-22024 Remote Code Execution Important CVE-2022-22025 Denial of Service Important CVE-2022-22026 Elevation of Privilege Important CVE-2022-22027 Remote Code Execution Important CVE-2022-22028 Information Disclosure Important CVE-2022-22029 Remote Code Execution Critical CVE-2022-22031 Elevation of Privilege Important CVE-2022-22034 Elevation of Privilege Important CVE-2022-22036 Elevation of Privilege Important CVE-2022-22037 Elevation of Privilege Important CVE-2022-22038 Remote Code Execution Critical CVE-2022-22039 Remote Code Execution Critical CVE-2022-22040 Denial of Service Important CVE-2022-22041 Elevation of Privilege Important CVE-2022-22042 Information Disclosure Important CVE-2022-22043 Denial of Service Important CVE-2022-22045 Elevation of Privilege Important CVE-2022-22047 Elevation of Privilege Important CVE-2022-22048 Security Feature Bypass Important CVE-2022-22049 Elevation of Privilege Important CVE-2022-22050 Elevation of Privilege Important CVE-2022-22711 Information Disclosure Important CVE-2022-23816 Information Disclosure Important CVE-2022-23825 Information Disclosure Important CVE-2022-27776 Information Disclosure Important CVE-2022-30202 Elevation of Privilege Important CVE-2022-30203 Security Feature Bypass Important CVE-2022-30205 Elevation of Privilege Important CVE-2022-30206 Elevation of Privilege Important CVE-2022-30208 Denial of Service Important CVE-2022-30209 Elevation of Privilege Important CVE-2022-30211 Remote Code Execution Important CVE-2022-30212 Information Disclosure Important CVE-2022-30213 Information Disclosure Important CVE-2022-30214 Remote Code Execution Important CVE-2022-30215 Elevation of Privilege Important CVE-2022-30216 Tampering Important CVE-2022-30220 Elevation of Privilege Important CVE-2022-30221 Remote Code Execution Critical CVE-2022-30222 Remote Code Execution Important CVE-2022-30223 Information Disclosure Important CVE-2022-30224 Elevation of Privilege Important CVE-2022-30225 Denial of Service Important CVE-2022-30225 Elevation of Privilege Important CVE-2022-30226 Elevation of Privilege Important CVE-2022-33644 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5015807, KB5015808, KB5015811, KB5015814, KB5015827 KB5015832, KB5015863, KB5015874, KB5015875, KB5015877 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYs5QtckNZI30y1K9AQgGdhAArOvlgZLW568OnurROcQdavNrdqSuDRTt b8xMx43Rl6XBqUCM/GBvbaf2aGGsDP5rxbBAfLvGhrhywKDGp/z1e3CE3EdwcYIi ytwP++DsZwSavQAaQf4p29UgUpbnIgmhX2mrTl02t49RHD+iEBdhTCpEKRGzfGpU vR9zN0ynYVEJDyh++9btLxFijktADEqO5hYR6G3EUsWGPpJ3nPXGZhGY8l9s+SUY ZIQUv0tU+GNJ1DGvTNWoCgNtQxBsOv6ezRj8SAE0HUZduk1hKgGWL9Qgt5T6E5nY MMVAJ8sK7pg5uNOhjOca8Mx9bdHoU1l6maaIyt85sN5P7iyjWK2PJbIbG45NoN/x cj+aX60K23QHsJKlP8Dh7RDCmS2NOdX9rDhB84how0b3VR8U6Rx+U7zAUFVZRKBm NLz0NwUXwUCt86j7BuyVrk6id3AECmIVuxcH4Z7yzwIRhczeBIuVsWekKPjdeN81 j1aBXyHL0K1lkeV0HCMzxypVtKexJYyVi7YGrkiGzezAnbe/yoEboFjH6mx/lc1v ouFUIrOIaeqhvXJI0ucD/p3pUMWsuvM6Vnk22BLtEOVeFpP9kAYrXZud7YJWzo36 MSRTyzWha0td1qLrs5FR+So/n8QfRwZ6IOQHaFCyN60LppH5zkfawEinj8dI5/1R ZECKkNJ2e24= =IXzB -----END PGP SIGNATURE-----