After seeing overall numbers dip for the last couple of months, July’s Patch Tuesday cranks up the heat with 80 new vulnerabilities. Four of these are critical and one has already been exploited in the wild. While this represents an uptick from May and June, it’s a fairly light load compared to July of last year, which saw a massive spike in vulnerabilities, especially those of critical severity.
This month, we see four critical vulnerabilities addressed across three Microsoft services, including Remote Procedure Call (RPC), Network File System (NFS), and Windows Graphics Component. All four critical vulnerabilities allow for remote code execution, if exploited, and require immediate attention from system administrators to patch within the recommended 72-hour window.
Even though the four critical vulnerabilities in this month’s batch of CVEs have not yet been exploited, we do have a non-critical elevation of privilege vulnerability within the Windows Client Server Runtime Process that’s already been weaponized. It goes without saying that zero-day exploits such as this should be patched within 24 hours of disclosure.
CVE-2022-22038 - Remote Procedure Call Runtime Remote Code Execution Vulnerability - Critical
CVE-2022-22038 appears to be another critical vulnerability discovered by China’s Cyber Kunlun team. This is the same team that disclosed CVE-2022-26809, which gained traction back in April 2022 due to its severity, scope, and possible wormabililty. CVE-2022-22038, similar to CVE-2022-26809, is a critical vulnerability found in Windows Remote Procedure Call (RPC). RPC is an inter-process communication mechanism for data exchange and functionality invocation in a different process, which can be on the same machine, a LAN, or the Internet. According to Shodan, there are a little over 700k devices on the internet with this service open to the public. We expect a lot of focus from exploit developers on this vulnerability in the coming days. This is a vulnerability that, if weaponized, could cause some serious havoc for IT and Security teams. - Chris Hass
CVE-2022-30221 - Windows Graphics Component Remote Code Execution Vulnerability - Critical
CVE-2022-30221 is a critical remote code execution vulnerability impacting the Windows Graphic Component within a large variety of Windows and Windows Server versions. In order to exploit, an attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim’s system in the context of the targeted user. Even with a low attack complexity and an even lower likelihood of exploitation, the fact that this vulnerability impacts a multitude of Windows versions means it presents additional risk to many organizations and should be remediated immediately. - Peter Pflaster
CVE-2022-22029 - Windows Network File System Remote Code Execution Vulnerability - Critical
CVE-2022-22039 - Windows Network File System Remote Code Execution Vulnerability- Critical
Microsoft patched a set of critical vulnerabilities impacting the Windows Network File System (NFS) that allows an attacker to remotely execute code on a large set of Windows Server versions. Windows NFS is a widely used file sharing solution that leverages the NFS protocol to transfer files between Windows Server and Unix-based operating systems.
Both vulnerabilities are present in multiple flavors of Windows Server and can be exploited over the network by making an unauthenticated, specially-crafted call to an NFS service to trigger remote code execution. This type of vulnerability has a high attack complexity as it requires an attacker to invest significant time in repeated exploitation attempts through sending constant or intermittent data. Given the prevalence of Windows NFS in many environments and the fact that NFS vulnerabilities have cropped up multiple times over the past few months, it’s recommended that admins prioritize these vulnerabilities and, at the very least, patch within a 72-hour window. - Justin Knapp
Automox for Easy IT Operations
Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.
Demo Automox and join thousands of companies transforming IT operations into a strategic business driver.
