- Jul 18, 2022

Patch Tuesday patches CVE-2022-22047 and more

The July 2022 Patch Tuesday brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, addressing a flaw in Windows' Client/Server Runtime Subsystem (CSRSS).

Microsoft noted that an attacker who successfully exploited this flaw could gain system privileges, but must first gain access to the system by exploiting the flaw in the code.

Although the vulnerability does not confer the ability to construct wormable payloads (i.e. requires a pre-existing foothold in the system), Microsoft says it's being actively exploited in the wild, so patching should be a priority.

Finally, worth mentioning is this month Microsoft will start testing the new Windows Autopatch service for the business customers who have opted to use it.

Learn more on the latest vulnerabilities fixed in July 2022 Patch Tuesday: Help Net Security

Moscow OT Infrastructure Breached: the Lessons

Here we go again: A Public-Facing Vulnerability in Palo Alto Networks Firewalls

Supply chain attack against open source?

Ransomware accelerates the move to cloud services? The British Library case

The latest SEC cybersecurity incident disclosures - what's the result so far?

UnitedHealth ransomware attack - what's behind it?

Business Email Compromise (BEC), more costly than ransomware?

Latest Exchange vulnerability not serious, but a warning for customers

The Ivanti Blunder - Consider the Risks

Another Vulnerability, Another Scramble for Patching - This Time Fortinet