Luglio 2022 Patch Tuesday di Microsoft risolve 84 difetti insieme allo zero-day sfruttato

Oggi, Microsoft ha rilasciato martedì la patch di luglio 2022, portando alla correzione di 84 vulnerabilità, tra cui un difetto zero-day abusato in modo aggressivo.

Tra questi 84 difetti, quattro sono utilizzati per l’esecuzione di codice in remoto, quindi sono considerati “critici”.

Il numero di bug in ciascuna categoria di difetti è indicato di seguito:

  • 4 La funzionalità di sicurezza ignora le vulnerabilità
  • 5 Vulnerabilità di negazione del servizio
  • 11 Vulnerabilità di divulgazione delle informazioni
  • 12 Vulnerabilità nell’esecuzione di codice a distanza
  • 52 Elevazione delle vulnerabilità dei privilegi

Due vulnerabilità che sono state risolte in precedenza in Microsoft Edge non sono elencate nei conteggi precedenti.

Risolto zero-day sfruttato attivamente

Un errore di elevazione dei privilegi zero-day sfruttato in modo aggressivo è stato corretto dal Patch Tuesday di questo mese.

Una vulnerabilità è classificata come zero-day da Microsoft nel caso in cui venga apertamente rivelata o attivamente abusata senza alcuna correzione ufficiale.

Il punto debole zero-day vigorosamente sfruttato risolto oggi è tracciato come “CVE-2022-22047 – Windows CSRSS Elevation of Privilege Vulnerability”.

Microsoft ha spiegato in un avviso pubblicato oggi: “Un utente malintenzionato che ha sfruttato con successo questa vulnerabilità potrebbe ottenere i privilegi di SISTEMA”.

Sono stati Microsoft Threat Intelligence Center (MSTIC) e Microsoft Security Response Center (MSRC) a scoprire questa vulnerabilità internamente.

Gli esperti di sicurezza hanno contattato Microsoft per ricevere maggiori informazioni su come questo difetto è stato impiegato negli attacchi.

Aggiornamenti di sicurezza del martedì della patch di luglio 2022

Di seguito è riportato l’intero elenco dei difetti risolti e degli avvisi rilasciati negli aggiornamenti del Patch Tuesday di luglio 2022.

Tag    CVE ID        CVE Title    Severity

AMD CPU Branch         CVE-2022-23825          AMD: CVE-2022-23825 AMD CPU Branch Type Confusion   Important

AMD CPU Branch         CVE-2022-23816          AMD: CVE-2022-23816 AMD CPU Branch Type Confusion   Important

Azure Site Recovery     CVE-2022-33665          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33666          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33663          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33664          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33667          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33672          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33673          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33671          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33668          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33661          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33662          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33657          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33656          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33658          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33660          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33659          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33655          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33651          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33650          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33652          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33654          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33653          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33669          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33643          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-30181          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33676          Azure Site Recovery Remote Code Execution Vulnerability         Important

Azure Site Recovery     CVE-2022-33677          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33678          Azure Site Recovery Remote Code Execution Vulnerability         Important

Azure Site Recovery     CVE-2022-33642          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33674          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33675          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33641          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Storage Library  CVE-2022-30187          Azure Storage Library Information Disclosure Vulnerability        Important

Microsoft Defender for Endpoint  CVE-2022-33637          Microsoft Defender for Endpoint Tampering Vulnerability          Important

Microsoft Edge (Chromium-based)         CVE-2022-2295  Chromium: CVE-2022-2295 Type Confusion in V8  Unknown

Microsoft Edge (Chromium-based)         CVE-2022-2294  Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC  Unknown

Microsoft Graphics Component    CVE-2022-22034          Windows Graphics Component Elevation of Privilege Vulnerability         Important

Microsoft Graphics Component    CVE-2022-30213          Windows GDI+ Information Disclosure Vulnerability        Important

Microsoft Graphics Component    CVE-2022-30221          Windows Graphics Component Remote Code Execution Vulnerability    Critical

Microsoft Office CVE-2022-33632          Microsoft Office Security Feature Bypass Vulnerability       Important

Open Source Software CVE-2022-27776          HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data          Important

Role: DNS Server          CVE-2022-30214          Windows DNS Server Remote Code Execution Vulnerability         Important

Role: Windows Fax Service  CVE-2022-22024          Windows Fax Service Remote Code Execution Vulnerability         Important

Role: Windows Fax Service  CVE-2022-22027          Windows Fax Service Remote Code Execution Vulnerability         Important

Role: Windows Hyper-V        CVE-2022-30223          Windows Hyper-V Information Disclosure Vulnerability        Important

Role: Windows Hyper-V        CVE-2022-22042          Windows Hyper-V Information Disclosure Vulnerability        Important

Skype for Business and Microsoft Lync  CVE-2022-33633          Skype for Business and Lync Remote Code Execution Vulnerability     Important

Windows Active Directory    CVE-2022-30215          Active Directory Federation Services Elevation of Privilege Vulnerability         Important

Windows Advanced Local Procedure Call        CVE-2022-30202          Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability  Important

Windows Advanced Local Procedure Call        CVE-2022-30224          Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability  Important

Windows Advanced Local Procedure Call        CVE-2022-22037          Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability  Important

Windows BitLocker      CVE-2022-22711          Windows BitLocker Information Disclosure Vulnerability       Important

Windows BitLocker      CVE-2022-22048          BitLocker Security Feature Bypass Vulnerability       Important

Windows Boot Manager       CVE-2022-30203          Windows Boot Manager Security Feature Bypass Vulnerability         Important

Windows Client/Server Runtime Subsystem   CVE-2022-22026          Windows CSRSS Elevation of Privilege Vulnerability         Important

Windows Client/Server Runtime Subsystem   CVE-2022-22049          Windows CSRSS Elevation of Privilege Vulnerability         Important

Windows Client/Server Runtime Subsystem   CVE-2022-22047          Windows CSRSS Elevation of Privilege Vulnerability         Important

Windows Connected Devices Platform Service        CVE-2022-30212          Windows Connected Devices Platform Service Information Disclosure Vulnerability Important

Windows Credential Guard  CVE-2022-22031          Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability       Important

Windows Fast FAT Driver     CVE-2022-22043          Windows Fast FAT File System Driver Elevation of Privilege Vulnerability         Important

Windows Fax and Scan Service     CVE-2022-22050          Windows Fax Service Elevation of Privilege Vulnerability      Important

Windows Group Policy         CVE-2022-30205          Windows Group Policy Elevation of Privilege Vulnerability Important

Windows IIS        CVE-2022-30209          Windows IIS Server Elevation of Privilege Vulnerability       Important

Windows IIS        CVE-2022-22025          Windows Internet Information Services Cachuri Module Denial of Service Vulnerability  Important

Windows IIS        CVE-2022-22040          Internet Information Services Dynamic Compression Module Denial of Service Vulnerability        Important

Windows Kernel CVE-2022-21845          Windows Kernel Information Disclosure Vulnerability       Important

Windows Media CVE-2022-22045          Windows.Devices.Picker.dll Elevation of Privilege Vulnerability Important

Windows Media CVE-2022-30225          Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability         Important

Windows Network File System     CVE-2022-22029          Windows Network File System Remote Code Execution Vulnerability    Critical

Windows Network File System     CVE-2022-22028          Windows Network File System Information Disclosure Vulnerability      Important

Windows Network File System     CVE-2022-22039          Windows Network File System Remote Code Execution Vulnerability    Critical

Windows Performance Counters   CVE-2022-22036          Performance Counters for Windows Elevation of Privilege Vulnerability Important

Windows Point-to-Point Tunneling Protocol   CVE-2022-30211          Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability       Important

Windows Portable Device Enumerator Service        CVE-2022-22023          Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability          Important

Windows Print Spooler Components     CVE-2022-30206          Windows Print Spooler Elevation of Privilege Vulnerability         Important

Windows Print Spooler Components     CVE-2022-30226          Windows Print Spooler Elevation of Privilege Vulnerability         Important

Windows Print Spooler Components     CVE-2022-22022          Windows Print Spooler Elevation of Privilege Vulnerability         Important

Windows Print Spooler Components     CVE-2022-22041          Windows Print Spooler Elevation of Privilege Vulnerability         Important

Windows Remote Procedure Call Runtime      CVE-2022-22038          Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical

Windows Security Account Manager     CVE-2022-30208          Windows Security Account Manager (SAM) Denial of Service Vulnerability  Important

Windows Server Service       CVE-2022-30216          Windows Server Service Tampering Vulnerability       Important

Windows Shell    CVE-2022-30222          Windows Shell Remote Code Execution Vulnerability       Important

Windows Storage        CVE-2022-30220          Windows Common Log File System Driver Elevation of Privilege Vulnerability         Important

XBox CVE-2022-33644          Xbox Live Save Service Elevation of Privilege Vulnerability          Important