2022年7月Microsoftによる火曜日のパッチは、悪用されたゼロデイとともに84の欠陥を修正します

本日、マイクロソフトは火曜日に2022年7月のパッチをリリースし、積極的に悪用されたゼロデイ欠陥を含む84の脆弱性を修正しました。

これら84の欠陥のうち、4つはリモートでコードが実行されるために利用されているため、「重大」と見なされます。

各欠陥カテゴリのバグの数は以下のとおりです。

  • 4セキュリティ機能のバイパスの脆弱性
  • 5サービス拒否の脆弱性
  • 11情報開示の脆弱性
  • 12リモートコード実行の脆弱性
  • 52特権の昇格の脆弱性

Microsoft Edgeで以前に修正された2つの脆弱性は、上記のカウントに含まれていません。

積極的に悪用されたゼロデイ修正

積極的に悪用されたゼロデイ特権の昇格の欠陥は、火曜日の今月のパッチによって修正されました。

脆弱性は、公式の修正がなくても公然と明らかにされたり、積極的に悪用されたりした場合に備えて、マイクロソフトによってゼロデイとして分類されます。

本日修正された、悪用されたゼロデイ脆弱性は、「CVE-2022-22047-Windows CSRSS ElevationofPrivilegeVulnerability」として追跡されます。

マイクロソフトは本日公開されたアドバイザリで、「この脆弱性を悪用した攻撃者は、SYSTEM権限を取得する可能性がある」と説明しています。

この脆弱性を内部で発見したのは、Microsoft Threat Intelligence Center(MSTIC)とMicrosoft Security Response Center(MSRC)でした。

セキュリティの専門家がマイクロソフトに連絡して、この欠陥が攻撃にどのように使用されたかについて詳しく教えてもらいました。

2022年7月のパッチ火曜日のセキュリティアップデート

以下は、2022年7月のパッチ火曜日のアップデートで解決された欠陥とリリースされたアドバイザリの全リストです。

Tag    CVE ID        CVE Title    Severity

AMD CPU Branch         CVE-2022-23825          AMD: CVE-2022-23825 AMD CPU Branch Type Confusion   Important

AMD CPU Branch         CVE-2022-23816          AMD: CVE-2022-23816 AMD CPU Branch Type Confusion   Important

Azure Site Recovery     CVE-2022-33665          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33666          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33663          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33664          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33667          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33672          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33673          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33671          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33668          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33661          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33662          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33657          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33656          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33658          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33660          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33659          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33655          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33651          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33650          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33652          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33654          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33653          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33669          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33643          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-30181          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33676          Azure Site Recovery Remote Code Execution Vulnerability         Important

Azure Site Recovery     CVE-2022-33677          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33678          Azure Site Recovery Remote Code Execution Vulnerability         Important

Azure Site Recovery     CVE-2022-33642          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33674          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33675          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Site Recovery     CVE-2022-33641          Azure Site Recovery Elevation of Privilege Vulnerability       Important

Azure Storage Library  CVE-2022-30187          Azure Storage Library Information Disclosure Vulnerability        Important

Microsoft Defender for Endpoint  CVE-2022-33637          Microsoft Defender for Endpoint Tampering Vulnerability          Important

Microsoft Edge (Chromium-based)         CVE-2022-2295  Chromium: CVE-2022-2295 Type Confusion in V8  Unknown

Microsoft Edge (Chromium-based)         CVE-2022-2294  Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC  Unknown

Microsoft Graphics Component    CVE-2022-22034          Windows Graphics Component Elevation of Privilege Vulnerability         Important

Microsoft Graphics Component    CVE-2022-30213          Windows GDI+ Information Disclosure Vulnerability        Important

Microsoft Graphics Component    CVE-2022-30221          Windows Graphics Component Remote Code Execution Vulnerability    Critical

Microsoft Office CVE-2022-33632          Microsoft Office Security Feature Bypass Vulnerability       Important

Open Source Software CVE-2022-27776          HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data          Important

Role: DNS Server          CVE-2022-30214          Windows DNS Server Remote Code Execution Vulnerability         Important

Role: Windows Fax Service  CVE-2022-22024          Windows Fax Service Remote Code Execution Vulnerability         Important

Role: Windows Fax Service  CVE-2022-22027          Windows Fax Service Remote Code Execution Vulnerability         Important

Role: Windows Hyper-V        CVE-2022-30223          Windows Hyper-V Information Disclosure Vulnerability        Important

Role: Windows Hyper-V        CVE-2022-22042          Windows Hyper-V Information Disclosure Vulnerability        Important

Skype for Business and Microsoft Lync  CVE-2022-33633          Skype for Business and Lync Remote Code Execution Vulnerability     Important

Windows Active Directory    CVE-2022-30215          Active Directory Federation Services Elevation of Privilege Vulnerability         Important

Windows Advanced Local Procedure Call        CVE-2022-30202          Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability  Important

Windows Advanced Local Procedure Call        CVE-2022-30224          Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability  Important

Windows Advanced Local Procedure Call        CVE-2022-22037          Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability  Important

Windows BitLocker      CVE-2022-22711          Windows BitLocker Information Disclosure Vulnerability       Important

Windows BitLocker      CVE-2022-22048          BitLocker Security Feature Bypass Vulnerability       Important

Windows Boot Manager       CVE-2022-30203          Windows Boot Manager Security Feature Bypass Vulnerability         Important

Windows Client/Server Runtime Subsystem   CVE-2022-22026          Windows CSRSS Elevation of Privilege Vulnerability         Important

Windows Client/Server Runtime Subsystem   CVE-2022-22049          Windows CSRSS Elevation of Privilege Vulnerability         Important

Windows Client/Server Runtime Subsystem   CVE-2022-22047          Windows CSRSS Elevation of Privilege Vulnerability         Important

Windows Connected Devices Platform Service        CVE-2022-30212          Windows Connected Devices Platform Service Information Disclosure Vulnerability Important

Windows Credential Guard  CVE-2022-22031          Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability       Important

Windows Fast FAT Driver     CVE-2022-22043          Windows Fast FAT File System Driver Elevation of Privilege Vulnerability         Important

Windows Fax and Scan Service     CVE-2022-22050          Windows Fax Service Elevation of Privilege Vulnerability      Important

Windows Group Policy         CVE-2022-30205          Windows Group Policy Elevation of Privilege Vulnerability Important

Windows IIS        CVE-2022-30209          Windows IIS Server Elevation of Privilege Vulnerability       Important

Windows IIS        CVE-2022-22025          Windows Internet Information Services Cachuri Module Denial of Service Vulnerability  Important

Windows IIS        CVE-2022-22040          Internet Information Services Dynamic Compression Module Denial of Service Vulnerability        Important

Windows Kernel CVE-2022-21845          Windows Kernel Information Disclosure Vulnerability       Important

Windows Media CVE-2022-22045          Windows.Devices.Picker.dll Elevation of Privilege Vulnerability Important

Windows Media CVE-2022-30225          Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability         Important

Windows Network File System     CVE-2022-22029          Windows Network File System Remote Code Execution Vulnerability    Critical

Windows Network File System     CVE-2022-22028          Windows Network File System Information Disclosure Vulnerability      Important

Windows Network File System     CVE-2022-22039          Windows Network File System Remote Code Execution Vulnerability    Critical

Windows Performance Counters   CVE-2022-22036          Performance Counters for Windows Elevation of Privilege Vulnerability Important

Windows Point-to-Point Tunneling Protocol   CVE-2022-30211          Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability       Important

Windows Portable Device Enumerator Service        CVE-2022-22023          Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability          Important

Windows Print Spooler Components     CVE-2022-30206          Windows Print Spooler Elevation of Privilege Vulnerability         Important

Windows Print Spooler Components     CVE-2022-30226          Windows Print Spooler Elevation of Privilege Vulnerability         Important

Windows Print Spooler Components     CVE-2022-22022          Windows Print Spooler Elevation of Privilege Vulnerability         Important

Windows Print Spooler Components     CVE-2022-22041          Windows Print Spooler Elevation of Privilege Vulnerability         Important

Windows Remote Procedure Call Runtime      CVE-2022-22038          Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical

Windows Security Account Manager     CVE-2022-30208          Windows Security Account Manager (SAM) Denial of Service Vulnerability  Important

Windows Server Service       CVE-2022-30216          Windows Server Service Tampering Vulnerability       Important

Windows Shell    CVE-2022-30222          Windows Shell Remote Code Execution Vulnerability       Important

Windows Storage        CVE-2022-30220          Windows Common Log File System Driver Elevation of Privilege Vulnerability         Important

XBox CVE-2022-33644          Xbox Live Save Service Elevation of Privilege Vulnerability          Important