Security News > 2022 > July > Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild.

Very little is known about the nature and scale of the attacks other than an "Exploitation Detected" assessment from Microsoft.

The company's Threat Intelligence Center and Security Response Center have been credited with reporting the flaw.

"A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM," Microsoft said in an advisory for CVE-2022-22026.

"Because the AppContainer environment is considered a defensible security boundary, any process that is able to bypass the boundary is considered a change in Scope. The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment."

Rounding off the Patch Tuesday updates are two notable fixes for tampering vulnerabilities in the Windows Server Service and Microsoft Defender for Endpoint and three denial-of-service flaws in Internet Information Services and Security Account Manager.

News URL

https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html