Security News > 2022 > July > Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout
2022-07-12 22:36

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild.

Very little is known about the nature and scale of the attacks other than an "Exploitation Detected" assessment from Microsoft.

The company's Threat Intelligence Center and Security Response Center have been credited with reporting the flaw.

"A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM," Microsoft said in an advisory for CVE-2022-22026.

"Because the AppContainer environment is considered a defensible security boundary, any process that is able to bypass the boundary is considered a change in Scope. The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment."

Rounding off the Patch Tuesday updates are two notable fixes for tampering vulnerabilities in the Windows Server Service and Microsoft Defender for Endpoint and three denial-of-service flaws in Internet Information Services and Security Account Manager.


News URL

https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-07-12 CVE-2022-22026 Out-of-bounds Write vulnerability in Microsoft products
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-787
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 701 838 4677 4339 3722 13576