Security News > 2022 > July > Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout
Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild.
Very little is known about the nature and scale of the attacks other than an "Exploitation Detected" assessment from Microsoft.
The company's Threat Intelligence Center and Security Response Center have been credited with reporting the flaw.
"A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM," Microsoft said in an advisory for CVE-2022-22026.
"Because the AppContainer environment is considered a defensible security boundary, any process that is able to bypass the boundary is considered a change in Scope. The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment."
Rounding off the Patch Tuesday updates are two notable fixes for tampering vulnerabilities in the Windows Server Service and Microsoft Defender for Endpoint and three denial-of-service flaws in Internet Information Services and Security Account Manager.
News URL
https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html
Related news
- Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 74 flaws (source)
- Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws (source)
- Microsoft Outlook December updates trigger ICS security alerts (source)
- February 2024 Patch Tuesday forecast: Zero days are back and a new server too (source)
- 5 Steps to Improve Your Security Posture in Microsoft Teams (source)
- Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) (source)
- Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days (source)
- DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability (source)
- Microsoft: New critical Outlook RCE bug exploited as zero-day (source)
- Microsoft: New critical Exchange bug exploited as zero-day (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-12 | CVE-2022-22026 | Out-of-bounds Write vulnerability in Microsoft products Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 8.8 |