Security News > 2022 > July > Microsoft's July Patch Tuesday fixes actively exploited bug

Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live - with a slew of caveats - the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit.

Microsoft deemed it an "Important" security issue, with low complexity and low privileges required to exploit.

While the July fixes received a lower CVSS score compared to previous months' - the latest ones received 8.1 and 7.5 severity scores, respectively, compared to last month's 9.8 CVSS rating - as with the earlier NFS bugs, they could be exploited over the network by a unauthenticated attacker and used to remotely execute malicious code.

CVE-2022-20812 is a flaw in the cluster database API of Cisco Expressway Series and Cisco TelePresence VCS. "An attacker could exploit this vulnerability by authenticating to the system as an administrative read-write user and submitting crafted input to the affected command," according to the security advisory.

"A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system as the root user."

Roid fixes critical RCE. And finally, Google issued 27 fixes for Android devices in its July security bulletin.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/12/microsoft_july_patch_tuesday/