Security News > 2022 > July > Microsoft's July Patch Tuesday fixes actively exploited bug
Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live - with a slew of caveats - the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit.
Microsoft deemed it an "Important" security issue, with low complexity and low privileges required to exploit.
While the July fixes received a lower CVSS score compared to previous months' - the latest ones received 8.1 and 7.5 severity scores, respectively, compared to last month's 9.8 CVSS rating - as with the earlier NFS bugs, they could be exploited over the network by a unauthenticated attacker and used to remotely execute malicious code.
CVE-2022-20812 is a flaw in the cluster database API of Cisco Expressway Series and Cisco TelePresence VCS. "An attacker could exploit this vulnerability by authenticating to the system as an administrative read-write user and submitting crafted input to the affected command," according to the security advisory.
"A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system as the root user."
Roid fixes critical RCE. And finally, Google issued 27 fixes for Android devices in its July security bulletin.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/12/microsoft_july_patch_tuesday/
Related news
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-06 | CVE-2022-20812 | Path Traversal vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. | 6.5 |