Security News > 2022 > July > Microsoft's July Patch Tuesday fixes actively exploited bug
Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live - with a slew of caveats - the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit.
Microsoft deemed it an "Important" security issue, with low complexity and low privileges required to exploit.
While the July fixes received a lower CVSS score compared to previous months' - the latest ones received 8.1 and 7.5 severity scores, respectively, compared to last month's 9.8 CVSS rating - as with the earlier NFS bugs, they could be exploited over the network by a unauthenticated attacker and used to remotely execute malicious code.
CVE-2022-20812 is a flaw in the cluster database API of Cisco Expressway Series and Cisco TelePresence VCS. "An attacker could exploit this vulnerability by authenticating to the system as an administrative read-write user and submitting crafted input to the affected command," according to the security advisory.
"A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system as the root user."
Roid fixes critical RCE. And finally, Google issued 27 fixes for Android devices in its July security bulletin.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/12/microsoft_july_patch_tuesday/
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-06 | CVE-2022-20812 | Path Traversal vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. | 6.5 |