Security News > 2022 > July > Microsoft's July Patch Tuesday fixes actively exploited bug
Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live - with a slew of caveats - the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit.
Microsoft deemed it an "Important" security issue, with low complexity and low privileges required to exploit.
While the July fixes received a lower CVSS score compared to previous months' - the latest ones received 8.1 and 7.5 severity scores, respectively, compared to last month's 9.8 CVSS rating - as with the earlier NFS bugs, they could be exploited over the network by a unauthenticated attacker and used to remotely execute malicious code.
CVE-2022-20812 is a flaw in the cluster database API of Cisco Expressway Series and Cisco TelePresence VCS. "An attacker could exploit this vulnerability by authenticating to the system as an administrative read-write user and submitting crafted input to the affected command," according to the security advisory.
"A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system as the root user."
Roid fixes critical RCE. And finally, Google issued 27 fixes for Android devices in its July security bulletin.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/12/microsoft_july_patch_tuesday/
Related news
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (source)
- May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- May 2024 Patch Tuesday forecast: A reminder of recent threats and impact (source)
- Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-06 | CVE-2022-20812 | Path Traversal vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. | 6.5 |