Patch Analysis for July 2022

Welcome to my July Patch Tuesday newsletter.  It's a surprisingly light month.  There are patches addressing 84 vulnerabilities with one zero day being actively exploited.  The zero day is CVE-2022-22047 affecting desktop and server OS's via an elevation of privilege flaw.  A bad guy exploiting this flaw could end up with SYSTEM privileges according to Microsoft.  In case you missed it, yesterday Microsoft announced that it's new "Windows Autopatch" service is live for customers with Enterprise E3 and E5 licenses.  According to Microsoft this service should streamline patching for Windows 10 and 11 Enterprise and Professional OS's. Autopatch supports Hybrid AD join and pure Azure AD join machines.  Local (on-prem) domain join environments are not supported.  You can read more about it here.

I'd also like to bring attention to a subject dear to my heart, my Security Log Secrets webinar series.  I have a webinar coming up on August 4 titled "Understanding Logon Events in the Windows Server 2022 Security Log".  I think you'll really enjoy the discussion.  Register here.  

Happy patching!

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:

LOGbinder.com

Technology

Products Affected

Severity

Reference

Workaround/ Exploited / Publicly Disclosed

Vulnerability Info

Windows

Windows 7, 8.1, RT 8.1, 10, 11

Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations

Remote Desktop Client

Critical

CVE-2022-21845
CVE-2022-22022
CVE-2022-22023
CVE-2022-22024
CVE-2022-22025
CVE-2022-22026
CVE-2022-22027
CVE-2022-22028
CVE-2022-22029
CVE-2022-22031
CVE-2022-22034
CVE-2022-22036
CVE-2022-22037
CVE-2022-22038
CVE-2022-22039
CVE-2022-22040
CVE-2022-22041
CVE-2022-22042
CVE-2022-22043
CVE-2022-22045
CVE-2022-22047
CVE-2022-22048
CVE-2022-22049
CVE-2022-22050
CVE-2022-22711
CVE-2022-23816
CVE-2022-23825
CVE-2022-27776
CVE-2022-30202
CVE-2022-30203
CVE-2022-30205
CVE-2022-30206
CVE-2022-30208
CVE-2022-30209
CVE-2022-30211
CVE-2022-30212
CVE-2022-30213
CVE-2022-30214
CVE-2022-30215
CVE-2022-30216
CVE-2022-30220
CVE-2022-30221
CVE-2022-30222
CVE-2022-30223
CVE-2022-30224
CVE-2022-30225
CVE-2022-30226
CVE-2022-33644

Workaround: No
Exploited: Yes
Public: No

Denial of Service

Elevation of Privilege

Information Disclosure

Remote Code Execution

Security Feature Bypass

Tampering

Edge

Chromium-based

Moderate

CVE-2022-2156
CVE-2022-2157
CVE-2022-2158
CVE-2022-2160
CVE-2022-2161
CVE-2022-2162
CVE-2022-2163
CVE-2022-2164
CVE-2022-2165
CVE-2022-2294
CVE-2022-2295
CVE-2022-30192
CVE-2022-33638
CVE-2022-33639
CVE-2022-33680

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Office

365 Apps for Enterprise

Lync Server 2013 CU10

Office 2013 RT SP1, 2013 SP1, 2016, 2019

Skype for Business Server 2015 CCU12, 2019 CU6

LTSC 2021

Important

CVE-2022-33632
CVE-2022-33633

Workaround: No
Exploited: No
Public: No

Remote Code Execution

Security Feature Bypass

Azure

Site Recovery VMWare to Azure

Storage Blobs client library for .NET/Java

Storage Queues client for .NET/Python

Important

CVE-2022-30181
CVE-2022-30187
CVE-2022-33641
CVE-2022-33642
CVE-2022-33643
CVE-2022-33650
CVE-2022-33651
CVE-2022-33652
CVE-2022-33653
CVE-2022-33654
CVE-2022-33655
CVE-2022-33656
CVE-2022-33657
CVE-2022-33658
CVE-2022-33659
CVE-2022-33660
CVE-2022-33661
CVE-2022-33662
CVE-2022-33663
CVE-2022-33664
CVE-2022-33665
CVE-2022-33666
CVE-2022-33667
CVE-2022-33668
CVE-2022-33669
CVE-2022-33671
CVE-2022-33672
CVE-2022-33673
CVE-2022-33674
CVE-2022-33675
CVE-2022-33676
CVE-2022-33677
CVE-2022-33678

Workaround: No
Exploited: No
Public: No

Information Disclosure

Remote Code Execution

Elevation of Privilege

System Center

Defender for Endpoint for Linux

Important

CVE-2022-33637

Workaround: No
Exploited: No
Public: No

Tampering

Receive Randy's same-day, independent analysis each Patch Tuesday

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The "Randy’s Recommendation" comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

 

Additional Resources