Patch Tuesday Patch Tuesday

July 19, 2022

Patch Tuesday Update - July 2022

Attackers taking a run at Client Server Runtime zero-day

This July, the number of patched threats announced by Microsoft stands at 84. This includes a Windows zero-day vulnerability which has been actively exploited, identified as CVE-2022-22047. The issue, in a key subsystem called Client Server Runtime, could allow an attacker to gain System privileges (if they already have local access).

The other key vulnerabilities to note this month include: 

  • CVE-2022-22029 and CVE-2022-22039 (both critical) affect services using the Windows Network File System (NFS)
  • CVE-2022-30221 (critical) is a remote code execution issue in the Windows graphics component
  • CVE-2022-22038 (critical) is a remote code execution issue in the Remote Procedure Call Runtime

As always, Balbix can identify all affected assets within 1 hour of release. There are no scans to run. Balbix customers simply search for the CVE name in their Balbix dashboard to view the list of affected assets. Users can also use the filtered search functionality to search for the CVE by site, subnet, location, or other distinguishing factors.

Related Posts

Patch Tuesday Update – May 2022
Patch Tuesday Advisory – April 2022
Patch Tuesday
Patch Tuesday Update – March 2022