Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0139 Microsoft Patch Tuesday update for Microsoft Extended Security Update (ESU) products for July 2022 13 July 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows 7 Windows Server 2008 Windows Server 2008 R2 Operating System: Windows Resolution: Patch/Upgrade CVE Names: CVE-2022-30226 CVE-2022-30225 CVE-2022-30224 CVE-2022-30223 CVE-2022-30221 CVE-2022-30220 CVE-2022-30213 CVE-2022-30211 CVE-2022-30209 CVE-2022-30208 CVE-2022-30206 CVE-2022-30205 CVE-2022-30203 CVE-2022-30202 CVE-2022-23825 CVE-2022-23816 CVE-2022-22050 CVE-2022-22049 CVE-2022-22048 CVE-2022-22047 CVE-2022-22043 CVE-2022-22042 CVE-2022-22040 CVE-2022-22039 CVE-2022-22037 CVE-2022-22036 CVE-2022-22034 CVE-2022-22029 CVE-2022-22028 CVE-2022-22027 CVE-2022-22026 CVE-2022-22025 CVE-2022-22024 CVE-2022-22023 CVE-2022-22022 CVE-2022-21845 Comment: CVSS (Max): 8.8* CVE-2022-22026 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C) CVSS Source: Microsoft Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C * Not all CVSS available when published Microsoft has noted that CVE-2022-22047 is being actively exploited OVERVIEW Microsoft has released its monthly security patch update for the month of July 2022. This update resolves 37 vulnerabilities across the following product(s): [1] Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2022-21845 Information Disclosure Important CVE-2022-22022 Elevation of Privilege Important CVE-2022-22023 Security Feature Bypass Important CVE-2022-22024 Remote Code Execution Important CVE-2022-22025 Denial of Service Important CVE-2022-22026 Elevation of Privilege Important CVE-2022-22027 Remote Code Execution Important CVE-2022-22028 Information Disclosure Important CVE-2022-22029 Remote Code Execution Critical CVE-2022-22034 Elevation of Privilege Important CVE-2022-22036 Elevation of Privilege Important CVE-2022-22037 Elevation of Privilege Important CVE-2022-22039 Remote Code Execution Critical CVE-2022-22040 Denial of Service Important CVE-2022-22042 Information Disclosure Important CVE-2022-22043 Elevation of Privilege Important CVE-2022-22047 Elevation of Privilege Important CVE-2022-22048 Security Feature Bypass Important CVE-2022-22049 Elevation of Privilege Important CVE-2022-22050 Elevation of Privilege Important CVE-2022-23816 Information Disclosure Important CVE-2022-23825 Information Disclosure Important CVE-2022-30202 Elevation of Privilege Important CVE-2022-30203 Security Feature Bypass Important CVE-2022-30205 Elevation of Privilege Important CVE-2022-30206 Elevation of Privilege Important CVE-2022-30208 Denial of Service Important CVE-2022-30209 Elevation of Privilege Important CVE-2022-30211 Remote Code Execution Important CVE-2022-30213 Information Disclosure Important CVE-2022-30220 Elevation of Privilege Important CVE-2022-30221 Remote Code Execution Critical CVE-2022-30223 Information Disclosure Important CVE-2022-30224 Elevation of Privilege Important CVE-2022-30225 Denial of Service Important CVE-2022-30225 Elevation of Privilege Important CVE-2022-30226 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5015861, KB5015862, KB5015866, KB5015870 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYs5ZYMkNZI30y1K9AQiGdA//cfnL42U6F4FXMJvEKLWgzFe/RdwMsWB2 7M+FRqbtF/D6lQrFlNCqkkG2arH08Rtr5EzJaM7N8h+BKCP1Ogmo32k8yUz5nV0A AHmQumwUq0MsL0EieOlWpt9t6aWCWOGtBTaxmCxBa4q/8dVVHAOOrqm4roHR0WNg mpF7xEbOsjKhq1BgKNfk7vQYo+CI1AuI31vmD2153ONfxBogUv4OQpEtxlVCSUvm ji2Jw0vqHgWbbg4NpQn5uDKT38trTh7RfyP6zNsIjaNYm5xTHABBnGwxY9e18MKA A01f6YT2wlM8uukhoflcHF508Lwr6Z5XedyyHXTiq3k4tJfSr3QQjWTdGfV94rYi amVc9TdEQDscqMtGopgDcrXfGkoPISd6ypHiXoCWZ2v65Ldl6W0NXqouVUrtVTXV FCV1DyLFY6/oRAJUsO66TT5CveS/2+PYw3QS2We5Fu63sAokJrzgGzUrjgyd8Xeq SBWjkcmQKjcGi7AyhMqVqS6OzuLgr6AKDVFEeKXm+V1YBs0xE2Q3G15WMP+RvHHf vuXDmQ2GZnNzUuJpxd3lUIGYIB0IIjM39GXPedb7C2jS0N/17b3RG6PG5qbX5+Ip OevNNREAjrwKY1f9ML4g/7m1HEo5ebfDeD/jpDxUb99OuG5PRz1CLkgyL7xuLiNv 4RMgFWW38IU= =3aTo -----END PGP SIGNATURE-----