当前位置:网站首页>[security dog] Microsoft updated and solved multiple vulnerabilities in July
[security dog] Microsoft updated and solved multiple vulnerabilities in July
2022-07-17 23:19:00 【Safety Dog News】
The safety dog Emergency Response Center detected , Microsoft released 2022 year 7 Monthly regular security update announcement , Total number of vulnerabilities involved 84 individual , Severity vulnerability 4 individual . This release involves Microsoft Windows、Windows Components、Microsoft Defender for Endpoint、Office and Office Components; Windows BitLocker、Windows Hyper-V Wait for security updates of multiple software .
The security dog recommends that users do a good job in asset self-examination and vulnerability repair in a timely manner .
Vulnerability description
The following vulnerabilities are marked as serious :
CVE-2022-22047(Windows CSRSS Privilege escalation vulnerability ):
The vulnerability lies in the client / Server runtime subsystem (CSRSS) in , Allow authenticated local attackers to SYSTEM Execute code in the form of . This vulnerability has been exploited in the wild .
CVE-2022-30221(Windows Graphics Component Remote code execution vulnerability ):
The attacker must induce the target user to connect to malicious RDP The server . After connection , A malicious server can execute code on the victim's system . Only installed RDP 8.0 or RDP 8.1,Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1 Will be affected by this vulnerability . If not in Windows 7 SP1 or Window Server 2008 R2 SP1 Install these versions of RDP, Will not be affected by this vulnerability .
CVE-2022-22029(Windows Network File System Remote code execution vulnerability ):
This vulnerability allows an unauthenticated remote attacker to pass to the target without user interaction NFS The server sends a specially crafted request to exploit these vulnerabilities , To execute arbitrary code on the target system . To exploit this vulnerability , Attackers need to spend time sending constant or intermittent data to continuously try to exploit until the vulnerability is triggered .
CVE-2022-22038(Remote Procedure Call Runtime Remote code execution vulnerability ):
The vulnerability exists Microsoft Remote Procedure Call Runtime in , Unauthenticated remote attackers can exploit this vulnerability by sending specially crafted data to the target system , To execute arbitrary code on the target system . To successfully exploit this vulnerability , Attackers need to reuse attempts by sending constant or intermittent data , The attack complexity is “ high ”.
CVE-2022-22039(Windows Network File System Remote code execution vulnerability ):
Successful exploitation of this vulnerability requires competitive conditions , Through the network file system (NFS) The service makes an unauthenticated crafted call to trigger remote code execution (RCE), This vulnerability can be exploited remotely .
Safety notice information
Vulnerability name | Microsoft 7 Multiple vulnerabilities per month |
Vulnerability impact version | CVE-2022-22047: Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-30221: Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Remote Desktop client for Windows Desktop Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-22029: Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server, version 20H2 (Server Core Installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 CVE-2022-22038: Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-22039: Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server, version 20H2 (Server Core Installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 |
Vulnerability level | High-risk |
Whether the manufacturer has released vulnerability patches | yes |
Version update address | https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul |
Total warning periods of safety dogs | 236 |
The warning date of the safety dog | 2022 year 7 month 13 Japan |
The safety dog updates the warning date | 2022 year 7 month 13 Japan |
Publisher | Safety dog Haiqing Laboratory |
Official safety recommendations
Safety suggestion
( One )Windows update to update
Auto update :Microsoft Update Enabled by default , When the system detects an available update , The update will be downloaded automatically and installed at the next boot .
( Two ) Install updates manually
Microsoft The official download corresponding patch to update .
7 Monthly security update download link :
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul
Reference link
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30221
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22029
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22038
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22039
边栏推荐
- Proxmox VE 7.2 Install SMB 服务
- Flame detection system of graphic processing based on MATAB GUI
- Error: grouping factors must have > 1 sampled level
- 【C语言】模拟通讯录(数组版、动态版、链表版)
- Apache Flink 在翼支付的实践应用
- Proxmox ve 7.2 importing virtual machines from CT templates
- Proxmox ve 7.2 ISO image reset PVE root password
- VMware Photon OS 4 Install
- Database Schema Definition Language DDL
- IPv6 navigation, strong sail pointing application
猜你喜欢
Session tracking technology cookies and sessions
一个八年软件测试工程师之路
AttributeError: module ‘torchvision. transforms‘ has no attribute ‘Scale‘
如何把一个表格中的数据导入到对应数据库网站中
Proxmox ve 7.2 importing virtual machines from CT templates
Proxmox VE 7.2 变更默认访问端口
Keywords struct, union, enum, typedef in C language
Apache Flink 在翼支付的实践应用
How long does a tester insist on changing jobs in order to improve his salary perfectly?
Proxmox ve 7.2 QM installation of openwet
随机推荐
科技公司纷纷反对,英国网络安全法案搁置
Byte has "core" beating, is it? Yolov7 target detection realization: it's really good; Six months after Dr. Berkeley found a job; Large list of software engineering resources | showmeai Information Da
Ardunio开发——中断Interrupt机制
C语言之数组参数,指针参数,函数指针,函数指针数组
Software test interface test interface authentication token authentication mock server interface encryption and decryption interface signature
How long does a tester insist on changing jobs in order to improve his salary perfectly?
字节遭遇离职潮!
It's too convenient to make a data analysis crosstab with one line of code
Proxmox ve 7.2 esxi ova import
Proxmox ve 7.2 install SMB service
Force deduction solution summary 745 prefix and suffix search
bool类型及相关运算符
Shadow插件化框架设计——replugin原理(架构师进阶之旅)
Flink 流处理在中信建投证券的实践与应用
浅解volatile
Error: grouping factors must have > 1 sampled level
C语言中的关键字struct、union、enum、typedef
Proxmox ve 7.2 converting disk formats using QEMU img
How to simplify if else through policy mode?
China high purity carbonyl sulfur Market Research and investment forecast report (2022 Edition)