Microsoft’s July Security Patches Are Here

At least 86 security flaws in Microsoft’s Windows operating system and other software were patched today by the company’s upgrades, including one that affects all supported versions of Windows and is currently being used by hackers, according to Microsoft. The software company also controversially decided to halt a proposal to prevent macros from being used in Office documents that were downloaded from the Internet.

Security professionals applauded Microsoft’s decision to disable VBA macros in all documents accessed from the Internet in February. The business stated that the adjustments would be implemented gradually between April and June 2022.

Read More

Cybercriminals have traditionally relied on macros to deceive victims into running malicious programs. By default, Microsoft Office alerts users to the security danger of activating macros in untrusted documents, but these alerts may be quickly turned off with a single button click. The new warnings did not offer a similar way to enable the macros under Microsoft’s plan.

Security specialists, some of whom have spent the last two decades witnessing customers and colleagues become infected with ransomware, malware, and espionage with exasperating frequency, hailed the shift, according to veteran reporter Dan Goodin of Ars Technica.

But Microsoft made a sudden turn last week. In response to user concerns, Redmond announced it would take back the changes, as first reported by BleepingComputer.

Users have complained that they cannot locate the Unblock button to remove the Mark-of-the-Web from downloaded files, making it difficult to activate macros, according to Bleeping’s Sergiu Gatland. Microsoft has not disclosed the negative input that led to the revocation of this update.

Microsoft later clarified that the choice to revert the default setting that turned off macros was just temporary, though it hasn’t announced when this significant change would be made permanent.

CVE-2022-22047, an elevation of privilege vulnerability in all supported versions of Windows, is the zero-day Windows vulnerability that is already the target of active assaults. Although this problem is classified as being actively attacked, Microsoft has not provided any details on where or how widespread it is being exploited, according to Trend Micro’s Zero Day Initiative.

According to Dustin Childs of ZDI, “The vulnerability allows an attacker to run code as SYSTEM, assuming they can execute other programs on the victim.” To take control of a system, bugs of this kind are sometimes combined with a code execution bug, commonly in a specially created Office or Adobe document. Many people were disappointed to see that Microsoft took so long to ban all Office macros by default because these attacks frequently rely on macros.

The type of vulnerability CVE-2022-22047 is, according to Kevin Breen, director of cyber threat research at Immersive Labs, typically exploited after a target has already been compromised.

Crucially, he added, it enables the attacker to elevate their access levels from those of a regular user to that of the SYSTEM. The attackers can stop local services like Endpoint Detection and Security tools with this degree of access. With SYSTEM access, they can quickly propagate the threat by using tools like Mimikatz to recover even more admin and domain level accounts.

We are back to business as normal after a little break from correcting critical security flaws in the Windows Print Spooler service. Four independent elevation of privilege flaws in Windows Print Spooler—CVE-2022-22022, CVE-2022-22041, CVE-2022-30206, and CVE-2022-30226—are fixed in the July patch batch. Security experts at Tenable point out that these four issues provide attackers access to SYSTEM level rights or the ability to delete files on a susceptible system.

A third or so of the updates were released today to address issues with Microsoft’s Azure Site Recovery service. Microsoft Defender for Endpoint, Microsoft Edge (Chromium-based), Office, Windows BitLocker, Windows Hyper-V, Skype for Business, and Microsoft Lync, Xbox, and other components are among those receiving upgrades this month.

This month’s bug fixes include four that deal with vulnerabilities. Microsoft rates them as “critical,” which means that malware or bad actors could use them to take remote control of unpatched Windows systems, typically without the assistance of users. Network File System (NFS) servers are impacted by CVE-2022-22029, CVE-2022-22039, and the Remote Procedure Call (RPC) runtime is impacted by CVE-2022-22038.

Administrators should apply patches as soon as possible, according to Greg Wiseman, product manager at Rapid7, even though all three of these will be difficult for attackers to exploit given the volume of sustained data that needs to be transmitted. The Windows Graphics Component is allegedly affected by CVE-2022-30221; however, according to Microsoft’s FAQ, users must access a rogue RDP server in order to exploit it.

Acrobat and Reader, Photoshop, RoboHelp, and Adobe Character Animator are among the products for which Adobe today released patches to fix at least 27 vulnerabilities.

Check out the SANS Internet Storm Center’s Patch Tuesday roundup for a detailed look at the fixes published by Microsoft today and ranked by severity and other factors. It’s also a good idea to wait a few days before updating as Microsoft irons out any bugs in the upgrades; AskWoody.com typically offers the inside scoop on any fixes that might be giving Windows users trouble.

This is all about Microsoft’s July Security Patches Are Here, for more informative content visit techballad.com