Patch Tuesday is once again upon us. The July 2022 edition of Patch Tuesday brings us 84 fixes, with 4 rated as critical. We’ve listed the most important changes below.
⚡ TL;DR | Go Straight to the July 2022 Patch Tuesday Audit Report
Multiple SQL Server Products Go End-of-Life
Today marks the end-of-life for multiple SQL Server versions. SQL Server 2012 will officially go end-of-life today unless you have the extended security updates. For both SQL Server 2008 and SQL Server 2008 R2, the extended security updates are coming to an end today, unless you’re using the Azure version for which one more year of the extended security update is available. If you want a better overview of the SQL server end-of-life dates, you can find more and an audit in the SQL Server end-of-life blog post.
Windows Graphics Component RCE
The most severe vulnerability fixed this month is a remote code execution in the Windows Graphic component. CVE-2022-30221 got a CVSS rating of 8.8. Microsoft does list that exploitation is less likely and that in order to exploit the vulnerability, the attacker would need to convince the user to connect to a malicious RDP server.
Network File System RCE
The NFS vulnerability streak continues with CVE-2022-22029, a remote code execution with a CVSS score of 8.1. Similar to previous RCE vulnerabilities, an attacker needs to create an unauthenticated, specially crafted call to a NFS service to trigger a RCE.
Similar to previous NFS RCE vulnerabilities, you can use our NFS Server role audit to quickly identify your NFS servers.
Run the Patch Tuesday July 2022 Audit Report
To help manage your update progress, we’ve created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to Lansweeper Cloud sites. Lansweeper Cloud is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday July 2022 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2022-33678 | Azure Site Recovery Remote Code Execution Vulnerability |
| CVE-2022-33677 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33676 | Azure Site Recovery Remote Code Execution Vulnerability |
| CVE-2022-33675 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33674 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33673 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33672 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33671 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33669 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33668 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33667 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33666 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33665 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33664 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33663 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33662 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33661 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33660 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33659 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33658 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33657 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33656 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33655 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33654 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33653 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33652 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33651 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33650 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33644 | Xbox Live Save Service Elevation of Privilege Vulnerability |
| CVE-2022-33643 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33642 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33641 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-33637 | Microsoft Defender for Endpoint Tampering Vulnerability |
| CVE-2022-33633 | Skype for Business and Lync Remote Code Execution Vulnerability |
| CVE-2022-33632 | Microsoft Office Security Feature Bypass Vulnerability |
| CVE-2022-30226 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-30225 | Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability |
| CVE-2022-30224 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability |
| CVE-2022-30223 | Windows Hyper-V Information Disclosure Vulnerability |
| CVE-2022-30222 | Windows Shell Remote Code Execution Vulnerability |
| CVE-2022-30221 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2022-30220 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-30216 | Windows Server Service Tampering Vulnerability |
| CVE-2022-30215 | Active Directory Federation Services Elevation of Privilege Vulnerability |
| CVE-2022-30214 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2022-30213 | Windows GDI+ Information Disclosure Vulnerability |
| CVE-2022-30212 | Windows Connected Devices Platform Service Information Disclosure Vulnerability |
| CVE-2022-30211 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability |
| CVE-2022-30209 | Windows IIS Server Elevation of Privilege Vulnerability |
| CVE-2022-30208 | Windows Security Account Manager (SAM) Denial of Service Vulnerability |
| CVE-2022-30206 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-30205 | Windows Group Policy Elevation of Privilege Vulnerability |
| CVE-2022-30203 | Windows Boot Manager Security Feature Bypass Vulnerability |
| CVE-2022-30202 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability |
| CVE-2022-30187 | Azure Storage Library Information Disclosure Vulnerability |
| CVE-2022-30181 | Azure Site Recovery Elevation of Privilege Vulnerability |
| CVE-2022-27776 | HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data |
| CVE-2022-26934 | Windows Graphics Component Information Disclosure Vulnerability |
| CVE-2022-26896 | Azure Site Recovery Information Disclosure Vulnerability |
| CVE-2022-24513 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2022-23825 | AMD: CVE-2022-23825 AMD CPU Branch Type Confusion |
| CVE-2022-23816 | AMD: CVE-2022-23816 AMD CPU Branch Type Confusion |
| CVE-2022-22711 | Windows BitLocker Information Disclosure Vulnerability |
| CVE-2022-22050 | Windows Fax Service Elevation of Privilege Vulnerability |
| CVE-2022-22049 | Windows CSRSS Elevation of Privilege Vulnerability |
| CVE-2022-22048 | BitLocker Security Feature Bypass Vulnerability |
| CVE-2022-22047 | Windows CSRSS Elevation of Privilege Vulnerability |
| CVE-2022-22045 | Windows.Devices.Picker.dll Elevation of Privilege Vulnerability |
| CVE-2022-22043 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-22042 | Windows Hyper-V Information Disclosure Vulnerability |
| CVE-2022-22041 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-22040 | Internet Information Services Dynamic Compression Module Denial of Service Vulnerability |
| CVE-2022-22039 | Windows Network File System Remote Code Execution Vulnerability |
| CVE-2022-22038 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2022-22037 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability |
| CVE-2022-22036 | Performance Counters for Windows Elevation of Privilege Vulnerability |
| CVE-2022-22034 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2022-22031 | Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability |
| CVE-2022-22029 | Windows Network File System Remote Code Execution Vulnerability |
| CVE-2022-22028 | Windows Network File System Information Disclosure Vulnerability |
| CVE-2022-22027 | Windows Fax Service Remote Code Execution Vulnerability |
| CVE-2022-22026 | Windows CSRSS Elevation of Privilege Vulnerability |
| CVE-2022-22025 | Windows Internet Information Services Cachuri Module Denial of Service Vulnerability |
| CVE-2022-22024 | Windows Fax Service Remote Code Execution Vulnerability |
| CVE-2022-22023 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability |
| CVE-2022-22022 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-21845 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2021-43245 | Windows Digital TV Tuner Elevation of Privilege Vulnerability |
"*" señala los campos obligatorios
Receive the Latest Patch Tuesday Report for FREE Every Month