2 min

Microsoft’s latest Patch Tuesday produced no less than 84 fixes, including four critical vulnerabilities and one that’s actively abused in the wild.

One of the fixes tackles a vulnerability that’s actively abused by cybercriminals (CVE-2022-22047). Attackers are exploiting a privilege vulnerability in Windows Client Server Runtime Subsystem (CRSS). Hackers can use the vulnerability to gain admin privileges on systems. Although important, Microsoft called the vulnerability low-impact. The amount of attacks that successfully used the vulnerability is unknown.

Microsoft patches

In addition to the critical patch, Microsoft provided fixes for four other important issues. Vulnerability CVE-2022-30221, a Windows Graphics Component RCE, has a major risk score. Attacks, however, are rare. Cybercriminals would have to convince a victim to connect to a malicious RDP server to be able to load malware into the system.

Vulnerabilities CVE-2022-22029 and CVE-2022-22039 are two critical issues in the Windows Network File System (NFS). These vulnerabilities allow unauthorized users to exploit a network and remotely execute code.

Last, but not least, the list includes a patch for CVE-2022-22038. This is a ‘remote procedure call runtime RCE’ in Windows. Chances of exploitation are small, but the patch is deemed important nonetheless. If left untreated, the vulnerability could eventually become a wormable bug, according to Microsoft’s security experts.

Industry-wide patches

Other software giants releasing a large number of patches as well. Adobe pushed 27 fixes, 18 of which were labelled as critical. Most of the fixes apply to Adobe Acrobat and Adobe Reader. Other products include Adobe RoboHelp, Adobe Character and Animator and Photoshop.

Google launched 27 fixes for security problems in Android. The most important fix concerns a vulnerability in the system component of Android. This vulnerability allows for unauthorized remote code execution.

In addition, SAP is introducing 20 fixes for its Security Notes and three updates for earlier Patch Day Security Notes. Most of the patches apply to the SAP Business One solution. Cisco introduced 10 fixes, two of which are critical. These fixes apply to default configurations of Cisco Expressway Series software and Cisco TelePresence.

Tip: Windows Autopatch is available, alternative to Patch Tuesday