3 Public, 3 Critical, & 68 Important
Microsoft released a total of 71 patches addressing CVEs in Microsoft Windows and Windows Components, Azure Site Recovery, Microsoft Defender for Endpoint and IoT, Intune, Edge (Chromium-based), Windows HTML Platforms, Office and Office Components, Skype for Chrome, .NET and Visual Studio, Windows RDP, SMB Server, and Xbox.
Three vulnerabilities are publicly known. None are listed as under active exploit (yet).
Cyber Standby maintains that all relevant vulnerabilities be reviewed, tested, and implemented ASAP. We rate the overall risk as “HIGH.” The below vulnerabilities are highlighted & recommended to be prioritized.
– CVE-2022-21990 – Remote Desktop Client Remote Code Execution Vulnerability
#Public #Phishing #RDP — If an attacker can lure an unpatched RDP client to connect to their RDP server, they could trigger remote code execution on the client system.
– CVE-2022-23277 – Microsoft Exchange Server Remote Code Execution Vulnerability
#Critical — Allows an authenticated attacker to execute code with elevated privileges through a network call. Listed as low complexity with exploitation likely.
– CVE-2022-24508 – Windows SMBv3 Client/Server Remote Code Execution Vulnerability
Allows an authenticated attacker to execute code on Windows 10 version 2004 and newer systems. Affects both clients and servers.
– CVE-2022-24459 – Windows Fax and Scan Service Elevation of Privilege Vulnerability
#Public
– CVE-2022-21542 – .NET and Visual Studio Remote Code Execution Vulnerability
#Public
Informed Defense
Cyber Standard provides simplified Threat Intelligence reporting to clients as a part of our security services catalog. Please contact us if you are interested in receiving our more comprehensive Threat Intelligence Products tailored to your situation.
