The July 2022 Windows Patch Tuesday rollout brings 84 new updates

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • For July 2022, Microsoft released a long list of 84 new security updates.
  • Out of all the CVEs, 5 are Critical, and 80 of them are listed as important.
  • We've included each and everyone in this article, with direct links as well
july 2022 pt

If you are feeling a tad uncomfortable, it’s because we’re already in July and the temperatures are starting to slowly build us in our offices.

Windows users, however, are looking towards Microsoft in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve already provided the direct download links for the cumulative updates released today for Windows 10 and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again.

This month, the Redmond tech giant released 84 new patches, which is a lot more than some people were expecting right after Easter.

These software updates address CVEs in:

  • Microsoft Windows and Windows Components
  • Windows Azure components
  • Microsoft Defender for Endpoint
  • Microsoft Edge (Chromium-based)
  • Office and Office Components
  • Windows BitLocker
  • Windows Hyper-V
  • Skype for Business and Microsoft Lync
  • Open-Source Software
  • Xbox

Microsoft provides fixes for 84 flaws in July 2022

It’s pretty much safe to say that this wasn’t either the busiest or the lightest month for Redmond-based security experts.

You might like to know that, out of the 84 new CVEs released, 4 are rated Critical, and the rest of them (80) are rated as Important.

We’re talking about 52 elevation of privilege vulnerabilities, 4 security feature bypass vulnerabilities, 12 remote code execution vulnerabilities, 11 information disclosure vulnerabilities, and 5 denials of service vulnerabilities

CVE Title Severity CVSS Public Exploited Type
CVE-2022-22047 Windows CSRSS Elevation of Privilege Vulnerability Important 7.8 No Yes EoP
CVE-2022-22038 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-30221 Windows Graphics Component Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2022-22029 Windows Network File System Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-22039 Windows Network File System Remote Code Execution Vulnerability Critical 7.5 No No RCE
CVE-2022-30215 Active Directory Federation Services Elevation of Privilege Vulnerability Important 7.5 No No EoP
CVE-2022-23816 * AMD: CVE-2022-23816 AMD CPU Branch Type Confusion Important N/A No No Info
CVE-2022-23825 * AMD: CVE-2022-23825 AMD CPU Branch Type Confusion Important N/A No No Info
CVE-2022-30181 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33641 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33642 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-33643 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33650 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-33651 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-33652 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.4 No No EoP
CVE-2022-33653 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-33654 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-33655 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33656 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33657 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33658 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.4 No No EoP
CVE-2022-33659 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-33660 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-33661 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33662 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33663 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33664 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-33665 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33666 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33667 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33668 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-33669 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-33671 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-33672 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33673 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-33674 Azure Site Recovery Elevation of Privilege Vulnerability Important 8.3 No No EoP
CVE-2022-33675 Azure Site Recovery Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-33677 Azure Site Recovery Elevation of Privilege Vulnerability Important 7.2 No No EoP
CVE-2022-33676 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-33678 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-30187 Azure Storage Library Information Disclosure Vulnerability Important 4.7 No No Info
CVE-2022-22048 BitLocker Security Feature Bypass Vulnerability Important 6.1 No No SFB
CVE-2022-27776 * HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data Important N/A No No Info
CVE-2022-22040 Internet Information Services Dynamic Compression Module Denial of Service Vulnerability Important 7.3 No No DoS
CVE-2022-33637 Microsoft Defender for Endpoint Tampering Vulnerability Important 6.5 No No Tampering
CVE-2022-33632 Microsoft Office Security Feature Bypass Vulnerability Important 4.7 No No SFB
CVE-2022-22036 Performance Counters for Windows Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-33633 Skype for Business and Lync Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-22037 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability Important 7.5 No No EoP
CVE-2022-30202 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-30224 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-22711 Windows BitLocker Information Disclosure Vulnerability Important 6.7 No No Info
CVE-2022-30203 Windows Boot Manager Security Feature Bypass Vulnerability Important 7.4 No No SFB
CVE-2022-30220 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-30212 Windows Connected Devices Platform Service Information Disclosure Vulnerability Important 4.7 No No Info
CVE-2022-22031 Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-22026 Windows CSRSS Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2022-22049 Windows CSRSS Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-30214 Windows DNS Server Remote Code Execution Vulnerability Important 6.6 No No RCE
CVE-2022-22043 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-22050 Windows Fax Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-22024 Windows Fax Service Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-22027 Windows Fax Service Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-30213 Windows GDI+ Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-22034 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-30205 Windows Group Policy Elevation of Privilege Vulnerability Important 6.6 No No EoP
CVE-2022-22042 Windows Hyper-V Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-30223 Windows Hyper-V Information Disclosure Vulnerability Important 5.7 No No Info
CVE-2022-30209 Windows IIS Server Elevation of Privilege Vulnerability Important 7.4 No No EoP
CVE-2022-22025 Windows Internet Information Services Cachuri Module Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-21845 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No Info
CVE-2022-30211 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-30225 Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2022-22028 Windows Network File System Information Disclosure Vulnerability Important 5.9 No No Info
CVE-2022-22023 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability Important 6.6 No No SFB
CVE-2022-22022 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2022-22041 Windows Print Spooler Elevation of Privilege Vulnerability Important 6.8 No No EoP
CVE-2022-30206 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-30226 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2022-30208 Windows Security Account Manager (SAM) Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2022-30216 Windows Server Service Tampering Vulnerability Important 8.8 No No Tampering
CVE-2022-30222 Windows Shell Remote Code Execution Vulnerability Important 8.4 No No RCE
CVE-2022-22045 Windows.Devices.Picker.dll Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-33644 Xbox Live Save Service Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-2294 * Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC High N/A No Yes RCE
CVE-2022-2295 * Chromium: CVE-2022-2295 Type Confusion in V8 High N/A No No RCE

You should keep in mind that this month’s Patch Tuesday updates fix an actively exploited zero-day elevation of privileges vulnerability.

The company classified a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

To be more clear, the actively exploited zero-day vulnerability fixed today is tracked as CVE-2022-22047 – Windows CSRSS Elevation of Privilege Vulnerability.

By exploiting it, a malicious third party could actually gain SYSTEM privileges, as Microsoft security experts have advised through this recent release.

Also, just as important, remember that there are three fixes for denial-of-service (DoS) bugs in this month’s release, all of them impactful.

And, out of the 52 fixes for EoP bugs, 30 of them address Azure Site Recovery bugs, one of them supposedly under active attack.

Looking forward, the next Patch Tuesday security update rollout will be on the 9th of August, which is a bit sooner than some expected it.

Have you found any other issues after installing this month’s security updates? Share your opinion in the comments section below.

This article covers:Topics: