Four of the 84 vulnerabilities addressed by this month’s Patch Tuesday are classified as Critical by Microsoft. All four appear to be remote code executions (RCE) type vulnerabilities giving an attacker the ability to target your organization directly remotely.
As with any vulnerability, reviewing the information included in the advisory or by the National Vulnerability Database (NVD) can help prioritize which patches are mission critical.
The Four Critical CVEs
- CVE-2022-30221 – Windows Graphics Component Remote Code Execution Vulnerability
- CVE-2022-22029 – Windows Network File System Remote Code Execution Vulnerability
- CVE-2022-22039 – Windows Network File System Remote Code Execution Vulnerability
- CVE-2022-22038 – Remote Procedure Call Runtime Remote Code Execution Vulnerability
Additional Vulnerability Details
Starting with Windows Graphics Component vulnerability:
- CVE-2022-30221 – Windows Graphics Component Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30221
- “An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim’s system in the context of the targeted user.” – Microsoft
- This attack, although a bit difficult, would require no pre-existing credentials to be successful
- Impacts Server 2008 R2 / Windows 7 and up
- No known exploitation has been observed
Next, we have two vulnerabilities with the Windows Network File System (NFS):
- CVE-2022-22029 – Windows Network File System Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22029
- “This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).” – Microsoft
- Rated to be highly difficult to exploit with no user interaction or pre-existing credentials needed by the attacker
- Impacts Server 2008 R2 / Windows 7 and up running NFSv3
- NFSv4.1 is NOT impacted by this vulnerability
- No known exploitation has been observed
- CVE-2022-22039 – Windows Network File System Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22039- “This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).” – Microsoft
- Rated to be highly difficult to exploit with no user interaction or but low-level (basic user) credentials are required to execute
- Impacts Server 2008 R2 / Windows 7 and up
- No known exploitation has been observed
Lastly, the Remote Procedure Call Runtime (RPC) Vulnerability
- CVE-2022-22038 – Remote Procedure Call Runtime Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22038 - No known exploitation has been observed BUT a proof of concept exists
- Rated to be highly difficult to exploit with no user interaction or but low-level (basic user) credentials are required to execute
- Impacts Server 2008 R2 / Windows 7 and up
- Rated to be highly difficult to exploit with no user interaction or pre-existing credentials needed by the attacker
Come back next month to learn about the August patches and which ones to prioritize to keep your organization safe!