Microsoft Patch Tuesday – July 2022

Patch Tuesday is once again upon us. The July 2022 edition of Patch Tuesday brings us 84 fixes, with 4 rated as critical. We've listed the most important changes below.

⚡ TL;DR | Go Straight to the July 2022 Patch Tuesday Audit Report

Multiple SQL Server Products Go End-of-Life

Today marks the end-of-life for multiple SQL Server versions. SQL Server 2012 will officially go end-of-life today unless you have the extended security updates. For both SQL Server 2008 and SQL Server 2008 R2, the extended security updates are coming to an end today, unless you're using the Azure version for which one more year of the extended security update is available. If you want a better overview of the SQL server end-of-life dates, you can find more and an audit in the SQL Server end-of-life blog post.

Windows Graphics Component RCE

The most severe vulnerability fixed this month is a remote code execution in the Windows Graphic component. CVE-2022-30221 got a CVSS rating of 8.8. Microsoft does list that exploitation is less likely and that in order to exploit the vulnerability, the attacker would need to convince the user to connect to a malicious RDP server.

Network File System RCE

The NFS vulnerability streak continues with CVE-2022-22029, a remote code execution with a CVSS score of 8.1. Similar to previous RCE vulnerabilities, an attacker needs to create an unauthenticated, specially crafted call to a NFS service to trigger a RCE.

Similar to previous NFS RCE vulnerabilities, you can use our NFS Server role audit to quickly identify your NFS servers.

Run the Patch Tuesday July 2022 Audit Report

To help manage your update progress, we've created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

The Lansweeper Patch Tuesday report is automatically added to Lansweeper Cloud sites. Lansweeper Cloud is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!

Patch Tuesday July 2022 CVE Codes & Titles

CVE NumberCVE Title
CVE-2022-33678Azure Site Recovery Remote Code Execution Vulnerability
CVE-2022-33677Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33676Azure Site Recovery Remote Code Execution Vulnerability
CVE-2022-33675Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33674Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33673Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33672Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33671Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33669Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33668Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33667Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33666Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33665Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33664Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33663Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33662Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33661Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33660Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33659Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33658Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33657Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33656Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33655Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33654Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33653Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33652Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33651Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33650Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33644Xbox Live Save Service Elevation of Privilege Vulnerability
CVE-2022-33643Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33642Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33641Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-33637Microsoft Defender for Endpoint Tampering Vulnerability
CVE-2022-33633Skype for Business and Lync Remote Code Execution Vulnerability
CVE-2022-33632Microsoft Office Security Feature Bypass Vulnerability
CVE-2022-30226Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-30225Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability
CVE-2022-30224Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
CVE-2022-30223Windows Hyper-V Information Disclosure Vulnerability
CVE-2022-30222Windows Shell Remote Code Execution Vulnerability
CVE-2022-30221Windows Graphics Component Remote Code Execution Vulnerability
CVE-2022-30220Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-30216Windows Server Service Tampering Vulnerability
CVE-2022-30215Active Directory Federation Services Elevation of Privilege Vulnerability
CVE-2022-30214Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-30213Windows GDI+ Information Disclosure Vulnerability
CVE-2022-30212Windows Connected Devices Platform Service Information Disclosure Vulnerability
CVE-2022-30211Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
CVE-2022-30209Windows IIS Server Elevation of Privilege Vulnerability
CVE-2022-30208Windows Security Account Manager (SAM) Denial of Service Vulnerability
CVE-2022-30206Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-30205Windows Group Policy Elevation of Privilege Vulnerability
CVE-2022-30203Windows Boot Manager Security Feature Bypass Vulnerability
CVE-2022-30202Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
CVE-2022-30187Azure Storage Library Information Disclosure Vulnerability
CVE-2022-30181Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-27776HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data
CVE-2022-26934Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-26896Azure Site Recovery Information Disclosure Vulnerability
CVE-2022-24513Visual Studio Elevation of Privilege Vulnerability
CVE-2022-23825AMD: CVE-2022-23825 AMD CPU Branch Type Confusion
CVE-2022-23816AMD: CVE-2022-23816 AMD CPU Branch Type Confusion
CVE-2022-22711Windows BitLocker Information Disclosure Vulnerability
CVE-2022-22050Windows Fax Service Elevation of Privilege Vulnerability
CVE-2022-22049Windows CSRSS Elevation of Privilege Vulnerability
CVE-2022-22048BitLocker Security Feature Bypass Vulnerability
CVE-2022-22047Windows CSRSS Elevation of Privilege Vulnerability
CVE-2022-22045Windows.Devices.Picker.dll Elevation of Privilege Vulnerability
CVE-2022-22043Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
CVE-2022-22042Windows Hyper-V Information Disclosure Vulnerability
CVE-2022-22041Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-22040Internet Information Services Dynamic Compression Module Denial of Service Vulnerability
CVE-2022-22039Windows Network File System Remote Code Execution Vulnerability
CVE-2022-22038Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2022-22037Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
CVE-2022-22036Performance Counters for Windows Elevation of Privilege Vulnerability
CVE-2022-22034Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-22031Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability
CVE-2022-22029Windows Network File System Remote Code Execution Vulnerability
CVE-2022-22028Windows Network File System Information Disclosure Vulnerability
CVE-2022-22027Windows Fax Service Remote Code Execution Vulnerability
CVE-2022-22026Windows CSRSS Elevation of Privilege Vulnerability
CVE-2022-22025Windows Internet Information Services Cachuri Module Denial of Service Vulnerability
CVE-2022-22024Windows Fax Service Remote Code Execution Vulnerability
CVE-2022-22023Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
CVE-2022-22022Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-21845Windows Kernel Information Disclosure Vulnerability
CVE-2021-43245Windows Digital TV Tuner Elevation of Privilege Vulnerability

Receive the Latest Patch Tuesday Report for FREE Every Month

  • Hidden
  • This field is for validation purposes and should be left unchanged.

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​