Patch tirsdag - Kritiske patches til Microsoft-produkter

"Zero-day" sårbarheden der kan eskalere lokale privilegier (CVE-2022- 22047) er bl.a. blevet rettet i forbindelse med denne uges patches.

Brugere der har færre rettigheder på systemer bliver naturligvis mindre påvirket end dem, der opererer med administrative rettigheder.

Windows CSRSS "Elevation of Privileges" sårbarheden har betydning for følgende systemer:

  • AMD CPU Branch
  • Azure Site Recovery
  • Azure Storage Library
  • Microsoft Defender for Endpoint
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Office
  • Open Source Software
  • Role: DNS Server
  • Role: Windows Fax Service
  • Role: Windows Hyper-V
  • Skype for Business and Microsoft Lync
  • Windows Active Directory
  • Windows Advanced Local Procedure Call
  • Windows BitLocker
  • Windows Boot Manager
  • Windows Client/Server Runtime Subsystem
  • Windows Connected Devices Platform Service
  • Windows Credential Guard
  • Windows Fast FAT Driver
  • Windows Fax and Scan Service
  • Windows Group Policy
  • Windows IIS
  • Windows Kernel
  • Windows Media
  • Windows Network File System
  • Windows Performance Counters
  • Windows Point-to-Point Tunneling Protocol
  • Windows Portable Device Enumerator Service
  • Windows Print Spooler Components
  • Windows Remote Procedure Call Runtime
  • Windows Security Account Manager
  • Windows Server Service
  • Windows Shell
  • Windows Storage
  • XBox

Links:

https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2022-+22047