Microsoft Security Bulletin Coverage for July 2022

By

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2022. A list of issues reported, along with SonicWall coverage information, is as follows:

CVE-2022-22034 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 340:Malformed-File exe.MP_261

CVE-2022-22047 Windows CSRSS Elevation of Privilege
ASY 339:Malformed-File exe.MP_260

CVE-2022-30202 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
ASPY 341:Malformed-File exe.MP_262

CVE-2022-30216 Windows Server Service Tampering Vulnerability
ASPY 334:Malformed-File exe.MP_258

CVE-2022-30220 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 335:Malformed-File exe.MP_259

Adobe Coverage:
CVE-2022-34215 Acrobat Reader Out-of-bounds Read Vulnerability
ASPY 336:Malformed-File pdf.MP_554

CVE-2022-34222 Acrobat Reader Out-of-bounds Read Vulnerability
ASPY 337:Malformed-File pdf.MP_555

CVE-2022-34227 Acrobat Reader Use After Free Vulnerability
ASPY 338:Malformed-File pdf.MP_556

The following vulnerabilities do not have exploits in the wild :
CVE-2022-21845 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-22022 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-22023 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-22024 Windows Fax Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-22025 Windows Internet Information Services Cachuri Module Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-22026 Windows CSRSS Elevation of Privilege
There are no known exploits in the wild.
CVE-2022-22027 Windows Fax Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-22028 Windows Network File System Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-22029 Windows Network File System Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-22031 Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-22036 Performance Counters for Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-22037 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-22038 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-22039 Windows Network File System Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-22040 Internet Information Services Dynamic Compression Module Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-22041 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-22042 Windows Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-22043 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-22045 Windows.Devices.Picker.dll Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-22048 BitLocker Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-22049 Windows CSRSS Elevation of Privilege
There are no known exploits in the wild.
CVE-2022-22050 Windows Fax Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-22711 Windows BitLocker Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-23816 AMD CPU Branch Type Confusion
There are no known exploits in the wild.
CVE-2022-23825 AMD CPU Branch Type Confusion
There are no known exploits in the wild.
CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data
There are no known exploits in the wild.
CVE-2022-30181 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-30187 Azure Storage Library Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-30203 Windows Boot Manager Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-30205 Windows Group Policy Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-30206 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-30208 Windows Security Account Manager (SAM) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-30209 Windows IIS Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-30211 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30212 Windows Connected Devices Platform Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-30213 Windows GDI+ Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-30214 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30215 Active Directory Federation Services Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-30221 Windows Graphics Component Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30222 Windows Shell Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30223 Windows Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-30224 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-30225 Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-30226 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33632 Microsoft Office Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-33633 Skype for Business and Lync Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-33637 Microsoft Defender for Endpoint Tampering Vulnerability
There are no known exploits in the wild.
CVE-2022-33640 Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33641 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33642 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33643 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33644 Xbox Live Save Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33650 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33651 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33652 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33653 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33654 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33655 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33656 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33657 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33658 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33659 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33660 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33661 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33662 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33663 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33664 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33665 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33666 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33667 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33668 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33669 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33671 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33672 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33673 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33674 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33675 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33676 Azure Site Recovery Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-33677 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33678 Azure Site Recovery Remote Code Execution Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.