10 of the 128 bug fixes are rated as Critical, 115 are rated as Major and three are rated as moderate in severity, with one defect being reported as publicly known and another being actively attacked at the time of release. The updates are in addition to 26 other bugs that Microsoft has fixed in the Chromium-based Edge browser since the beginning of the month. The defect that was actively exploited (CVE-2022-24521, CVSS rating: 7.8) is related to the increased vulnerability of the privileges in the common Windows log file system (CLFS). U.S. National Security Agency (NSA) and CrowdStrike investigators Adam Podlosky and Amir Bazine were credited with reporting the flaw. The second well-known zero-day defect (CVE-2022-26904, CVSS rating: 7.0) also concerns a case of escalating privileges in the Windows User Profile Service, the successful exploitation of which “requires an attacker to win a race condition”. Other critical bugs to note include a number of remote code execution bugs in the RPC runtime library (CVE-2022-26809, CVSS rating: 9.8), the Windows network file system (CVE-2022-24491, and CVE-2022-24497). , CVSS Ratings: 9.8), Windows Server Service (CVE-2022-24541), Windows SMB (CVE-2022-24500) and Microsoft Dynamics 365 (CVE-2022-23259). Microsoft also fixes up to 18 bugs in Windows DNS Server, one information leak, and 17 remote code execution bugs, all reported by security researcher Yuki Chen. Also, 15 privilege scaling flaws were fixed in Windows Print Spooler. The patches come a week after the tech giant announced plans to launch a feature called AutoPatch in July 2022, which allows businesses to speed up security patches in a timely manner, emphasizing scalability and stability.
Software patches from other vendors
In addition to Microsoft, security updates have been released by other vendors to fix many vulnerabilities, counting –
