Virtual Administrator’s July 2022 Patch Recommendations
This month Microsoft released patches for 86 vulnerabilities with 4 rated “Critical” in severity.
All patches will be approved in our patch policy.
More patches this month but there are only few known issues. CVE-2022-22047 is one of three (CVE-2022-22026,CVE-2022-22049) elevation of privilege vulnerabilities affecting the Windows Client Server Run-Time Subsystem (CSRSS). CVE-2022-22047 is being exploited. Per the advisory, “an attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” This month’s four Critical vulnerabilities (CVE-2022-30221,CVE-2022-22029,CVE-2022-22038,CVE-2022-22039) are listed as less likely to be exploited. CVE-2022-22029 and CVE-2022-22039 affect Network File System (NFS) server. CVE-2022-22038 affects the Remote Procedure Call (RPC) runtime and CVE-2022-30221 is a Windows Graphics Component Remote Code Execution (RCE) vulnerability. The endless elevation of privilege vulnerabilities in Windows Print Spooler resume with CVE-2022-22022, CVE-2022-22041, CVE-2022-30206, and CVE-2022-30226. There are some new standalone SSUs for older systems.
The Wi-Fi hotspot connectivity issue from June has been fixed. A new issue surfaced last month where the “IE mode tabs in Microsoft Edge might stop responding when a site displays a modal dialog box.” See Known Issues and FYI below.
Disclosed: None
Exploited: CVE-2022-22047
FYI Known Issue Rollback(KIR)
KIR was introduced last year to address an inherent weakness of Cumulative Updates/Monthly Rollups. KIR will remove non-security bug fixes but leave the rest of the Cumulative Updates/Monthly Rollups installed. It works around the “all or nothing” impasse as we can remove buggy patches and still leave the systems protected.
Known Issue Rollback: Helping you keep Windows devices protected and productive
How to Use Known Issue Rollback to Fix Problems Caused by Windows Updates
Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
Microsoft Security Advisories
ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:07/12/2022)
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.
NOTE: Some Windows 10 Security Stack Updates were released as standalone this month.
Known Issues
A couple known issues are listed below and include problems with Microsoft Edge and Office 2013.
Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.
IE mode tabs in Microsoft Edge might stop responding when a site displays a modal dialog box.
Affects: Windows 10/11 and Server 2022
Symptom: After installing this update, IE mode tabs in Microsoft Edge might stop responding when a site displays a modal dialog box. A modal dialog box is a form or dialog box that requires the user to respond before continuing or interacting with other portions of the webpage or app.
Developer Note Sites affected by this issue call window.focus.
Status: This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue can resolve it by installing and configuring the special Group Policy listed below. For information on deploying and configuring these special Group Policy, please see How to use Group Policy to deploy a Known Issue Rollback.
Important You will need to install and configure the Group Policy for your version of Windows to resolve this issue.
KB5002121 breaks MS Access runtime applications
Description of the security update for Office 2013: July 12, 2022 (KB5002121)
Symptom: After this update is installed, when you open an ACCDE or MDE file in Microsoft Access, you might receive an error message that states, “Requested type library or wizard is not a VBA project.” Additionally, the file won’t open.
Workaround: Uninstall KB5002121
Status: Microsoft is researching this issue and will update this article when a fix is available.
Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.
Windows release health
https://docs.microsoft.com/en-us/windows/release-health/
Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB5015861 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5015874 – Windows 8.1, Windows Server 2012 R2
- KB5014747 – Windows Server 2012
- KB5015866 – Windows Server 2008 (ESU)
Security Only Update
- KB5015862 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5015877 – Windows 8.1, Windows Server 2012 R2
- KB5014741 – Windows Server 2012
- KB5015870 – Windows Server 2008 (ESU)
Cumulative Updates
Windows 10
- KB5015832 – Original release version 1507 (OS Build 10240)
- KB5015808 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB5015811 – Version 1809 “October 2018 Update” (OS Build 17763)
- KB5015807 – Version 20H2 “October 2020 Update” (OS Build 19042)
- KB5015807 – Version 21H1 “May 2021 Update” (OS Build 19043)
- KB5015807 – Version 21H2 “November 2021 Update” (OS Build 19044)
(Versions 1511,1703,1709,1803,1903,2004 are no longer under support)
Windows 11
- KB5015814 – Original release (OS Build 22000)
Windows Server
- KB5015808 – Server 2016 (same KB as Windows 10 Version 1607)
- KB5015811 – Server 2019 (same KB as Windows 10 Version 1809)
- KB5015827 – Server 2022 (OS Build 20348)
July 2022 updates for Microsoft Office
Notable CVEs
CVE-2022-30221 | Windows Graphics Component Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30221
CVE-2022-30222 | Windows Shell Remote Code Execution Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30222
CVE-2022-22026 | Windows CSRSS Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22026
CVE-2022-22029 | Windows Network File System Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22029
CVE-2022-22038 | Remote Procedure Call Runtime Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22038
CVE-2022-22039 | Windows Network File System Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22039
CVE-2022-22047 | Windows CSRSS Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047
CVE-2022-22049 | Windows CSRSS Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22049