July Patch Tuesday Updates Fix 84 Vulnerabilities and LDAP Gets TLS 1.3
Microsoft released the July 2022 Patch Tuesday updates yesterday for all supported versions of Windows. Even though you may want to lay back and relax during the summer, Microsoft fixed no less than 84 vulnerabilities this month, so you may not want to skip the company’s latest patches.
Critical Windows vulnerabilities in July Patch Tuesday updates
This month, Microsoft addressed 84 Windows vulnerabilities, and four of them are rated critical. As pointed out by the Zero Day Initiative, though, Microsoft has yet to fix the security flaws in Windows 11 and Microsoft Teams that have been discovered during the recent Pwn2Own competition in May.
Anyway, here’s what you need to know about the four critical vulnerabilities Microsoft fixed this month:
- CVE-2022-22047: This critical elevation of privilege vulnerability in the Client/Server Runtime Subsystem could allow an attacker who successfully exploited it to gain SYSTEM privileges. Microsoft said that this vulnerability is already being exploited in the wild, even though it hasn’t been publicly disclosed.
- CVE-2022-30216: This critical tampering vulnerability in the Windows Server Service could allow an authenticated attacker to remotely upload a certificate to the Server service. Microsoft said that this tampering vulnerability hasn’t been exploited yet.
- CVE-2022-22029: This remote code execution vulnerability in the Windows Network File System could be exploited over the network by attackers making an unauthenticated, specially crafted call to a Network File System (NFS) service.
- CVE-2022-22038: According to Microsoft, the attack complexity for this critical Procedure Call Runtime remote code execution vulnerability is high and “requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.”
Table 1 – Patch Tuesday updates July 2022
| Windows 10 Version 1607 for 32-bit Systems | Security Feature Bypass | Important | 5015808 | CVE-2022-22048 |
| Windows 10 for x64-based Systems | Security Feature Bypass | Important | 5015832 | CVE-2022-22048 |
| Windows 10 for 32-bit Systems | Security Feature Bypass | Important | 5015832 | CVE-2022-22048 |
| Windows 10 Version 21H2 for x64-based Systems | Security Feature Bypass | Important | 5015807 | CVE-2022-22048 |
| Windows 10 Version 21H2 for ARM64-based Systems | Security Feature Bypass | Important | 5015807 | CVE-2022-22048 |
| Windows 10 Version 21H2 for 32-bit Systems | Security Feature Bypass | Important | 5015807 | CVE-2022-22048 |
| Windows 11 for ARM64-based Systems | Security Feature Bypass | Important | 5015814 | CVE-2022-22048 |
| Windows 11 for x64-based Systems | Security Feature Bypass | Important | 5015814 | CVE-2022-22048 |
| Windows Server, version 20H2 (Server Core Installation) | Security Feature Bypass | Important | 5015807 | CVE-2022-22048 |
| Windows 10 Version 20H2 for ARM64-based Systems | Security Feature Bypass | Important | 5015807 | CVE-2022-22048 |
| Windows 10 Version 20H2 for 32-bit Systems | Security Feature Bypass | Important | 5015807 | CVE-2022-22048 |
| Windows 10 Version 20H2 for x64-based Systems | Security Feature Bypass | Important | 5015807 | CVE-2022-22048 |
| Windows Server 2022 (Server Core installation) | Security Feature Bypass | Important | 5015827 | CVE-2022-22048 |
| Windows Server 2022 | Security Feature Bypass | Important | 5015827 | CVE-2022-22048 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5015874 | CVE-2022-22047 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5015877 | CVE-2022-22047 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Information Disclosure | Important | CVE-2022-23825 | |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Information Disclosure | Important | CVE-2022-23825 | |
| Windows 10 Version 1607 for 32-bit Systems | Information Disclosure | Important | CVE-2022-23825 | |
| Windows 10 for x64-based Systems | Information Disclosure | Important | CVE-2022-23825 | |
| Windows 10 for 32-bit Systems | Information Disclosure | Important | CVE-2022-23825 | |
| Windows 10 Version 21H1 for x64-based Systems | Information Disclosure | Important | CVE-2022-23825 | |
| Windows Server 2019 (Server Core installation) | Information Disclosure | Important | CVE-2022-23825 | |
| Windows Server 2019 | Information Disclosure | Important | CVE-2022-23825 | |
| Windows 10 Version 1809 for ARM64-based Systems | Information Disclosure | Important | CVE-2022-23825 | |
| Windows 10 Version 1809 for x64-based Systems | Information Disclosure | Important | CVE-2022-23825 | |
| Windows 10 Version 1809 for 32-bit Systems | Information Disclosure | Important | CVE-2022-23825 | |
| Azure Site Recovery VMWare to Azure | Elevation of Privilege | Important | Update Information | CVE-2022-33672 |
| Windows Server 2012 R2 (Server Core installation) | Information Disclosure | Important | CVE-2022-23816 | |
| Windows Server 2012 R2 | Information Disclosure | Important | CVE-2022-23816 | |
| Windows Server 2012 (Server Core installation) | Information Disclosure | Important | CVE-2022-23816 | |
| Windows Server 2012 | Information Disclosure | Important | CVE-2022-23816 | |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | CVE-2022-23816 | |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Information Disclosure | Important | CVE-2022-23816 | |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | CVE-2022-23816 | |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Information Disclosure | Important | CVE-2022-23816 | |
| Microsoft Office LTSC 2021 for 64-bit editions | Security Feature Bypass | Important | Click to Run | CVE-2022-33632 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Elevation of Privilege | Important | 5015866 | CVE-2022-22050 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Elevation of Privilege | Important | 5015870 | CVE-2022-22050 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Elevation of Privilege | Important | 5015866 | CVE-2022-22050 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Elevation of Privilege | Important | 5015870 | CVE-2022-22050 |
| Windows RT 8.1 | Elevation of Privilege | Important | 5015874 | CVE-2022-22050 |
| Windows 8.1 for x64-based systems | Elevation of Privilege | Important | 5015874 | CVE-2022-22050 |
| Windows 8.1 for x64-based systems | Elevation of Privilege | Important | 5015877 | CVE-2022-22050 |
| Windows 8.1 for 32-bit systems | Elevation of Privilege | Important | 5015874 | CVE-2022-22050 |
| Windows 8.1 for 32-bit systems | Elevation of Privilege | Important | 5015877 | CVE-2022-22050 |
| Windows 7 for x64-based Systems Service Pack 1 | Elevation of Privilege | Important | 5015861 | CVE-2022-22050 |
| Windows 7 for x64-based Systems Service Pack 1 | Elevation of Privilege | Important | 5015862 | CVE-2022-22050 |
| Windows 7 for 32-bit Systems Service Pack 1 | Elevation of Privilege | Important | 5015861 | CVE-2022-22050 |
| Windows 7 for 32-bit Systems Service Pack 1 | Elevation of Privilege | Important | 5015862 | CVE-2022-22050 |
| Windows Server 2016 (Server Core installation) | Elevation of Privilege | Important | 5015808 | CVE-2022-22050 |
| Windows Server 2016 | Elevation of Privilege | Important | 5015808 | CVE-2022-22050 |
| Windows 10 Version 1607 for x64-based Systems | Elevation of Privilege | Important | 5015808 | CVE-2022-22050 |
| Windows 10 Version 21H1 for 32-bit Systems | Elevation of Privilege | Important | 5015807 | CVE-2022-22050 |
| Windows Server 2012 R2 | Elevation of Privilege | Important | 5015874 | CVE-2022-22049 |
| Windows Server 2012 R2 | Elevation of Privilege | Important | 5015877 | CVE-2022-22049 |
| Windows 10 Version 21H1 for ARM64-based Systems | Elevation of Privilege | Important | 5015807 | CVE-2022-22050 |
| Windows Server 2012 (Server Core installation) | Elevation of Privilege | Important | 5015863 | CVE-2022-22049 |
| Windows Server 2012 (Server Core installation) | Elevation of Privilege | Important | 5015875 | CVE-2022-22049 |
| Windows 10 Version 21H1 for x64-based Systems | Elevation of Privilege | Important | 5015807 | CVE-2022-22050 |
| Windows Server 2012 | Elevation of Privilege | Important | 5015863 | CVE-2022-22049 |
| Windows Server 2012 | Elevation of Privilege | Important | 5015875 | CVE-2022-22049 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Elevation of Privilege | Important | 5015861 | CVE-2022-22049 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Elevation of Privilege | Important | 5015862 | CVE-2022-22049 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Elevation of Privilege | Important | 5015861 | CVE-2022-22049 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Elevation of Privilege | Important | 5015862 | CVE-2022-22049 |
| Windows RT 8.1 | Information Disclosure | Important | CVE-2022-23825 | |
| Windows 8.1 for x64-based systems | Information Disclosure | Important | CVE-2022-23825 | |
| Windows 8.1 for 32-bit systems | Information Disclosure | Important | CVE-2022-23825 | |
| Windows 7 for x64-based Systems Service Pack 1 | Information Disclosure | Important | CVE-2022-23825 | |
| Windows 7 for 32-bit Systems Service Pack 1 | Information Disclosure | Important | CVE-2022-23825 | |
| Windows Server 2016 (Server Core installation) | Information Disclosure | Important | CVE-2022-23825 | |
| Windows Server 2016 | Information Disclosure | Important | CVE-2022-23825 | |
| Windows 10 Version 1607 for x64-based Systems | Information Disclosure | Important | CVE-2022-23825 | |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Elevation of Privilege | Important | 5015866 | CVE-2022-22049 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Elevation of Privilege | Important | 5015870 | CVE-2022-22049 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Elevation of Privilege | Important | 5015866 | CVE-2022-22049 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Elevation of Privilege | Important | 5015870 | CVE-2022-22049 |
| Windows Server 2019 (Server Core installation) | Elevation of Privilege | Important | 5015811 | CVE-2022-22050 |
| Windows Server 2019 | Elevation of Privilege | Important | 5015811 | CVE-2022-22050 |
| Windows 10 Version 1809 for ARM64-based Systems | Elevation of Privilege | Important | 5015811 | CVE-2022-22050 |
| Windows 10 Version 1809 for x64-based Systems | Elevation of Privilege | Important | 5015811 | CVE-2022-22050 |
| Windows 10 Version 1809 for 32-bit Systems | Elevation of Privilege | Important | 5015811 | CVE-2022-22050 |
| Windows 10 Version 21H2 for x64-based Systems | Information Disclosure | Important | CVE-2022-23816 | |
| Windows 10 Version 21H2 for ARM64-based Systems | Information Disclosure | Important | CVE-2022-23816 | |
| Windows 10 Version 21H2 for 32-bit Systems | Information Disclosure | Important | CVE-2022-23816 | |
| Windows 11 for ARM64-based Systems | Information Disclosure | Important | CVE-2022-23816 | |
| Windows 11 for x64-based Systems | Information Disclosure | Important | CVE-2022-23816 | |
| Windows 10 Version 20H2 for ARM64-based Systems | Information Disclosure | Important | CVE-2022-23816 | |
| Windows 10 Version 20H2 for 32-bit Systems | Information Disclosure | Important | CVE-2022-23816 | |
| Windows 10 Version 20H2 for x64-based Systems | Information Disclosure | Important | CVE-2022-23816 | |
| Windows 10 Version 21H1 for 32-bit Systems | Information Disclosure | Important | CVE-2022-23816 | |
| Windows 10 Version 21H1 for ARM64-based Systems | Information Disclosure | Important | CVE-2022-23816 | |
| Azure Storage Blobs client library for Python | Information Disclosure | Important | Update Information | CVE-2022-30187 |
| Azure Storage Queues client library for Python | Information Disclosure | Important | Update Information | CVE-2022-30187 |
| Azure Storage Blobs client library for Java | Information Disclosure | Important | Update Information | CVE-2022-30187 |
| Azure Storage Queues client library for .NET | Information Disclosure | Important | Update Information | CVE-2022-30187 |
| Azure Storage Blobs client library for .NET | Information Disclosure | Important | Update Information | CVE-2022-30187 |
| Microsoft Defender for Endpoint for Linux | Tampering | Important | CVE-2022-33637 | |
| Microsoft Office 2019 for 64-bit editions | Security Feature Bypass | Important | Click to Run | CVE-2022-33632 |
| Microsoft Office 2019 for 32-bit editions | Security Feature Bypass | Important | Click to Run | CVE-2022-33632 |
| Microsoft Office LTSC 2021 for 32-bit editions | Security Feature Bypass | Important | Click to Run | CVE-2022-33632 |
| Skype for Business Server 2019 CU6 | Remote Code Execution | Important | 5016714 | CVE-2022-33633 |
| Skype for Business Server 2015 CU12 | Remote Code Execution | Important | 5016714 | CVE-2022-33633 |
| Microsoft Lync Server 2013 CU10 | Remote Code Execution | Important | 5016714 | CVE-2022-33633 |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | Security Feature Bypass | Important | 5002121 | CVE-2022-33632 |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | Security Feature Bypass | Important | 5002121 | CVE-2022-33632 |
| Microsoft Office 2013 RT Service Pack 1 | Security Feature Bypass | Important | 5002121 | CVE-2022-33632 |
| Microsoft Office 2016 (64-bit edition) | Security Feature Bypass | Important | 5002112 | CVE-2022-33632 |
| Microsoft Office 2016 (32-bit edition) | Security Feature Bypass | Important | 5002112 | CVE-2022-33632 |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Security Feature Bypass | Important | Click to Run | CVE-2022-33632 |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Security Feature Bypass | Important | Click to Run | CVE-2022-33632 |
| Remote Desktop client for Windows Desktop | Remote Code Execution | Critical | Release Notes | CVE-2022-30221 |
Quality and experience updates
On Windows 11, this month’s Patch Tuesday update also marks the public rollout of the Search Highlights feature that was previously introduced on Windows 10 earlier this year. Search Highlights adds various pieces of information to the Windows 11 Search Menu including important events, Bing trending searches, and more.
For users signed in with a work account, Search Highlights will add information about their company’s organization, including important documents and colleagues. The feature can be turned off in Windows settings, and IT admins can also use Group Policy to disable it for all users in their organization.
In addition to this new Search Highlights feature, this month’s Patch Tuesday update also fixes some wireless connectivity issues on Windows 11: Microsoft has addressed an issue that was preventing some PCs to reconnect to some Bluetooth audio devices after a reboot. Moreover, the company addressed an issue that prevented some Windows 11 users from using the Wi-Fi hotspot feature.
On the networking front, this month’s Patch Tuesday update adds support for Transport Layer Security (TLS) 1.3 in Windows client and server Lightweight Directory Access Protocol (LDAP) implementations. Moreover, it also makes the SMB client and SMB server cipher suite order configurable using PowerShell.
Windows Update testing and best practices
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.
If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.