Alert GCSA-22076 - Microsoft Security Update Luglio 2022

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256





******************************************************************

Alert ID: GCSA-22076
Data: 13 Luglio 2022
Titolo: Microsoft Security Update Luglio 2022

******************************************************************


:: Descrizione del problema

Microsoft ha rilasciato il security update mensile per Luglio 2022,
questa versione risolve 84 vulnerabilita', delle quali una zero-day.

La CVE-2022-22047 risulta essere sfruttata attivamente in rete.

Maggiori dettagli sono disponibili alla sezione "Riferimenti".


:: Software interessato


AMD CPU Branch
Azure Site Recovery
Azure Storage Library
Microsoft Defender for Endpoint
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Office
Open Source Software
Role: DNS Server
Role: Windows Fax Service
Role: Windows Hyper-V
Skype for Business and Microsoft Lync
Windows Active Directory
Windows Advanced Local Procedure Call
Windows BitLocker
Windows Boot Manager
Windows Client/Server Runtime Subsystem
Windows Connected Devices Platform Service
Windows Credential Guard
Windows Fast FAT Driver
Windows Fax and Scan Service
Windows Group Policy
Windows IIS
Windows Kernel
Windows Media
Windows Network File System
Windows Performance Counters
Windows Point-to-Point Tunneling Protocol
Windows Portable Device Enumerator Service
Windows Print Spooler Components
Windows Remote Procedure Call Runtime
Windows Security Account Manager
Windows Server Service
Windows Shell
Windows Storage
XBox


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
Information Disclosure (ID)
Bypass restrizioni di sicurezza
Tampering


:: Soluzioni

Per default l'installazione degli aggiornamenti
avviene in maniera automatica.

Per installare manualmente scegliere
Start > Impostazioni > Aggiornamento e Sicurezza > Windows Update

Verificare di aver installato la versione piu' recente del
Servicing Stack Updates
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
https://docs.microsoft.com/it-it/windows/deployment/update/servicing-stack-updates

Windows Update domande frequenti
https://support.microsoft.com/en-us/help/12373/windows-update-faq

Gli aggiornamenti sono disponibili anche tramite il catalogo di Microsoft Update
https://www.catalog.update.microsoft.com/

Gli utenti che utilizzano ancora Windows 7, Windows Server 2008 o 2008 R2
devono acquistare l'Extended Security Update per continuare a ricevere gli aggiornamenti
https://support.microsoft.com/en-hk/help/4522133/procedure-to-continue-receiving-security-updates


:: Riferimenti

Microsoft Security Updates - Release Notes
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul
https://msrc-blog.microsoft.com/2022/07/12/microsoft-mitigates-azure-site-recovery-vulnerabilities/

CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-mensili-microsoft-al01-220713-csirt-ita

CIS - Center for Internet Security
https://www.cisecurity.org/advisory/critical-patches-issued-for-microsoft-products-july-12-2022_2022-089

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30209
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33633
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33673
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33677
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33678



GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert




-----BEGIN PGP SIGNATURE-----

iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYs6dogAKCRDBnEyTZRJg
QsOOAJ9F4VbxI+gmSVJCWC6XInj+JnIQSgCguLWw74VXImhO01f72vWGPQQjiMg=
=T7ob
-----END PGP SIGNATURE-----