Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s July 2022 Security Updates. VERT is actively working on coverage for these Patch Tuesday vulnerabilities and expects to ship ASPL-1011 on Wednesday, July 13th.

In-The-Wild & Disclosed CVEs


Microsoft is reporting this month that a single vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) is the only one that has seen active exploitation. The vulnerability was reported by the Microsoft Threat Intelligence Center (MSTIC).

CVE Breakdown by Tag

Historical Microsoft Security Bulletin groupings are gone. However, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per-tag basis.

Vulnerabilities are also color-coded to aid with identifying key issues:

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed
TagCVE CountCVEs
Azure Storage Library1CVE-2022-30187
Windows Storage1CVE-2022-30220
Open Source Software1CVE-2022-27776
Windows Portable Device Enumerator Service1CVE-2022-22023
Windows Media2CVE-2022-30225, CVE-2022-22045
Windows Group Policy1CVE-2022-30205
Windows Client/Server Runtime Subsystem3CVE-2022-22026, CVE-2022-22047, CVE-2022-22049
Windows Network File System3CVE-2022-22028, CVE-2022-22029, CVE-2022-22039
AMD CPU Branch2CVE-2022-23816, CVE-2022-23825
Windows Performance Counters1CVE-2022-22036
Microsoft Graphics Component3CVE-2022-30213, CVE-2022-30221, CVE-2022-22034
Windows Security Account Manager1CVE-2022-30208
Windows Shell1CVE-2022-30222
Windows Kernel1CVE-2022-21845
Windows Server Service1CVE-2022-30216
Microsoft Office1CVE-2022-33632
Windows Remote Procedure Call Runtime1CVE-2022-22038
Azure Site Recovery32CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33676, CVE-2022-33677, CVE-2022-33678
Windows Active Directory1CVE-2022-30215
Windows Credential Guard1CVE-2022-22031
Windows IIS3CVE-2022-30209, CVE-2022-22025, CVE-2022-22040
Role: DNS Server1CVE-2022-30214
Skype for Business and Microsoft Lync1CVE-2022-33633
Windows Advanced Local Procedure Call3CVE-2022-30202, CVE-2022-30224, CVE-2022-22037
Windows Connected Devices Platform Service1CVE-2022-30212
Windows Point-to-Point Tunneling Protocol1CVE-2022-30211
Windows Print Spooler Components4CVE-2022-30206, CVE-2022-30226, CVE-2022-22022, CVE-2022-22041
Role: Windows Hyper-V2CVE-2022-30223, CVE-2022-22042
Windows BitLocker2CVE-2022-22711, CVE-2022-22048
Microsoft Defender for Endpoint1CVE-2022-33637
Microsoft Edge (Chromium-based)2CVE-2022-2294, CVE-2022-2295
Role: Windows Fax Service2CVE-2022-22024, CVE-2022-22027
Windows Fast FAT Driver1CVE-2022-22043
Windows Fax and Scan Service1CVE-2022-22050
Windows Boot Manager1CVE-2022-30203

Other Information

There were no advisories included with the July Security Guidance.