SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Microsoft’s security update includes 84 vulnerabilities, one that’s exploited in the wild
Description: Microsoft released its monthly security update Tuesday, disclosing more than 80 vulnerabilities in the company’s various software, hardware and firmware offerings, including one that’s actively being exploited in the wild. July's security update features three critical vulnerabilities, up from one last month, still lower than Microsoft’s average in a Patch Tuesday. All the other vulnerabilities fixed are considered “important.” All three critical vulnerabilities allow remote code execution on Microsoft Windows Systems. Of these, Microsoft considers the exploitation of CVE-2022-22029, CVE-2022-22038 and CVE-2022-22039 less likely to occur. CVE-2022-22029 could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS). However, according to Microsoft, it has high attack complexity and would require repeated exploitation attempts through sending constant or intermittent data. Another critical vulnerability, CVE-2022-22038, is also considered to be more difficult to exploit because it requires undisclosed additional actions by an attacker to prepare the target environment for exploitation. CVE-2022-22039 iss another remote code execution flaw in Windows Network File System that requires an attacker to win a race condition to exploit it, making this vulnerability less likely to be exploited.
References: https://blog.talosintelligence.com/2022/07/microsoft-patch-tuesday-for-july-2022.html
Snort SIDs: 60191, 60192, 60198, 60199, 60201, 60202, 60206, 60207, 60213 and 60214. Additionally, Snort 3 SIDs: 300215 and 300216.
Title: Adobe discloses critical vulnerabilities in Acrobat, Reader and Photoshop
Description: Adobe released a large swath of patches for its products Tuesday, including disclosing 22 vulnerabilities in Adobe Acrobat Reader, some of which could lead to arbitrary code execution. Affected product versions include Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat 2017 and Acrobat Reader 2017. Cisco Talos discovered one of the vulnerabilities, CVE-2022-34230, a use-after-free issue that is triggered if the targeted user opens a PDF with specially crafted, malicious JavaScript. The code could give attackers control over reused memory, which can lead to arbitrary code execution.
References: https://www.securityweek.com/adobe-patch-tuesday-critical-flaws-acrobat-reader-photoshop
Snort SIDs: 59644 and 59645