Reports indicated that an elevation of privilege vulnerability (CVE-2022-22047) in Microsoft Windows and Server is being actively exploited in the wild. In addition, multiple vulnerabilities (CVE-2022-22029, CVE-2022-22038, CVE-2022-22039, CVE-2022-30216 and CVE-2022-30221) are also at a high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Microsoft Windows 7, 8.1, RT 8.1, 10, 11
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022
Microsoft Windows Server, version 20H2
Microsoft Office 2013, 2013 RT, 2016, 2019, LTSC 2021
Microsoft 365 Apps for Enterprise
Azure Site Recovery VMWare to Azure
Azure Storage Blobs client library for .NET, Java, Python
Azure Storage Queues client library for .NET, Python
Microsoft Lync Server 2013
Remote Desktop client for Windows Desktop
Skype for Business Server 2015, 2019
Depending on the vulnerability exploited, a successful attack could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security feature bypass and tampering.
Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.