{"uuid": "fc60ee3a-ebf2-4280-9121-98e842ca656f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2294", "type": "published-proof-of-concept", "source": "https://t.me/avleonovrus/36", "content": "\u0412\u0438\u0434\u044f\u0448\u0435\u0447\u043a\u0430 \u043f\u0440\u043e \u0438\u044e\u043b\u044c\u0441\u043a\u0438\u0439 Microsoft Patch Tuesday \u0438 \u043f\u0440\u043e \u0442\u043e, \u0447\u0442\u043e Microsoft \u0442\u0432\u043e\u0440\u0438\u0442 \u0434\u0438\u0447\u044c. \u0412 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0435 \u0432\u0441\u0435 \u0442\u043e \u0436\u0435, \u043e \u0447\u0435\u043c \u0442\u0443\u0442 \u043f\u0438\u0441\u0430\u043b. \u041d\u0443 \u0438 \u043f\u0440\u043e \u0440\u0435\u043f\u043e\u0440\u0442 \u043c\u0430\u0439\u043a\u0440\u043e\u0441\u043e\u0444\u0442\u043e\u0432\u0441\u043a\u0438\u0439 \u0442\u043e\u0436\u0435 \u043d\u0430\u043a\u0438\u043d\u0443\u043b \u043d\u0435\u043c\u043d\u043e\u0436\u043a\u043e \u0434\u043b\u044f \u0437\u0430\u0442\u0440\u0430\u0432\u043a\u0438. \ud83d\ude42\n\n\u2014-\n\nHello everyone! Microsoft has been acting weird lately. I mean the recent publication of a propaganda report about evil Russians and how Microsoft is involved in the conflict between countries. It wouldn't be unusual for a US government agency, NSA or CIA to publish such a report. But when a global IT vendor, which, in theory, should be more or less neutral, does this\u2026 This is a clear signal. It's not about business anymore. \n\nI'll take a closer look at this report in the next episode of the Vulnerability Management news, but for now let's take a look at Microsoft July Patch Tuesday. Yes, the vendor is behaving strangely, but Microsoft products need to be patched. Right? At least for now. And tracking vulnerabilities is always a good thing. \ud83d\ude42\n\n01:32 CSRSS Elevation of Privilege (CVE-2022-22047)\n04:36 RPC Remote Code Execution (CVE-2022-22038)\n05:44 Microsoft Edge Memory Corruption (CVE-2022-2294)\n06:55 32 vulnerabilities in Azure Site Recovery\n\nVideo: https://youtu.be/HjfxxcqWrH4\nVideo2 (for Russia): https://vk.com/video-149273431_456239096\nBlogpost: https://avleonov.com/2022/07/23/microsoft-patch-tuesday-july-2022-propaganda-report-csrss-eop-rpc-rce-edge-azure-site-recovery/\nFull report: https://avleonov.com/vulristics_reports/ms_patch_tuesday_july2022_report_with_comments_ext_img.html\n\n@avleonovrus #microsoft #patchtuesday", "creation_timestamp": "2023-10-21T12:56:55.000000Z"}