CVE-2022-22024

Q: What is the severity of CVE-2022-22024?

CVE-2022-22024 has a CVSS score of 7.8 (HIGH). CVE-2022-22024 is a remote code execution vulnerability in the Windows Fax Service that allows an attacker to execute arbitrary code with SYSTEM privileges on affected systems. This affects Windows servers and workstations running vulnerable versions of Windows. An attacker could exploit this by sending specially crafted packets to the Fax Service.

7.8 HIGH

Remote Code Execution

📋 TL;DR

CVE-2022-22024 is a remote code execution vulnerability in the Windows Fax Service that allows an attacker to execute arbitrary code with SYSTEM privileges on affected systems. This affects Windows servers and workstations running vulnerable versions of Windows. An attacker could exploit this by sending specially crafted packets to the Fax Service.

💻 Affected Systems

Products:

Windows Fax Service

Versions: Windows Server 2022, Windows 11, Windows Server 2019, Windows 10 Version 21H2, Windows 10 Version 21H1, Windows 10 Version 20H2, Windows Server 2016, Windows 10 Version 1607, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows Server 2008

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Fax Service must be enabled and accessible. Default Windows installations may have this service disabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with SYSTEM privileges, enabling lateral movement, data exfiltration, ransomware deployment, or complete system takeover.

🟠

Likely Case

Initial foothold leading to privilege escalation, persistence establishment, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact due to network segmentation, restricted service access, or exploit prevention controls blocking the attack vector.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Microsoft has not disclosed technical details. Exploitation requires network access to the Fax Service port.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2022 security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22024

Restart Required: Yes

Instructions:

1. Apply July 2022 Windows security updates via Windows Update. 2. For enterprise environments, deploy updates through WSUS or SCCM. 3. Restart affected systems after patch installation.

🔧 Temporary Workarounds

Disable Windows Fax Service

windows

Disables the vulnerable service to prevent exploitation

sc stop Fax
sc config Fax start= disabled

Block Fax Service Port

windows

Blocks network access to Fax Service default port

netsh advfirewall firewall add rule name="Block Fax Service" dir=in action=block protocol=TCP localport=445

🧯 If You Can't Patch

Disable Windows Fax Service if not required
Implement network segmentation to restrict access to Fax Service

🔍 How to Verify

Check if Vulnerable:

Check if Fax Service is running and system has not applied July 2022 security updates

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify July 2022 security updates are installed and Fax Service is either patched or disabled

📡 Detection & Monitoring

Log Indicators:

Unexpected Fax Service process creation
Network connections to Fax Service port from unusual sources
Security event logs showing service manipulation

Network Indicators:

Unusual traffic to TCP port 445 (Fax Service default)
Malformed packets to Fax Service

SIEM Query:

EventID=4688 AND ProcessName="faxsvc.exe" AND CommandLine CONTAINS suspicious

📊 Metadata

CVE ID: CVE-2022-22024

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published: July 12, 2022

Last Updated: November 21, 2024

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 11 by Microsoft

Windows 11 by Microsoft

Windows 7 by Microsoft

Windows 7 by Microsoft

Windows 8.1 by Microsoft

Windows 8.1 by Microsoft

Windows Rt 8.1 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Windows Fax Service

Block Fax Service Port

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export