Microsoft fixes 121 vulnerabilities, including 17 ‘critical’ and the rest ‘important’ in its August 2022 Patch Tuesday update. Compared to last month’s Patch Tuesday, critical vulnerabilities are increased by 325%. The most critical vulnerabilities are remote code execution and the rest are elevation of privilege.
This month, two Zero-day flaws have been fixed. Both vulnerabilities are important with remote code execution in MSDT (CVE-2022-34713) and Information Disclosure in Microsoft Exchange (CVE-2022-30134). The remote code execution vulnerability is being actively exploited, whereas the other is not detected as such. Both vulnerabilities are publicly disclosed, as stated by Microsoft.
Zero-day Vulnerabilities
Patch Tuesday August 2022 fixed critical zero-day vulnerabilities like:
CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. An attacker must convince a target to open a booby-trapped file, such as an Office document. This CVE is a variant of the vulnerability publicly known as Dogwalk.
CVE-2022-30134 – Microsoft Exchange Information Disclosure Vulnerability. A user of an affected version of Exchange Server must access a malicious server to exploit this vulnerability. An attacker needs to host a server share or website that has been specially crafted to exploit this vulnerability. The successfully exploitation of the vulnerability could allow attackers to read targeted email messages.
Active Exploits
CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. This CVE is a variant of the vulnerability publicly known as Dogwalk. This is actively exploited as stated by Microsoft.
Critical Vulnerabilities
Patch Tuesday August 2022 also fixed a number of critical vulnerabilities as well.
CVE-2022-35794 – Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2022-30133 and CVE-2022-35744 – Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability. This vulnerability can only be exploited by communicating via Port 1723. As a temporary workaround prior to installing the updates that address this vulnerability, you can block traffic through that port thus rendering the vulnerability unexploitable.
CVE-2022-34691 – Active Directory Domain Services Elevation of Privilege Vulnerability. This vulnerability can only be exploited by communicating via Port 1723. As a temporary workaround, An authenticated user could manipulate attributes on computer accounts they own or manage and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to the System.
CVE-2022-33646 – Azure Batch Node Agent Elevation of Privilege Vulnerability. A successful attack will lead to elevation to SYSTEM privileges
Other Critical Vulnerabilities :
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Microsoft Exchange Server | CVE-2022-21980 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2022-24477 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2022-24516 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
| Role: Windows Hyper-V | CVE-2022-34696 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-34702 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-34714 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35745 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Remote Access Service Point-to-Point Tunneling Protocol | CVE-2022-35752 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Remote Access Service Point-to-Point Tunneling Protocol | CVE-2022-35753 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35766 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35767 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Kernel | CVE-2022-35804 | SMB Client and Server Remote Code Execution Vulnerability | Critical |
Microsoft security bulletin summary for August 2022
- Azure Batch Node Agent
- Azure Real-Time Operating System
- Azure Site Recovery
- Azure Sphere
- Microsoft Bluetooth Driver
- Microsoft Exchange Server
- Microsoft Office
- Microsoft Windows Support Diagnostic Tool (MSDT)
- Remote Access Service Point-to-Point Tunneling Protocol
- System Center Operations Manager
- Visual Studio
- Windows Bluetooth Service
- Windows Canonical Display Driver
- Windows Cloud Files Mini Filter Driver
- Windows Defender Credential Guard
- Windows Digital Media
- Windows Error Reporting
- Windows Hello
- Windows Internet Information Services
- Windows Kerberos
- Windows Kernel
- Windows Local Security Authority (LSA)
- Windows Network File System
- Windows Partition Management Driver
- Windows Point-to-Point Tunneling Protocol
- Windows Print Spooler Components
- Windows Secure Boot
- Windows Secure Socket Tunneling Protocol (SSTP)
- Windows Storage Spaces Direct
- Windows Unified Write Filter
- Windows WebBrowser Control
- Windows Win32K
Product: Microsoft Windows.
CVEs/Advisory: CVE-2022-35771, CVE-2022-35768, CVE-2022-35794, CVE-2022-35766, CVE-2022-35792, CVE-2022-35765, CVE-2022-35764, CVE-2022-35760, CVE-2022-35754, CVE-2022-35795, CVE-2022-35797, CVE-2022-35763, CVE-2022-35820, CVE-2022-35804, CVE-2022-34703, CVE-2022-33670, CVE-2022-35793, CVE-2022-35767, CVE-2022-35769, CVE-2022-35757, CVE-2022-34303, CVE-2022-35762, CVE-2022-35761, CVE-2022-35759, CVE-2022-35758, CVE-2022-35756, CVE-2022-35755, CVE-2022-35753, CVE-2022-35752, CVE-2022-35751, CVE-2022-35750, CVE-2022-35749, CVE-2022-35748, CVE-2022-35747, CVE-2022-35746, CVE-2022-35745, CVE-2022-35744, CVE-2022-35743, CVE-2022-34715, CVE-2022-34714, CVE-2022-34713, CVE-2022-34712, CVE-2022-34710, CVE-2022-34709, CVE-2022-34708, CVE-2022-34707, CVE-2022-34706, CVE-2022-34705, CVE-2022-34704, CVE-2022-34702, CVE-2022-34701, CVE-2022-34699, CVE-2022-34696, CVE-2022-34691, CVE-2022-34690, CVE-2022-34302, CVE-2022-30194, CVE-2022-30144, CVE-2022-30133, CVE-2022-30197, CVE-2022-34301
Impact: Impact, Elevation of Privilege, Remote Code Execution, Security Feature Bypass, Denial of Service, Information Disclosure
KB’s: 5016623, 5016622, 5016639, 5016616, 5016629, 5016627, 5016681, 5016683, 5016618, 5016676, 5016679, 5012170, 5016672, 5016684, 5016669, 5016686
Product: Microsoft Azure
CVE/Advisory: CVE-2022-30175, CVE-2022-30176, CVE-2022-33646, CVE-2022-34685, CVE-2022-34686, CVE-2022-34687, CVE-2022-35772, CVE-2022-35773, CVE-2022-35774, CVE-2022-35775, CVE-2022-35776, CVE-2022-35779, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35806, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819, CVE-2022-35821, CVE-2022-35824
Impact: Denial of Service, Elevation of Privilege, Impact, Information Disclosure, Remote Code Execution
Product: Microsoft Office
CVE/Advisory: CVE-2022-21979, CVE-2022-21980, CVE-2022-24477, CVE-2022-24516, CVE-2022-30134, CVE-2022-33631, CVE-2022-33648, CVE-2022-34692, CVE-2022-34717, CVE-2022-35742, CVE-2022-33632
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
KB: 4462142, 4462148, 5001990, 5002051, 5002228, 5002232, 5002242, 5015321, 5015322
SanerNow VM and SanerNow PM detect and automatically fix these vulnerabilities by applying security updates. Use SanerNow and keep your systems updated and secure.