Microsoft fixes 121 vulnerabilities up against 17 ‘critical’ and the rest ‘important’ in its August 2022 Patch Tuesday update. Compared to last month’s Patch Tuesday, critical vulnerabilities are increased by 325%. Therefore, the most critical vulnerabilities are remote code execution and the rest are elevation of privilege in vulnerability management tool.
In fact, this month, two Zero-day flaws have been fixed. Both vulnerabilities are important with remote code execution in MSDT (CVE-2022-34713) and Information Disclosure in Microsoft Exchange (CVE-2022-30134). The remote code execution vulnerability is being actively exploited, whereas the other is not detected as such. Finally, both vulnerabilities are publicly disclosed, as stated by Microsoft. Both the vulnerabilities can be remediated by using a patch management software.
Zero-Day Vulnerabilities of Patch Tuesday August 2022
Patch Tuesday August 2022 fixed critical zero-day vulnerabilities for the same reason like:
CVE-2022-34713 -In contrast, Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. An attacker must convince a target to open a booby-trapped file, such as an Office document. Without a doubt, this CVE is a variant of the vulnerability publicly known as Dogwalk.
CVE-2022-30134 – In contrast, Microsoft Exchange Information Disclosure Vulnerability. Subsequently, a user of an affected version of Exchange Server must access a malicious server to exploit this vulnerability. First, an attacker needs to host a server share or website that has been specially crafted to exploit this vulnerability, then the successfully exploitation of the vulnerability could allow attackers to read targeted email messages.
Patch Tuesday August 2022 Active Exploits
CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. In fact, this CVE is a variant of the vulnerability publicly known as Dogwalk. In brief, this is actively exploited as stated by Microsoft on the Patch Tuesday August 2022.
Critical Vulnerabilities
Patch Tuesday August 2022 also fixed a number of critical vulnerabilities as well.
CVE-2022-35794 – Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. However, an unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2022-30133 and then CVE-2022-35744 – Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability. Then, this vulnerability can only be exploited by communicating via Port 1723. As a temporary workaround prior to installing the updates that address this vulnerability, you can block traffic through that port thus rendering the vulnerability unexploitable.
CVE-2022-34691 – Active Directory Domain Services Elevation of Privilege Vulnerability. In any case, the Patch Tuesday August 2022 vulnerability can only be exploited by communicating via Port 1723. Hence, As a temporary workaround, An authenticated user could manipulate attributes on computer accounts they own or manage and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to the System.
CVE-2022-33646 – Azure Batch Node Agent Elevation of Privilege Vulnerability. Moreover, a successful attack will lead to elevation to SYSTEM privileges.
Evidently some Other Critical Vulnerabilities of Patch Tuesday August 2022:
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Microsoft Exchange Server | CVE-2022-21980 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2022-24477 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2022-24516 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
| Role: Windows Hyper-V | CVE-2022-34696 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-34702 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-34714 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35745 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Remote Access Service Point-to-Point Tunneling Protocol | CVE-2022-35752 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Remote Access Service Point-to-Point Tunneling Protocol | CVE-2022-35753 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35766 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-35767 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Kernel | CVE-2022-35804 | SMB Client and Server Remote Code Execution Vulnerability | Critical |
However, Microsoft security bulletin summary is as follows:
- Azure Batch Node Agent
- Azure Real-Time Operating System
- Azure Site Recovery
- Azure Sphere
- Microsoft Bluetooth Driver
- Microsoft Exchange Server
- Microsoft Office
- Microsoft Windows Support Diagnostic Tool (MSDT)
- Remote Access Service Point-to-Point Tunneling Protocol
- System Center Operations Manager
- Visual Studio
- Windows Bluetooth Service
- Windows Canonical Display Driver
- Windows Cloud Files Mini Filter Driver
- Windows Defender Credential Guard
- Windows Digital Media
- Windows Error Reporting
- Windows Hello
- Windows Internet Information Services
- Windows Kerberos
- Windows Kernel
- Windows Local Security Authority (LSA)
- Windows Network File System
- Windows Partition Management Driver
- Windows Point-to-Point Tunneling Protocol
- Windows Print Spooler Components
- Windows Secure Boot
- Windows Secure Socket Tunneling Protocol (SSTP)
- Windows Storage Spaces Direct
- Windows Unified Write Filter
- Windows WebBrowser Control
- Windows Win32K
Moreover, some products affected by Patch Tuesday August 2022
Product: Microsoft Windows.
CVEs/Advisory: CVE-2022-35771, CVE-2022-35768, CVE-2022-35794, CVE-2022-35766, CVE-2022-35792, CVE-2022-35765, CVE-2022-35764, CVE-2022-35760, CVE-2022-35754, CVE-2022-35795, CVE-2022-35797, CVE-2022-35763, CVE-2022-35820, CVE-2022-35804, CVE-2022-34703, CVE-2022-33670, CVE-2022-35793, CVE-2022-35767, CVE-2022-35769, CVE-2022-35757, CVE-2022-34303, CVE-2022-35762, CVE-2022-35761, CVE-2022-35759, CVE-2022-35758, CVE-2022-35756, CVE-2022-35755, CVE-2022-35753, CVE-2022-35752, CVE-2022-35751, CVE-2022-35750, CVE-2022-35749, CVE-2022-35748, CVE-2022-35747, CVE-2022-35746, CVE-2022-35745, CVE-2022-35744, CVE-2022-35743, CVE-2022-34715, CVE-2022-34714, CVE-2022-34713, CVE-2022-34712, CVE-2022-34710, CVE-2022-34709, CVE-2022-34708, CVE-2022-34707, CVE-2022-34706, CVE-2022-34705, CVE-2022-34704, CVE-2022-34702, CVE-2022-34701, CVE-2022-34699, CVE-2022-34696, CVE-2022-34691, CVE-2022-34690, CVE-2022-34302, CVE-2022-30194, CVE-2022-30144, CVE-2022-30133, CVE-2022-30197, CVE-2022-34301
Impact: Evidently, impact, Elevation of Privilege, Remote Code Execution, Security Feature Bypass, Denial of Service, Information Disclosure
KB’s: 5016623, 5016622, 5016639, 5016616, 5016629, 5016627, 5016681, 5016683, 5016618, 5016676, 5016679, 5012170, 5016672, 5016684, 5016669, 5016686
Product: Microsoft Azure
CVE/Advisory: CVE-2022-30175, CVE-2022-30176, CVE-2022-33646, CVE-2022-34685, CVE-2022-34686, CVE-2022-34687, CVE-2022-35772, CVE-2022-35773, CVE-2022-35774, CVE-2022-35775, CVE-2022-35776, CVE-2022-35779, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35806, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819, CVE-2022-35821, CVE-2022-35824
Impact: Evidently, denial of Service, Elevation of Privilege, Impact, Information Disclosure, Remote Code Execution
Product: Microsoft Office
CVE/Advisory: CVE-2022-21979, CVE-2022-21980, CVE-2022-24477, CVE-2022-24516, CVE-2022-30134, CVE-2022-33631, CVE-2022-33648, CVE-2022-34692, CVE-2022-34717, CVE-2022-35742, CVE-2022-33632
Impact: Evidently, denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution and Security Feature Bypass
KB: 4462142, 4462148, 5001990, 5002051, 5002228, 5002232, 5002242, 5015321, 5015322
Furthermore, SanerNow VM and SanerNow PM detect and automatically fix the Patch Tuesday August 2022 vulnerabilities by applying security updates. On the other hand, use SanerNow and keep your systems updated and secure.