The Microsoft August 2022 Security Updates includes patches and advisories for 121 vulnerabilities, 17 of those rated Critical severity and one zero-day exploited in the wild.
A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.
In all, the Microsoft security updates address vulnerabilities in the following products, features and roles:
- .NET Core
- Active Directory Domain Services
- Azure Batch Node Agent
- Azure Real Time Operating System
- Azure Site Recovery
- Azure Sphere
- Microsoft ATA Port Driver
- Microsoft Bluetooth Driver
- Microsoft Edge (Chromium-based)
- Microsoft Exchange Server
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Windows Support Diagnostic Tool (MSDT)
- Remote Access Service Point-to-Point Tunneling Protocol
- Role: Windows Fax Service
- Role: Windows Hyper-V
- System Center Operations Manager
- Visual Studio
- Windows Bluetooth Service
- Windows Canonical Display Driver
- Windows Cloud Files Mini Filter Driver
- Windows Defender Credential Guard
- Windows Digital Media
- Windows Error Reporting
- Windows Hello
- Windows Internet Information Services
- Windows Kerberos
- Windows Kernel
- Windows Local Security Authority (LSA)
- Windows Network File System
- Windows Partition Management Driver
- Windows Point-to-Point Tunneling Protocol
- Windows Print Spooler Components
- Windows Secure Boot
- Windows Secure Socket Tunneling Protocol (SSTP)
- Windows Storage Spaces Direct
- Windows Unified Write Filter
- Windows WebBrowser Control
- Windows Win32K
Microsoft patched one zero-day Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability CVE-2022-34713 (CVSS 7.8) exploited in the wild. This severe issue affects multiple Windows server and desktop OS versions.
Moreover, attackers could trick victims into opening a specially crafted file via email or web-based attack scenarios.
Microsoft also confirmed “exploitation was detected” and this CVE-2022-34713 is a “variant of the vulnerability publicly known as Dogwalk.” Google fixed the Medium Dogwalk vulnerability (CVE-2022-2622) in Chrome last month.
Researcher Kevin Beaumont tweeted last week how the name was derived:
Microsoft also addressed 12 Critical Remote Code Execution (RCE) and 5 Elevation of Privilege (EoP) vulnerabilities.
- CVE-2022-30133: Windows Point-to-Point Protocol (PPP) RCE (CVSS 9.8)
- CVE-2022-34696: Windows Hyper-V RCE (CVSS 7.8)
- CVE-2022-34702: Windows Secure Socket Tunneling Protocol (SSTP) RCE (CVSS 8.1)
- CVE-2022-34714: Windows Secure Socket Tunneling Protocol (SSTP) RCE (CVSS 8.1)
- CVE-2022-35744: Windows Point-to-Point Protocol (PPP) RCE (CVSS 9.8)
- CVE-2022-35745: Windows Secure Socket Tunneling Protocol (SSTP) RCE (CVSS 8.1)
- CVE-2022-35752: Windows Secure Socket Tunneling Protocol (SSTP) RCE (CVSS 8.1)
- CVE-2022-35753: Windows Secure Socket Tunneling Protocol (SSTP) RCE (CVSS 8.1)
- CVE-2022-35766: Windows Secure Socket Tunneling Protocol (SSTP) RCE (CVSS 8.1)
- CVE-2022-35767: Windows Secure Socket Tunneling Protocol (SSTP) RCE (CVSS 8.1)
- CVE-2022-35794: Windows Secure Socket Tunneling Protocol (SSTP) RCE (CVSS 8.1)
- CVE-2022-35804: SMB Client and Server (CVSS 8.8).
Microsoft confirmed the SMB Client RCE CVE-2022-35804 is “more likely” to be exploited.
- CVE-2022-21980: Microsoft Exchange Server EoP (CVSS 8.0)
- CVE-2022-24477: Microsoft Exchange Server EoP (CVSS 8.1)
- CVE-2022-24516: Microsoft Exchange Server EoP (CVSS 8.0)
- CVE-2022-33646: Azure Batch Node EoP (CVSS 7.1)
- CVE-2022-34691: Active Directory Domain Services EoP (CVSS 8.8).
Microsoft explained four of five of the CVEs (CVE-2022-21980, CVE-2022-24477, CVE-2022-24516, and
CVE-2022-33646) are “more likely” to be exploited.
In addition, Microsoft patched 104 other vulnerabilities rated Important in multiple products, to include the DogWalk variant CVE-2022-34713 previously mentioned. Those issues include Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, and Spoofing vulnerabilities.
As reported last month, readers may also recall that Knotweed threat actors have exploited a previously patched Microsoft 0-day vulnerability CVE-2022-22047 in targeted attacks against European and Central American customers. The actors also developed Subzero malware used in these attacks.
- Knotweed threat actors exploit Microsoft and Adobe 0-days and deliver Subzero malware
- Microsoft July 2022 Security Updates addresses 84 vulnerabilities (4 Critical and 1 zero-day)
- Microsoft exposes and disables Polonium activity targeting Israeli organizations
- Microsoft issues workaround for Windows Support Diagnostic Tool “Follina” Vulnerability