Microsoft August 2022 Patch Tuesday
This month we got patches for 141 vulnerabilities. Of these, 17 are critical, 2 were previously disclosed, and one is already being exploited, according to Microsoft.
The exploited vulnerability is a Remote Code Execution (RCE) affecting Microsoft Windows Support Diagnostic Tool (MSDT) (CVE-2022-34713). According to the advisory, exploitation of the vulnerability requires that a user open a specially crafted file in different scenarios:
• In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
• In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.
This CVE is a variant of the vulnerability publicly known as Dogwalk. The CVSS for this vulnerability is 7.8.
Amongst critical vulnerabilities, there is an RCE Windows Point-to-Point Protocol (PPP) (CVE-2022-30133). The exploit vector for this vulnerability is ‘network’, no privilege is required, and it does not require any user interaction, which means this could be a wormable vulnerability. According to the advisory, “This vulnerability can only be exploited by communicating via Port 1723. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.”. If you have this service exposed to the Internet, it is recommended to apply the patch quickly. As a temporary workaround prior to installing the updates that address this vulnerability, you can block traffic through that port thus rendering the vulnerability unexploitable. The CVSS for this vulnerability is 9.8.
Another critical vulnerability worth mentioning is an elevation of privilege affecting Active Directory Domain Services (CVE-2022-34691). According to the advisory, “An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System.”. A system is vulnerable only if Active Directory Certificate Services is running on the domain. The CVSS for this vulnerability is 8.8.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/
August 2022 Security Updates
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
.NET Spoofing Vulnerability | |||||||
CVE-2022-34716 | No | No | Less Likely | Less Likely | Important | 5.9 | 5.2 |
Active Directory Domain Services Elevation of Privilege Vulnerability | |||||||
CVE-2022-34691 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
Azure Batch Node Agent Elevation of Privilege Vulnerability | |||||||
CVE-2022-33646 | No | No | More Likely | More Likely | Critical | 7.0 | 6.3 |
Azure RTOS GUIX Studio Information Disclosure Vulnerability | |||||||
CVE-2022-34685 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
CVE-2022-34686 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability | |||||||
CVE-2022-30175 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2022-30176 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2022-34687 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2022-35773 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2022-35779 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2022-35806 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Azure Site Recovery Denial of Service Vulnerability | |||||||
CVE-2022-35776 | No | No | Less Likely | Less Likely | Important | 6.2 | 5.6 |
Azure Site Recovery Elevation of Privilege Vulnerability | |||||||
CVE-2022-35802 | No | No | Less Likely | Less Likely | Important | 8.1 | 7.1 |
CVE-2022-35780 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35781 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35799 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35774 | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
CVE-2022-35800 | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
CVE-2022-35775 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35801 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35807 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35808 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35782 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35809 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35783 | No | No | Less Likely | Less Likely | Important | 4.4 | 4.0 |
CVE-2022-35784 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35810 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35811 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35785 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35812 | No | No | Less Likely | Less Likely | Important | 4.4 | 4.0 |
CVE-2022-35786 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35787 | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
CVE-2022-35813 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35788 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35814 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35789 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35815 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35790 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35816 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35817 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35791 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35818 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2022-35819 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
Azure Site Recovery Remote Code Execution Vulnerability | |||||||
CVE-2022-35772 | No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 |
CVE-2022-35824 | No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 |
Azure Sphere Information Disclosure Vulnerability | |||||||
CVE-2022-35821 | No | No | Less Likely | Less Likely | Important | 4.4 | 4.0 |
CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass | |||||||
CVE-2022-34301 | No | No | More Likely | More Likely | Important | ||
CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass | |||||||
CVE-2022-34302 | No | No | More Likely | More Likely | Important | ||
CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass | |||||||
CVE-2022-34303 | No | No | More Likely | More Likely | Important | ||
Chromium: CVE-2022-2603 Use after free in Omnibox | |||||||
CVE-2022-2603 | No | No | - | - | - | ||
Chromium: CVE-2022-2604 Use after free in Safe Browsing | |||||||
CVE-2022-2604 | No | No | - | - | - | ||
Chromium: CVE-2022-2605 Out of bounds read in Dawn | |||||||
CVE-2022-2605 | No | No | - | - | - | ||
Chromium: CVE-2022-2606 Use after free in Managed devices API | |||||||
CVE-2022-2606 | No | No | - | - | - | ||
Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch | |||||||
CVE-2022-2610 | No | No | - | - | - | ||
Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API | |||||||
CVE-2022-2611 | No | No | - | - | - | ||
Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input | |||||||
CVE-2022-2612 | No | No | - | - | - | ||
Chromium: CVE-2022-2614 Use after free in Sign-In Flow | |||||||
CVE-2022-2614 | No | No | - | - | - | ||
Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies | |||||||
CVE-2022-2615 | No | No | - | - | - | ||
Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API | |||||||
CVE-2022-2616 | No | No | - | - | - | ||
Chromium: CVE-2022-2617 Use after free in Extensions API | |||||||
CVE-2022-2617 | No | No | - | - | - | ||
Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals | |||||||
CVE-2022-2618 | No | No | - | - | - | ||
Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings | |||||||
CVE-2022-2619 | No | No | - | - | - | ||
Chromium: CVE-2022-2621 Use after free in Extensions | |||||||
CVE-2022-2621 | No | No | - | - | - | ||
Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing | |||||||
CVE-2022-2622 | No | No | - | - | - | ||
Chromium: CVE-2022-2623 Use after free in Offline | |||||||
CVE-2022-2623 | No | No | - | - | - | ||
Chromium: CVE-2022-2624 Heap buffer overflow in PDF | |||||||
CVE-2022-2624 | No | No | - | - | - | ||
HTTP.sys Denial of Service Vulnerability | |||||||
CVE-2022-35748 | No | No | More Likely | More Likely | Important | 7.5 | 6.5 |
Microsoft ATA Port Driver Elevation of Privilege Vulnerability | |||||||
CVE-2022-35760 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||||
CVE-2022-35796 | No | No | Less Likely | Less Likely | Low | 7.5 | 6.5 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||||
CVE-2022-33636 | No | No | Less Likely | Less Likely | Moderate | 8.3 | 7.2 |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||||
CVE-2022-33649 | No | No | Less Likely | Less Likely | Important | 9.6 | 8.3 |
Microsoft Excel Remote Code Execution Vulnerability | |||||||
CVE-2022-33648 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Excel Security Feature Bypass Vulnerability | |||||||
CVE-2022-33631 | No | No | Less Likely | Less Likely | Important | 7.3 | 6.4 |
Microsoft Exchange Information Disclosure Vulnerability | |||||||
CVE-2022-21979 | No | No | Less Likely | Less Likely | Important | 4.8 | 4.2 |
CVE-2022-30134 | Yes | No | Unlikely | Unlikely | Important | 7.6 | 6.6 |
CVE-2022-34692 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.6 |
Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||||
CVE-2022-21980 | No | No | More Likely | More Likely | Critical | 8.0 | 7.0 |
CVE-2022-24516 | No | No | More Likely | More Likely | Critical | 8.0 | 7.0 |
CVE-2022-24477 | No | No | More Likely | More Likely | Critical | 8.0 | 7.0 |
Microsoft Office Remote Code Execution Vulnerability | |||||||
CVE-2022-34717 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
Microsoft Outlook Denial of Service Vulnerability | |||||||
CVE-2022-35742 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | |||||||
CVE-2022-34713 | Yes | Yes | More Likely | More Likely | Important | 7.8 | 7.2 |
CVE-2022-35743 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
SMB Client and Server Remote Code Execution Vulnerability | |||||||
CVE-2022-35804 | No | No | More Likely | More Likely | Critical | 8.8 | 7.7 |
Storage Spaces Direct Elevation of Privilege Vulnerability | |||||||
CVE-2022-35762 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2022-35763 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2022-35764 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2022-35765 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2022-35792 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | |||||||
CVE-2022-33640 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Unified Write Filter Elevation of Privilege Vulnerability | |||||||
CVE-2022-35754 | No | No | Less Likely | Less Likely | Important | 6.7 | 5.8 |
Visual Studio Remote Code Execution Vulnerability | |||||||
CVE-2022-35777 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.9 |
CVE-2022-35825 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.9 |
CVE-2022-35826 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.9 |
CVE-2022-35827 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.9 |
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2022-35750 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
Windows Bluetooth Driver Elevation of Privilege Vulnerability | |||||||
CVE-2022-35820 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
Windows Bluetooth Service Remote Code Execution Vulnerability | |||||||
CVE-2022-30144 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||||
CVE-2022-35757 | No | No | Less Likely | Less Likely | Important | 7.3 | 6.4 |
Windows Defender Credential Guard Elevation of Privilege Vulnerability | |||||||
CVE-2022-34705 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2022-35771 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Defender Credential Guard Information Disclosure Vulnerability | |||||||
CVE-2022-34710 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
CVE-2022-34712 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
CVE-2022-34704 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Defender Credential Guard Security Feature Bypass Vulnerability | |||||||
CVE-2022-34709 | No | No | Less Likely | Less Likely | Important | 6.0 | 5.2 |
Windows Digital Media Receiver Elevation of Privilege Vulnerability | |||||||
CVE-2022-35746 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2022-35749 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Error Reporting Service Elevation of Privilege Vulnerability | |||||||
CVE-2022-35795 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Fax Service Elevation of Privilege Vulnerability | |||||||
CVE-2022-34690 | No | No | Less Likely | Less Likely | Important | 7.1 | 6.2 |
Windows Hello Security Feature Bypass Vulnerability | |||||||
CVE-2022-35797 | No | No | Less Likely | Less Likely | Important | 6.1 | 5.3 |
Windows Hyper-V Elevation of Privilege Vulnerability | |||||||
CVE-2022-35751 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
Windows Hyper-V Remote Code Execution Vulnerability | |||||||
CVE-2022-34696 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
Windows Kerberos Elevation of Privilege Vulnerability | |||||||
CVE-2022-35756 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2022-34707 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2022-35761 | No | No | More Likely | More Likely | Important | 8.4 | 7.3 |
CVE-2022-35768 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Kernel Information Disclosure Vulnerability | |||||||
CVE-2022-30197 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
CVE-2022-34708 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Kernel Memory Information Disclosure Vulnerability | |||||||
CVE-2022-35758 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Local Security Authority (LSA) Denial of Service Vulnerability | |||||||
CVE-2022-35759 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | |||||||
CVE-2022-34706 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Network File System Remote Code Execution Vulnerability | |||||||
CVE-2022-34715 | No | No | Less Likely | Less Likely | Important | 9.8 | 8.5 |
Windows Partition Management Driver Elevation of Privilege Vulnerability | |||||||
CVE-2022-33670 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
CVE-2022-34703 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | |||||||
CVE-2022-35747 | No | No | Less Likely | Less Likely | Important | 5.9 | 5.2 |
CVE-2022-35769 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | |||||||
CVE-2022-30133 | No | No | Less Likely | Less Likely | Critical | 9.8 | 8.5 |
CVE-2022-35744 | No | No | Less Likely | Less Likely | Critical | 9.8 | 8.5 |
Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
CVE-2022-35755 | No | No | More Likely | More Likely | Important | 7.3 | 6.4 |
CVE-2022-35793 | No | No | More Likely | More Likely | Important | 7.3 | 6.4 |
Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | |||||||
CVE-2022-34701 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.6 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||||
CVE-2022-34714 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
CVE-2022-35745 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
CVE-2022-35752 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
CVE-2022-35753 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
CVE-2022-34702 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
CVE-2022-35766 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
CVE-2022-35767 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
CVE-2022-35794 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
Windows WebBrowser Control Remote Code Execution Vulnerability | |||||||
CVE-2022-30194 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Windows Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2022-34699 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments