The present week marked the arrival of month-to-month Patch Tuesday updates from Microsoft for August 2022. This month’s replace bundle appears large because it addresses round 124 totally different safety vulnerabilities throughout totally different merchandise.
Microsoft Fastened A “Dogwalk” Variant Zero-Day Flaw
A very powerful bug repair with this month’s updates features a zero-day vulnerability affecting the Microsoft Home windows Assist Diagnostic Instrument (MSDT). Tracked as CVE-2022-34713, this vulnerability isn’t new. As a substitute, it first caught the researchers’ consideration again in 2020. Nevertheless it not too long ago made it to the information when safety researchers rediscovered it with Follina.
Particularly, CVE-2022-34713 is a “Dogwalk” variant that permits distant code execution. Whereas Microsoft has marked it as an essential severity flaw given its requirement for bodily entry to the system by an attacker, ZDI elaborates {that a} distant attacker can also exploit it underneath sure circumstances.
Exploiting the vulnerability required the attacker to persuade the goal consumer to open a maliciously crafted file. Microsoft confirmed the lively exploitation of the flaw earlier than receiving a repair.
Different Bug Fixes With Microsoft Patch Tuesday August
The August Patch Tuesday from Microsoft can also be large concerning the crucial vulnerabilities it addresses.
Particularly, the replace bundle fastened 17 totally different safety vulnerabilities affecting Home windows Level-to-Level Protocol (PPP), Alternate Server, Hyper-V, RAS Level-to-Level Tunneling Protocol, Azure Batch Node Agent, Lively Listing Area Providers, and Home windows Safe Socket Tunneling Protocol (SSTP).
Apart from, the updates additionally patch 105 essential severity vulnerabilities. These embody a publicly recognized info disclosure vulnerability CVE-2022-30134. In response to Microsoft, exploiting this vulnerability would let an attacker learn emails from the goal Microsoft Alternate system. Customers have to allow Prolonged Safety to guard their techniques from exploits.
As well as, Microsoft has additionally fastened a average severity RCE flaw (CVE-2022-33636) and a low-severity privilege escalation vulnerability (CVE-2022-35796) within the Microsoft Edge.
Because the updates have been rolled out, customers should guarantee to replace their techniques on the earliest (if haven’t executed already).
