The current week marked the arrival of monthly Patch Tuesday updates from Microsoft for August 2022. This month’s update bundle seems huge as it addresses around 124 different security vulnerabilities across different products.
Microsoft Fixed A “Dogwalk” Variant Zero-Day Flaw
The most important bug fix with this month’s updates includes a zero-day vulnerability affecting the Microsoft Windows Support Diagnostic Tool (MSDT). Tracked as CVE-2022-34713, this vulnerability isn’t new. Instead, it first caught the researchers’ attention back in 2020. But it recently made it to the news when security researchers rediscovered it with Follina.
Specifically, CVE-2022-34713 is a “Dogwalk” variant that allows remote code execution. While Microsoft has marked it as an important severity flaw given its requirement for physical access to the system by an attacker, ZDI elaborates that a remote attacker may also exploit it under certain conditions.
Exploiting the vulnerability required the attacker to convince the target user to open a maliciously crafted file. Microsoft confirmed the active exploitation of the flaw before receiving a fix.
Other Bug Fixes With Microsoft Patch Tuesday August
The August Patch Tuesday from Microsoft is also huge regarding the critical vulnerabilities it addresses.
Specifically, the update bundle fixed 17 different security vulnerabilities affecting Windows Point-to-Point Protocol (PPP), Exchange Server, Hyper-V, RAS Point-to-Point Tunneling Protocol, Azure Batch Node Agent, Active Directory Domain Services, and Windows Secure Socket Tunneling Protocol (SSTP).
Besides, the updates also patch 105 important severity vulnerabilities. These include a publicly known information disclosure vulnerability CVE-2022-30134. According to Microsoft, exploiting this vulnerability would let an attacker read emails from the target Microsoft Exchange system. Users need to enable Extended Protection to protect their systems from exploits.
In addition, Microsoft has also fixed a moderate severity RCE flaw (CVE-2022-33636) and a low-severity privilege escalation vulnerability (CVE-2022-35796) in the Microsoft Edge.
Since the updates have been rolled out, users must ensure to update their systems at the earliest (if haven’t done already).