SOCRadar® Cyber Intelligence Inc. | Microsoft Fixes 121 Security Flaws in August Patch Tuesday
Home

Resources

Blog
Aug 10, 2022
9 Mins Read

Microsoft Fixes 121 Security Flaws in August Patch Tuesday

In this month’s Patch Tuesday, Microsoft fixed 121 flaws in total, including two zero-day vulnerabilities that are actively exploited. Among 121, 17 vulnerabilities with critical ratings could allow RCE and privilege escalation.

The fixed vulnerabilities fall into the following categories, with their counts:

  • Elevation of Privilege (64)
  • Security Feature Bypass (6)
  • Remote Code Execution (31)
  • Information Disclosure (12)
  • Denial of Service (7)
  • Spoofing (1)

Patched Zero Days

One of the zero-day vulnerabilities is CVE-2022-34713, which is better known as DogWalk. It is an RCE vulnerability existing in Windows Support Diagnostic Tool (MSDT) for over two years, and its exploit code is publicly accessible. Exploiting DogWalk allows an attacker to insert malicious executables into the Windows Startup folder.

In Microsoft’s advisory, it is mentioned a user must interact and open a specially created file to cause exploitation. This can happen in phishing attacks. The user can get an email with the compromised file or enter a fake website created specifically by the attacker.

DogWalk was found in January 2020 by security researcher Imre Rad. However, Microsoft decided not to address it since it did not consider it to be a security risk. It was fixed in this month’s Patch Tuesday.

The other zero-day flaw, CVE-2022-30134, is an Information Disclosure vulnerability in Microsoft Exchange. It enables an attacker to read certain emails. Despite being officially published, Microsoft claims that CVE-2022-30134 has not yet been exploited in attacks.

DogWalk Enters the List of Known Exploited Vulnerabilities

CISA also has warned about DogWalk by adding it to the list of Known Exploited Vulnerabilities along with a vulnerability with path traversal abilities. Tracked as CVE-2022-30333, it affects the UnRAR utility on Linux and Unix. If exploited, CVE-2022-30333 could let an attacker extract malicious files to an arbitrary location during unpacking.

CISA advises applying the patches provided by vendors.

Apply the Patches

Microsoft’s Patch Tuesday updates in August can be found in the security update guide. A release note is also available.

The list below shows affected products/systems.

TagCVE IDCVE TitleSeverity
.NET CoreCVE-2022-34716.NET Spoofing VulnerabilityImportant
Active Directory
Domain Services
CVE-2022-34691Active Directory Domain Services
Elevation of Privilege Vulnerability
Critical
Azure Batch
Node Agent
CVE-2022-33646Azure Batch Node Agent
Elevation of Privilege Vulnerability
Critical
Azure Real Time
Operating System
CVE-2022-34685Azure RTOS GUIX Studio
Information Disclosure Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-34686Azure RTOS GUIX Studio
Information Disclosure Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-35773Azure RTOS GUIX Studio
Remote Code Execution Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-35779Azure RTOS GUIX Studio
Remote Code Execution Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-35806Azure RTOS GUIX Studio
Remote Code Execution Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-34687Azure RTOS GUIX Studio
Remote Code Execution Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-30176Azure RTOS GUIX Studio
Remote Code Execution Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-30175Azure RTOS GUIX Studio
Remote Code Execution Vulnerability
Important
Azure Site RecoveryCVE-2022-35791Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35818Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35809Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35789Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35815Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35817Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35816Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35814Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35785Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35812Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35811Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35784Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35810Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35813Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35788Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35783Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35786Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35787Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35819Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35781Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35775Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35790Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35780Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35799Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35772Azure Site Recovery Remote
Code Execution Vulnerability
Important
Azure Site RecoveryCVE-2022-35800Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35774Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35802Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35782Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35824Azure Site Recovery Remote
Code Execution Vulnerability
Important
Azure Site RecoveryCVE-2022-35801Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35808Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site RecoveryCVE-2022-35776Azure Site Recovery Denial
of Service Vulnerability
Important
Azure Site RecoveryCVE-2022-35807Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure SphereCVE-2022-35821Azure Sphere Information
Disclosure Vulnerability
Important
Microsoft
ATA Port Driver
CVE-2022-35760Microsoft ATA Port Driver
Elevation of Privilege Vulnerability
Important
Microsoft
Bluetooth Driver
CVE-2022-35820Windows Bluetooth Driver
Elevation of Privilege Vulnerability
Important
Microsoft Edge
(Chromium-based)
CVE-2022-35796Microsoft Edge (Chromium-based)
Elevation of Privilege Vulnerability
Low
Microsoft Edge
(Chromium-based)
CVE-2022-33649Microsoft Edge (Chromium-based)
Security Feature Bypass Vulnerability
Important
Microsoft Edge
(Chromium-based)
CVE-2022-2618Chromium: CVE-2022-2618 Insufficient
validation of untrusted input in Internals
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2616Chromium: CVE-2022-2616 Inappropriate
implementation in Extensions API
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2617Chromium: CVE-2022-2617
Use after free in Extensions API
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2619Chromium: CVE-2022-2619 Insufficient
validation of untrusted input in Settings
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2622Chromium: CVE-2022-2622 Insufficient
validation of untrusted input in Safe Browsing
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2623Chromium: CVE-2022-2623
Use after free in Offline
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-33636Microsoft Edge (Chromium-based)
Remote Code Execution Vulnerability
Moderate
Microsoft Edge
(Chromium-based)
CVE-2022-2621Chromium: CVE-2022-2621
Use after free in Extensions
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2615Chromium: CVE-2022-2615
Insufficient policy enforcement in Cookies
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2604Chromium: CVE-2022-2604
Use after free in Safe Browsing
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2605Chromium: CVE-2022-2605
Out of bounds read in Dawn
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2624Chromium: CVE-2022-2624
Heap buffer overflow in PDF
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2603Chromium: CVE-2022-2603
Use after free in Omnibox
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2606Chromium: CVE-2022-2606
Use after free in Managed devices API
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2612Chromium: CVE-2022-2612 Side-channel
information leakage in Keyboard input
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2614Chromium: CVE-2022-2614
Use after free in Sign-In Flow
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2610Chromium: CVE-2022-2610 Insufficient
policy enforcement in Background Fetch
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2611Chromium: CVE-2022-2611 Inappropriate
implementation in Fullscreen API
Unknown
Microsoft
Exchange Server
CVE-2022-34692Microsoft Exchange Information
Disclosure Vulnerability
Important
Microsoft
Exchange Server
CVE-2022-21980Microsoft Exchange Server
Elevation of Privilege Vulnerability
Critical
Microsoft
Exchange Server
CVE-2022-21979Microsoft Exchange Information
Disclosure Vulnerability
Important
Microsoft
Exchange Server
CVE-2022-24516Microsoft Exchange Server
Elevation of Privilege Vulnerability
Critical
Microsoft
Exchange Server
CVE-2022-30134Microsoft Exchange Information
Disclosure Vulnerability
Important
Microsoft
Exchange Server
CVE-2022-24477Microsoft Exchange Server
Elevation of Privilege Vulnerability
Critical
Microsoft
Office
CVE-2022-34717Microsoft Office Remote
Code Execution Vulnerability
Important
Microsoft
Office Excel
CVE-2022-33648Microsoft Excel Remote
Code Execution Vulnerability
Important
Microsoft
Office Excel
CVE-2022-33631Microsoft Excel Security
Feature Bypass Vulnerability
Important
Microsoft
Office Outlook
CVE-2022-35742Microsoft Outlook Denial
of Service Vulnerability
Important
Microsoft Windows
Support Diagnostic
Tool (MSDT)
CVE-2022-34713Microsoft Windows Support Diagnostic Tool
(MSDT) Remote Code Execution Vulnerability
Important
Microsoft Windows
Support Diagnostic
Tool (MSDT)
CVE-2022-35743Microsoft Windows Support Diagnostic Tool
(MSDT) Remote Code Execution Vulnerability
Important
Remote Access Service
Point-to-Point
Tunneling Protocol
CVE-2022-35752Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Remote Access Service
Point-to-Point
Tunneling Protocol
CVE-2022-35753Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Remote Access Service
Point-to-Point
Tunneling Protocol
CVE-2022-35769Windows Point-to-Point Protocol
(PPP) Denial of Service Vulnerability
Important
Role: Windows
Fax Service
CVE-2022-34690Windows Fax Service Elevation
of Privilege Vulnerability
Important
Role: Windows
Hyper-V
CVE-2022-34696Windows Hyper-V Remote
Code Execution Vulnerability
Critical
Role: Windows
Hyper-V
CVE-2022-35751Windows Hyper-V Elevation
of Privilege Vulnerability
Important
System Center
Operations Manager
CVE-2022-33640System Center Operations Manager:
Open Management Infrastructure
(OMI) Elevation of Privilege Vulnerability
Important
Visual StudioCVE-2022-35827Visual Studio Remote Code
Execution Vulnerability
Important
Visual StudioCVE-2022-35777Visual Studio Remote Code
Execution Vulnerability
Important
Visual StudioCVE-2022-35825Visual Studio Remote Code
Execution Vulnerability
Important
Visual StudioCVE-2022-35826Visual Studio Remote Code
Execution Vulnerability
Important
Windows Bluetooth
Service
CVE-2022-30144Windows Bluetooth Service Remote
Code Execution Vulnerability
Important
Windows Canonical
Display Driver
CVE-2022-35750Win32k Elevation of Privilege VulnerabilityImportant
Windows Cloud Files
Mini Filter Driver
CVE-2022-35757Windows Cloud Files Mini Filter Driver
Elevation of Privilege Vulnerability
Important
Windows Defender
Credential Guard
CVE-2022-35771Windows Defender Credential Guard
Elevation of Privilege Vulnerability
Important
Windows Defender
Credential Guard
CVE-2022-34705Windows Defender Credential Guard
Elevation of Privilege Vulnerability
Important
Windows Defender
Credential Guard
CVE-2022-34710Windows Defender Credential Guard
Information Disclosure Vulnerability
Important
Windows Defender
Credential Guard
CVE-2022-34709Windows Defender Credential Guard
Security Feature Bypass Vulnerability
Important
Windows Defender
Credential Guard
CVE-2022-34704Windows Defender Credential Guard
Information Disclosure Vulnerability
Important
Windows Defender
Credential Guard
CVE-2022-34712Windows Defender Credential Guard
Information Disclosure Vulnerability
Important
Windows
Digital Media
CVE-2022-35746Windows Digital Media Receiver
Elevation of Privilege Vulnerability
Important
Windows
Digital Media
CVE-2022-35749Windows Digital Media Receiver
Elevation of Privilege Vulnerability
Important
Windows
Error Reporting
CVE-2022-35795Windows Error Reporting Service
Elevation of Privilege Vulnerability
Important
Windows HelloCVE-2022-35797Windows Hello Security
Feature Bypass Vulnerability
Important
Windows Internet
Information Services
CVE-2022-35748HTTP.sys Denial of Service VulnerabilityImportant
Windows KerberosCVE-2022-35756Windows Kerberos Elevation
of Privilege Vulnerability
Important
Windows KernelCVE-2022-35761Windows Kernel Elevation
of Privilege Vulnerability
Important
Windows KernelCVE-2022-35768Windows Kernel Elevation
of Privilege Vulnerability
Important
Windows KernelCVE-2022-34708Windows Kernel Information
Disclosure Vulnerability
Important
Windows KernelCVE-2022-34707Windows Kernel Elevation
of Privilege Vulnerability
Important
Windows KernelCVE-2022-35804SMB Client and Server Remote
Code Execution Vulnerability
Critical
Windows KernelCVE-2022-30197Windows Kernel Information
Disclosure Vulnerability
Important
Windows KernelCVE-2022-35758Windows Kernel Memory Information
Disclosure Vulnerability
Important
Windows Local
Security Authority (LSA)
CVE-2022-34706Windows Local Security Authority (LSA)
Elevation of Privilege Vulnerability
Important
Windows Local
Security Authority (LSA)
CVE-2022-35759Windows Local Security Authority (LSA)
Denial of Service Vulnerability
Important
Windows Network
File System
CVE-2022-34715Windows Network File System
Remote Code Execution Vulnerability
Important
Windows Partition
Management Driver
CVE-2022-33670Windows Partition Management
Driver Elevation of Privilege Vulnerability
Important
Windows Partition
Management Driver
CVE-2022-34703Windows Partition Management
Driver Elevation of Privilege Vulnerability
Important
Windows Point-to-Point
Tunneling Protocol
CVE-2022-30133Windows Point-to-Point Protocol (PPP)
Remote Code Execution Vulnerability
Critical
Windows Point-to-Point
Tunneling Protocol
CVE-2022-35747Windows Point-to-Point Protocol (PPP)
Denial of Service Vulnerability
Important
Windows Point-to-Point
Tunneling Protocol
CVE-2022-35744Windows Point-to-Point Protocol (PPP)
Remote Code Execution Vulnerability
Critical
Windows Print
Spooler Components
CVE-2022-35793Windows Print Spooler Elevation
of Privilege Vulnerability
Important
Windows Print
Spooler Components
CVE-2022-35755Windows Print Spooler Elevation
of Privilege Vulnerability
Important
Windows Secure BootCVE-2022-34301CERT/CC: CVE-2022-34301
Eurosoft Boot Loader Bypass
Important
Windows Secure BootCVE-2022-34302CERT/CC: CVE-2022-34302 New Horizon
Data Systems Inc Boot Loader Bypass
Important
Windows Secure BootCVE-2022-34303CERT/CC: CVE-20220-34303
Crypto Pro Boot Loader Bypass
Important
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-35745Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-35766Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-35794Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-34701Windows Secure Socket Tunneling Protocol
(SSTP) Denial of Service Vulnerability
Important
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-34714Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-34702Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-35767Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Windows Storage
Spaces Direct
CVE-2022-35762Storage Spaces Direct
Elevation of Privilege Vulnerability
Important
Windows Storage
Spaces Direct
CVE-2022-35765Storage Spaces Direct
Elevation of Privilege Vulnerability
Important
Windows Storage
Spaces Direct
CVE-2022-35792Storage Spaces Direct
Elevation of Privilege Vulnerability
Important
Windows Storage
Spaces Direct
CVE-2022-35763Storage Spaces Direct
Elevation of Privilege Vulnerability
Important
Windows Storage
Spaces Direct
CVE-2022-35764Storage Spaces Direct Elevation
of Privilege Vulnerability
Important
Windows Unified
Write Filter
CVE-2022-35754Unified Write Filter Elevation
of Privilege Vulnerability
Important
Windows
WebBrowser Control
CVE-2022-30194Windows WebBrowser Control
Remote Code Execution Vulnerability
Important
Windows Win32KCVE-2022-34699Windows Win32k Elevation
of Privilege Vulnerability
Important