Reading:
Microsoft Fixes 121 Security Flaws in August Patch Tuesday

Microsoft Fixes 121 Security Flaws in August Patch Tuesday

August 10, 2022

In this month’s Patch Tuesday, Microsoft fixed 121 flaws in total, including two zero-day vulnerabilities that are actively exploited. Among 121, 17 vulnerabilities with critical ratings could allow RCE and privilege escalation.

The fixed vulnerabilities fall into the following categories, with their counts:

  • Elevation of Privilege (64)
  • Security Feature Bypass (6)
  • Remote Code Execution (31)
  • Information Disclosure (12)
  • Denial of Service (7)
  • Spoofing (1)

Patched Zero Days

One of the zero-day vulnerabilities is CVE-2022-34713, which is better known as DogWalk. It is an RCE vulnerability existing in Windows Support Diagnostic Tool (MSDT) for over two years, and its exploit code is publicly accessible. Exploiting DogWalk allows an attacker to insert malicious executables into the Windows Startup folder.

In Microsoft’s advisory, it is mentioned a user must interact and open a specially created file to cause exploitation. This can happen in phishing attacks. The user can get an email with the compromised file or enter a fake website created specifically by the attacker.

DogWalk was found in January 2020 by security researcher Imre Rad. However, Microsoft decided not to address it since it did not consider it to be a security risk. It was fixed in this month’s Patch Tuesday.

The other zero-day flaw, CVE-2022-30134, is an Information Disclosure vulnerability in Microsoft Exchange. It enables an attacker to read certain emails. Despite being officially published, Microsoft claims that CVE-2022-30134 has not yet been exploited in attacks.

DogWalk Enters the List of Known Exploited Vulnerabilities

CISA also has warned about DogWalk by adding it to the list of Known Exploited Vulnerabilities along with a vulnerability with path traversal abilities. Tracked as CVE-2022-30333, it affects the UnRAR utility on Linux and Unix. If exploited, CVE-2022-30333 could let an attacker extract malicious files to an arbitrary location during unpacking.

CISA advises applying the patches provided by vendors.

Apply the Patches

Microsoft’s Patch Tuesday updates in August can be found in the security update guide. A release note is also available.

The list below shows affected products/systems.

Tag CVE ID CVE Title Severity
.NET Core CVE-2022-34716 .NET Spoofing Vulnerability Important
Active Directory
Domain Services
CVE-2022-34691 Active Directory Domain Services
Elevation of Privilege Vulnerability
Critical
Azure Batch
Node Agent
CVE-2022-33646 Azure Batch Node Agent
Elevation of Privilege Vulnerability
Critical
Azure Real Time
Operating System
CVE-2022-34685 Azure RTOS GUIX Studio
Information Disclosure Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-34686 Azure RTOS GUIX Studio
Information Disclosure Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-35773 Azure RTOS GUIX Studio
Remote Code Execution Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-35779 Azure RTOS GUIX Studio
Remote Code Execution Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-35806 Azure RTOS GUIX Studio
Remote Code Execution Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-34687 Azure RTOS GUIX Studio
Remote Code Execution Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-30176 Azure RTOS GUIX Studio
Remote Code Execution Vulnerability
Important
Azure Real Time
Operating System
CVE-2022-30175 Azure RTOS GUIX Studio
Remote Code Execution Vulnerability
Important
Azure Site Recovery CVE-2022-35791 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35818 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35809 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35789 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35815 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35817 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35816 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35814 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35785 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35812 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35811 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35784 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35810 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35813 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35788 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35783 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35786 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35787 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35819 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35781 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35775 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35790 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35780 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35799 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35772 Azure Site Recovery Remote
Code Execution Vulnerability
Important
Azure Site Recovery CVE-2022-35800 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35774 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35802 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35782 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35824 Azure Site Recovery Remote
Code Execution Vulnerability
Important
Azure Site Recovery CVE-2022-35801 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35808 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Site Recovery CVE-2022-35776 Azure Site Recovery Denial
of Service Vulnerability
Important
Azure Site Recovery CVE-2022-35807 Azure Site Recovery Elevation
of Privilege Vulnerability
Important
Azure Sphere CVE-2022-35821 Azure Sphere Information
Disclosure Vulnerability
Important
Microsoft
ATA Port Driver
CVE-2022-35760 Microsoft ATA Port Driver
Elevation of Privilege Vulnerability
Important
Microsoft
Bluetooth Driver
CVE-2022-35820 Windows Bluetooth Driver
Elevation of Privilege Vulnerability
Important
Microsoft Edge
(Chromium-based)
CVE-2022-35796 Microsoft Edge (Chromium-based)
Elevation of Privilege Vulnerability
Low
Microsoft Edge
(Chromium-based)
CVE-2022-33649 Microsoft Edge (Chromium-based)
Security Feature Bypass Vulnerability
Important
Microsoft Edge
(Chromium-based)
CVE-2022-2618 Chromium: CVE-2022-2618 Insufficient
validation of untrusted input in Internals
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2616 Chromium: CVE-2022-2616 Inappropriate
implementation in Extensions API
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2617 Chromium: CVE-2022-2617
Use after free in Extensions API
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2619 Chromium: CVE-2022-2619 Insufficient
validation of untrusted input in Settings
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2622 Chromium: CVE-2022-2622 Insufficient
validation of untrusted input in Safe Browsing
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2623 Chromium: CVE-2022-2623
Use after free in Offline
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-33636 Microsoft Edge (Chromium-based)
Remote Code Execution Vulnerability
Moderate
Microsoft Edge
(Chromium-based)
CVE-2022-2621 Chromium: CVE-2022-2621
Use after free in Extensions
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2615 Chromium: CVE-2022-2615
Insufficient policy enforcement in Cookies
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2604 Chromium: CVE-2022-2604
Use after free in Safe Browsing
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2605 Chromium: CVE-2022-2605
Out of bounds read in Dawn
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2624 Chromium: CVE-2022-2624
Heap buffer overflow in PDF
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2603 Chromium: CVE-2022-2603
Use after free in Omnibox
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2606 Chromium: CVE-2022-2606
Use after free in Managed devices API
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2612 Chromium: CVE-2022-2612 Side-channel
information leakage in Keyboard input
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2614 Chromium: CVE-2022-2614
Use after free in Sign-In Flow
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2610 Chromium: CVE-2022-2610 Insufficient
policy enforcement in Background Fetch
Unknown
Microsoft Edge
(Chromium-based)
CVE-2022-2611 Chromium: CVE-2022-2611 Inappropriate
implementation in Fullscreen API
Unknown
Microsoft
Exchange Server
CVE-2022-34692 Microsoft Exchange Information
Disclosure Vulnerability
Important
Microsoft
Exchange Server
CVE-2022-21980 Microsoft Exchange Server
Elevation of Privilege Vulnerability
Critical
Microsoft
Exchange Server
CVE-2022-21979 Microsoft Exchange Information
Disclosure Vulnerability
Important
Microsoft
Exchange Server
CVE-2022-24516 Microsoft Exchange Server
Elevation of Privilege Vulnerability
Critical
Microsoft
Exchange Server
CVE-2022-30134 Microsoft Exchange Information
Disclosure Vulnerability
Important
Microsoft
Exchange Server
CVE-2022-24477 Microsoft Exchange Server
Elevation of Privilege Vulnerability
Critical
Microsoft
Office
CVE-2022-34717 Microsoft Office Remote
Code Execution Vulnerability
Important
Microsoft
Office Excel
CVE-2022-33648 Microsoft Excel Remote
Code Execution Vulnerability
Important
Microsoft
Office Excel
CVE-2022-33631 Microsoft Excel Security
Feature Bypass Vulnerability
Important
Microsoft
Office Outlook
CVE-2022-35742 Microsoft Outlook Denial
of Service Vulnerability
Important
Microsoft Windows
Support Diagnostic
Tool (MSDT)
CVE-2022-34713 Microsoft Windows Support Diagnostic Tool
(MSDT) Remote Code Execution Vulnerability
Important
Microsoft Windows
Support Diagnostic
Tool (MSDT)
CVE-2022-35743 Microsoft Windows Support Diagnostic Tool
(MSDT) Remote Code Execution Vulnerability
Important
Remote Access Service
Point-to-Point
Tunneling Protocol
CVE-2022-35752 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Remote Access Service
Point-to-Point
Tunneling Protocol
CVE-2022-35753 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Remote Access Service
Point-to-Point
Tunneling Protocol
CVE-2022-35769 Windows Point-to-Point Protocol
(PPP) Denial of Service Vulnerability
Important
Role: Windows
Fax Service
CVE-2022-34690 Windows Fax Service Elevation
of Privilege Vulnerability
Important
Role: Windows
Hyper-V
CVE-2022-34696 Windows Hyper-V Remote
Code Execution Vulnerability
Critical
Role: Windows
Hyper-V
CVE-2022-35751 Windows Hyper-V Elevation
of Privilege Vulnerability
Important
System Center
Operations Manager
CVE-2022-33640 System Center Operations Manager:
Open Management Infrastructure
(OMI) Elevation of Privilege Vulnerability
Important
Visual Studio CVE-2022-35827 Visual Studio Remote Code
Execution Vulnerability
Important
Visual Studio CVE-2022-35777 Visual Studio Remote Code
Execution Vulnerability
Important
Visual Studio CVE-2022-35825 Visual Studio Remote Code
Execution Vulnerability
Important
Visual Studio CVE-2022-35826 Visual Studio Remote Code
Execution Vulnerability
Important
Windows Bluetooth
Service
CVE-2022-30144 Windows Bluetooth Service Remote
Code Execution Vulnerability
Important
Windows Canonical
Display Driver
CVE-2022-35750 Win32k Elevation of Privilege Vulnerability Important
Windows Cloud Files
Mini Filter Driver
CVE-2022-35757 Windows Cloud Files Mini Filter Driver
Elevation of Privilege Vulnerability
Important
Windows Defender
Credential Guard
CVE-2022-35771 Windows Defender Credential Guard
Elevation of Privilege Vulnerability
Important
Windows Defender
Credential Guard
CVE-2022-34705 Windows Defender Credential Guard
Elevation of Privilege Vulnerability
Important
Windows Defender
Credential Guard
CVE-2022-34710 Windows Defender Credential Guard
Information Disclosure Vulnerability
Important
Windows Defender
Credential Guard
CVE-2022-34709 Windows Defender Credential Guard
Security Feature Bypass Vulnerability
Important
Windows Defender
Credential Guard
CVE-2022-34704 Windows Defender Credential Guard
Information Disclosure Vulnerability
Important
Windows Defender
Credential Guard
CVE-2022-34712 Windows Defender Credential Guard
Information Disclosure Vulnerability
Important
Windows
Digital Media
CVE-2022-35746 Windows Digital Media Receiver
Elevation of Privilege Vulnerability
Important
Windows
Digital Media
CVE-2022-35749 Windows Digital Media Receiver
Elevation of Privilege Vulnerability
Important
Windows
Error Reporting
CVE-2022-35795 Windows Error Reporting Service
Elevation of Privilege Vulnerability
Important
Windows Hello CVE-2022-35797 Windows Hello Security
Feature Bypass Vulnerability
Important
Windows Internet
Information Services
CVE-2022-35748 HTTP.sys Denial of Service Vulnerability Important
Windows Kerberos CVE-2022-35756 Windows Kerberos Elevation
of Privilege Vulnerability
Important
Windows Kernel CVE-2022-35761 Windows Kernel Elevation
of Privilege Vulnerability
Important
Windows Kernel CVE-2022-35768 Windows Kernel Elevation
of Privilege Vulnerability
Important
Windows Kernel CVE-2022-34708 Windows Kernel Information
Disclosure Vulnerability
Important
Windows Kernel CVE-2022-34707 Windows Kernel Elevation
of Privilege Vulnerability
Important
Windows Kernel CVE-2022-35804 SMB Client and Server Remote
Code Execution Vulnerability
Critical
Windows Kernel CVE-2022-30197 Windows Kernel Information
Disclosure Vulnerability
Important
Windows Kernel CVE-2022-35758 Windows Kernel Memory Information
Disclosure Vulnerability
Important
Windows Local
Security Authority (LSA)
CVE-2022-34706 Windows Local Security Authority (LSA)
Elevation of Privilege Vulnerability
Important
Windows Local
Security Authority (LSA)
CVE-2022-35759 Windows Local Security Authority (LSA)
Denial of Service Vulnerability
Important
Windows Network
File System
CVE-2022-34715 Windows Network File System
Remote Code Execution Vulnerability
Important
Windows Partition
Management Driver
CVE-2022-33670 Windows Partition Management
Driver Elevation of Privilege Vulnerability
Important
Windows Partition
Management Driver
CVE-2022-34703 Windows Partition Management
Driver Elevation of Privilege Vulnerability
Important
Windows Point-to-Point
Tunneling Protocol
CVE-2022-30133 Windows Point-to-Point Protocol (PPP)
Remote Code Execution Vulnerability
Critical
Windows Point-to-Point
Tunneling Protocol
CVE-2022-35747 Windows Point-to-Point Protocol (PPP)
Denial of Service Vulnerability
Important
Windows Point-to-Point
Tunneling Protocol
CVE-2022-35744 Windows Point-to-Point Protocol (PPP)
Remote Code Execution Vulnerability
Critical
Windows Print
Spooler Components
CVE-2022-35793 Windows Print Spooler Elevation
of Privilege Vulnerability
Important
Windows Print
Spooler Components
CVE-2022-35755 Windows Print Spooler Elevation
of Privilege Vulnerability
Important
Windows Secure Boot CVE-2022-34301 CERT/CC: CVE-2022-34301
Eurosoft Boot Loader Bypass
Important
Windows Secure Boot CVE-2022-34302 CERT/CC: CVE-2022-34302 New Horizon
Data Systems Inc Boot Loader Bypass
Important
Windows Secure Boot CVE-2022-34303 CERT/CC: CVE-20220-34303
Crypto Pro Boot Loader Bypass
Important
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-35745 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-35766 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-35794 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-34701 Windows Secure Socket Tunneling Protocol
(SSTP) Denial of Service Vulnerability
Important
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-34714 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-34702 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Windows Secure Socket
Tunneling Protocol (SSTP)
CVE-2022-35767 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability
Critical
Windows Storage
Spaces Direct
CVE-2022-35762 Storage Spaces Direct
Elevation of Privilege Vulnerability
Important
Windows Storage
Spaces Direct
CVE-2022-35765 Storage Spaces Direct
Elevation of Privilege Vulnerability
Important
Windows Storage
Spaces Direct
CVE-2022-35792 Storage Spaces Direct
Elevation of Privilege Vulnerability
Important
Windows Storage
Spaces Direct
CVE-2022-35763 Storage Spaces Direct
Elevation of Privilege Vulnerability
Important
Windows Storage
Spaces Direct
CVE-2022-35764 Storage Spaces Direct Elevation
of Privilege Vulnerability
Important
Windows Unified
Write Filter
CVE-2022-35754 Unified Write Filter Elevation
of Privilege Vulnerability
Important
Windows
WebBrowser Control
CVE-2022-30194 Windows WebBrowser Control
Remote Code Execution Vulnerability
Important
Windows Win32K CVE-2022-34699 Windows Win32k Elevation
of Privilege Vulnerability
Important