Login
Get a Demo
Become a Partner
SOCRadar® Cyber Intelligence Inc. | Microsoft Fixes 121 Security Flaws in August Patch Tuesday
Table Of Content
Home

Resources

Blog
Aug 10, 2022
9 Mins Read

Microsoft Fixes 121 Security Flaws in August Patch Tuesday

In this month’s Patch Tuesday, Microsoft fixed 121 flaws in total, including two zero-day vulnerabilities that are actively exploited. Among 121, 17 vulnerabilities with critical ratings could allow RCE and privilege escalation.

The fixed vulnerabilities fall into the following categories, with their counts:

  • Elevation of Privilege (64)
  • Security Feature Bypass (6)
  • Remote Code Execution (31)
  • Information Disclosure (12)
  • Denial of Service (7)
  • Spoofing (1)

Patched Zero Days

One of the zero-day vulnerabilities is CVE-2022-34713, which is better known as DogWalk. It is an RCE vulnerability existing in Windows Support Diagnostic Tool (MSDT) for over two years, and its exploit code is publicly accessible. Exploiting DogWalk allows an attacker to insert malicious executables into the Windows Startup folder.

In Microsoft’s advisory, it is mentioned a user must interact and open a specially created file to cause exploitation. This can happen in phishing attacks. The user can get an email with the compromised file or enter a fake website created specifically by the attacker.

DogWalk was found in January 2020 by security researcher Imre Rad. However, Microsoft decided not to address it since it did not consider it to be a security risk. It was fixed in this month’s Patch Tuesday.

The other zero-day flaw, CVE-2022-30134, is an Information Disclosure vulnerability in Microsoft Exchange. It enables an attacker to read certain emails. Despite being officially published, Microsoft claims that CVE-2022-30134 has not yet been exploited in attacks.

DogWalk Enters the List of Known Exploited Vulnerabilities

CISA also has warned about DogWalk by adding it to the list of Known Exploited Vulnerabilities along with a vulnerability with path traversal abilities. Tracked as CVE-2022-30333, it affects the UnRAR utility on Linux and Unix. If exploited, CVE-2022-30333 could let an attacker extract malicious files to an arbitrary location during unpacking.

CISA advises applying the patches provided by vendors.

Apply the Patches

Microsoft’s Patch Tuesday updates in August can be found in the security update guide. A release note is also available.

The list below shows affected products/systems.

Tag CVE ID CVE Title Severity
.NET Core CVE-2022-34716 .NET Spoofing Vulnerability Important
Active Directory
Domain Services		 CVE-2022-34691 Active Directory Domain Services
Elevation of Privilege Vulnerability		 Critical
Azure Batch
Node Agent		 CVE-2022-33646 Azure Batch Node Agent
Elevation of Privilege Vulnerability		 Critical
Azure Real Time
Operating System		 CVE-2022-34685 Azure RTOS GUIX Studio
Information Disclosure Vulnerability		 Important
Azure Real Time
Operating System		 CVE-2022-34686 Azure RTOS GUIX Studio
Information Disclosure Vulnerability		 Important
Azure Real Time
Operating System		 CVE-2022-35773 Azure RTOS GUIX Studio
Remote Code Execution Vulnerability		 Important
Azure Real Time
Operating System		 CVE-2022-35779 Azure RTOS GUIX Studio
Remote Code Execution Vulnerability		 Important
Azure Real Time
Operating System		 CVE-2022-35806 Azure RTOS GUIX Studio
Remote Code Execution Vulnerability		 Important
Azure Real Time
Operating System		 CVE-2022-34687 Azure RTOS GUIX Studio
Remote Code Execution Vulnerability		 Important
Azure Real Time
Operating System		 CVE-2022-30176 Azure RTOS GUIX Studio
Remote Code Execution Vulnerability		 Important
Azure Real Time
Operating System		 CVE-2022-30175 Azure RTOS GUIX Studio
Remote Code Execution Vulnerability		 Important
Azure Site Recovery CVE-2022-35791 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35818 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35809 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35789 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35815 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35817 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35816 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35814 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35785 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35812 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35811 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35784 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35810 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35813 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35788 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35783 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35786 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35787 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35819 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35781 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35775 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35790 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35780 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35799 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35772 Azure Site Recovery Remote
Code Execution Vulnerability		 Important
Azure Site Recovery CVE-2022-35800 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35774 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35802 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35782 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35824 Azure Site Recovery Remote
Code Execution Vulnerability		 Important
Azure Site Recovery CVE-2022-35801 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35808 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Site Recovery CVE-2022-35776 Azure Site Recovery Denial
of Service Vulnerability		 Important
Azure Site Recovery CVE-2022-35807 Azure Site Recovery Elevation
of Privilege Vulnerability		 Important
Azure Sphere CVE-2022-35821 Azure Sphere Information
Disclosure Vulnerability		 Important
Microsoft
ATA Port Driver		 CVE-2022-35760 Microsoft ATA Port Driver
Elevation of Privilege Vulnerability		 Important
Microsoft
Bluetooth Driver		 CVE-2022-35820 Windows Bluetooth Driver
Elevation of Privilege Vulnerability		 Important
Microsoft Edge
(Chromium-based)		 CVE-2022-35796 Microsoft Edge (Chromium-based)
Elevation of Privilege Vulnerability		 Low
Microsoft Edge
(Chromium-based)		 CVE-2022-33649 Microsoft Edge (Chromium-based)
Security Feature Bypass Vulnerability		 Important
Microsoft Edge
(Chromium-based)		 CVE-2022-2618 Chromium: CVE-2022-2618 Insufficient
validation of untrusted input in Internals		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2616 Chromium: CVE-2022-2616 Inappropriate
implementation in Extensions API		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2617 Chromium: CVE-2022-2617
Use after free in Extensions API		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2619 Chromium: CVE-2022-2619 Insufficient
validation of untrusted input in Settings		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2622 Chromium: CVE-2022-2622 Insufficient
validation of untrusted input in Safe Browsing		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2623 Chromium: CVE-2022-2623
Use after free in Offline		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-33636 Microsoft Edge (Chromium-based)
Remote Code Execution Vulnerability		 Moderate
Microsoft Edge
(Chromium-based)		 CVE-2022-2621 Chromium: CVE-2022-2621
Use after free in Extensions		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2615 Chromium: CVE-2022-2615
Insufficient policy enforcement in Cookies		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2604 Chromium: CVE-2022-2604
Use after free in Safe Browsing		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2605 Chromium: CVE-2022-2605
Out of bounds read in Dawn		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2624 Chromium: CVE-2022-2624
Heap buffer overflow in PDF		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2603 Chromium: CVE-2022-2603
Use after free in Omnibox		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2606 Chromium: CVE-2022-2606
Use after free in Managed devices API		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2612 Chromium: CVE-2022-2612 Side-channel
information leakage in Keyboard input		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2614 Chromium: CVE-2022-2614
Use after free in Sign-In Flow		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2610 Chromium: CVE-2022-2610 Insufficient
policy enforcement in Background Fetch		 Unknown
Microsoft Edge
(Chromium-based)		 CVE-2022-2611 Chromium: CVE-2022-2611 Inappropriate
implementation in Fullscreen API		 Unknown
Microsoft
Exchange Server		 CVE-2022-34692 Microsoft Exchange Information
Disclosure Vulnerability		 Important
Microsoft
Exchange Server		 CVE-2022-21980 Microsoft Exchange Server
Elevation of Privilege Vulnerability		 Critical
Microsoft
Exchange Server		 CVE-2022-21979 Microsoft Exchange Information
Disclosure Vulnerability		 Important
Microsoft
Exchange Server		 CVE-2022-24516 Microsoft Exchange Server
Elevation of Privilege Vulnerability		 Critical
Microsoft
Exchange Server		 CVE-2022-30134 Microsoft Exchange Information
Disclosure Vulnerability		 Important
Microsoft
Exchange Server		 CVE-2022-24477 Microsoft Exchange Server
Elevation of Privilege Vulnerability		 Critical
Microsoft
Office		 CVE-2022-34717 Microsoft Office Remote
Code Execution Vulnerability		 Important
Microsoft
Office Excel		 CVE-2022-33648 Microsoft Excel Remote
Code Execution Vulnerability		 Important
Microsoft
Office Excel		 CVE-2022-33631 Microsoft Excel Security
Feature Bypass Vulnerability		 Important
Microsoft
Office Outlook		 CVE-2022-35742 Microsoft Outlook Denial
of Service Vulnerability		 Important
Microsoft Windows
Support Diagnostic
Tool (MSDT)		 CVE-2022-34713 Microsoft Windows Support Diagnostic Tool
(MSDT) Remote Code Execution Vulnerability		 Important
Microsoft Windows
Support Diagnostic
Tool (MSDT)		 CVE-2022-35743 Microsoft Windows Support Diagnostic Tool
(MSDT) Remote Code Execution Vulnerability		 Important
Remote Access Service
Point-to-Point
Tunneling Protocol		 CVE-2022-35752 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability		 Critical
Remote Access Service
Point-to-Point
Tunneling Protocol		 CVE-2022-35753 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability		 Critical
Remote Access Service
Point-to-Point
Tunneling Protocol		 CVE-2022-35769 Windows Point-to-Point Protocol
(PPP) Denial of Service Vulnerability		 Important
Role: Windows
Fax Service		 CVE-2022-34690 Windows Fax Service Elevation
of Privilege Vulnerability		 Important
Role: Windows
Hyper-V		 CVE-2022-34696 Windows Hyper-V Remote
Code Execution Vulnerability		 Critical
Role: Windows
Hyper-V		 CVE-2022-35751 Windows Hyper-V Elevation
of Privilege Vulnerability		 Important
System Center
Operations Manager		 CVE-2022-33640 System Center Operations Manager:
Open Management Infrastructure
(OMI) Elevation of Privilege Vulnerability		 Important
Visual Studio CVE-2022-35827 Visual Studio Remote Code
Execution Vulnerability		 Important
Visual Studio CVE-2022-35777 Visual Studio Remote Code
Execution Vulnerability		 Important
Visual Studio CVE-2022-35825 Visual Studio Remote Code
Execution Vulnerability		 Important
Visual Studio CVE-2022-35826 Visual Studio Remote Code
Execution Vulnerability		 Important
Windows Bluetooth
Service		 CVE-2022-30144 Windows Bluetooth Service Remote
Code Execution Vulnerability		 Important
Windows Canonical
Display Driver		 CVE-2022-35750 Win32k Elevation of Privilege Vulnerability Important
Windows Cloud Files
Mini Filter Driver		 CVE-2022-35757 Windows Cloud Files Mini Filter Driver
Elevation of Privilege Vulnerability		 Important
Windows Defender
Credential Guard		 CVE-2022-35771 Windows Defender Credential Guard
Elevation of Privilege Vulnerability		 Important
Windows Defender
Credential Guard		 CVE-2022-34705 Windows Defender Credential Guard
Elevation of Privilege Vulnerability		 Important
Windows Defender
Credential Guard		 CVE-2022-34710 Windows Defender Credential Guard
Information Disclosure Vulnerability		 Important
Windows Defender
Credential Guard		 CVE-2022-34709 Windows Defender Credential Guard
Security Feature Bypass Vulnerability		 Important
Windows Defender
Credential Guard		 CVE-2022-34704 Windows Defender Credential Guard
Information Disclosure Vulnerability		 Important
Windows Defender
Credential Guard		 CVE-2022-34712 Windows Defender Credential Guard
Information Disclosure Vulnerability		 Important
Windows
Digital Media		 CVE-2022-35746 Windows Digital Media Receiver
Elevation of Privilege Vulnerability		 Important
Windows
Digital Media		 CVE-2022-35749 Windows Digital Media Receiver
Elevation of Privilege Vulnerability		 Important
Windows
Error Reporting		 CVE-2022-35795 Windows Error Reporting Service
Elevation of Privilege Vulnerability		 Important
Windows Hello CVE-2022-35797 Windows Hello Security
Feature Bypass Vulnerability		 Important
Windows Internet
Information Services		 CVE-2022-35748 HTTP.sys Denial of Service Vulnerability Important
Windows Kerberos CVE-2022-35756 Windows Kerberos Elevation
of Privilege Vulnerability		 Important
Windows Kernel CVE-2022-35761 Windows Kernel Elevation
of Privilege Vulnerability		 Important
Windows Kernel CVE-2022-35768 Windows Kernel Elevation
of Privilege Vulnerability		 Important
Windows Kernel CVE-2022-34708 Windows Kernel Information
Disclosure Vulnerability		 Important
Windows Kernel CVE-2022-34707 Windows Kernel Elevation
of Privilege Vulnerability		 Important
Windows Kernel CVE-2022-35804 SMB Client and Server Remote
Code Execution Vulnerability		 Critical
Windows Kernel CVE-2022-30197 Windows Kernel Information
Disclosure Vulnerability		 Important
Windows Kernel CVE-2022-35758 Windows Kernel Memory Information
Disclosure Vulnerability		 Important
Windows Local
Security Authority (LSA)		 CVE-2022-34706 Windows Local Security Authority (LSA)
Elevation of Privilege Vulnerability		 Important
Windows Local
Security Authority (LSA)		 CVE-2022-35759 Windows Local Security Authority (LSA)
Denial of Service Vulnerability		 Important
Windows Network
File System		 CVE-2022-34715 Windows Network File System
Remote Code Execution Vulnerability		 Important
Windows Partition
Management Driver		 CVE-2022-33670 Windows Partition Management
Driver Elevation of Privilege Vulnerability		 Important
Windows Partition
Management Driver		 CVE-2022-34703 Windows Partition Management
Driver Elevation of Privilege Vulnerability		 Important
Windows Point-to-Point
Tunneling Protocol		 CVE-2022-30133 Windows Point-to-Point Protocol (PPP)
Remote Code Execution Vulnerability		 Critical
Windows Point-to-Point
Tunneling Protocol		 CVE-2022-35747 Windows Point-to-Point Protocol (PPP)
Denial of Service Vulnerability		 Important
Windows Point-to-Point
Tunneling Protocol		 CVE-2022-35744 Windows Point-to-Point Protocol (PPP)
Remote Code Execution Vulnerability		 Critical
Windows Print
Spooler Components		 CVE-2022-35793 Windows Print Spooler Elevation
of Privilege Vulnerability		 Important
Windows Print
Spooler Components		 CVE-2022-35755 Windows Print Spooler Elevation
of Privilege Vulnerability		 Important
Windows Secure Boot CVE-2022-34301 CERT/CC: CVE-2022-34301
Eurosoft Boot Loader Bypass		 Important
Windows Secure Boot CVE-2022-34302 CERT/CC: CVE-2022-34302 New Horizon
Data Systems Inc Boot Loader Bypass		 Important
Windows Secure Boot CVE-2022-34303 CERT/CC: CVE-20220-34303
Crypto Pro Boot Loader Bypass		 Important
Windows Secure Socket
Tunneling Protocol (SSTP)		 CVE-2022-35745 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability		 Critical
Windows Secure Socket
Tunneling Protocol (SSTP)		 CVE-2022-35766 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability		 Critical
Windows Secure Socket
Tunneling Protocol (SSTP)		 CVE-2022-35794 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability		 Critical
Windows Secure Socket
Tunneling Protocol (SSTP)		 CVE-2022-34701 Windows Secure Socket Tunneling Protocol
(SSTP) Denial of Service Vulnerability		 Important
Windows Secure Socket
Tunneling Protocol (SSTP)		 CVE-2022-34714 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability		 Critical
Windows Secure Socket
Tunneling Protocol (SSTP)		 CVE-2022-34702 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability		 Critical
Windows Secure Socket
Tunneling Protocol (SSTP)		 CVE-2022-35767 Windows Secure Socket Tunneling Protocol
(SSTP) Remote Code Execution Vulnerability		 Critical
Windows Storage
Spaces Direct		 CVE-2022-35762 Storage Spaces Direct
Elevation of Privilege Vulnerability		 Important
Windows Storage
Spaces Direct		 CVE-2022-35765 Storage Spaces Direct
Elevation of Privilege Vulnerability		 Important
Windows Storage
Spaces Direct		 CVE-2022-35792 Storage Spaces Direct
Elevation of Privilege Vulnerability		 Important
Windows Storage
Spaces Direct		 CVE-2022-35763 Storage Spaces Direct
Elevation of Privilege Vulnerability		 Important
Windows Storage
Spaces Direct		 CVE-2022-35764 Storage Spaces Direct Elevation
of Privilege Vulnerability		 Important
Windows Unified
Write Filter		 CVE-2022-35754 Unified Write Filter Elevation
of Privilege Vulnerability		 Important
Windows
WebBrowser Control		 CVE-2022-30194 Windows WebBrowser Control
Remote Code Execution Vulnerability		 Important
Windows Win32K CVE-2022-34699 Windows Win32k Elevation
of Privilege Vulnerability		 Important

 

Related Articles
SOCRadar® Cyber Intelligence Inc. | OpenMetadata Vulnerabilities Allow Attackers to Cryptomine in Kubernetes Environments
OpenMetadata Vulnerabilities Allow Attackers to Cryptomine in Kubernetes Environments
Apr 18, 2024
SOCRadar® Cyber Intelligence Inc. | CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Major Cyber Attacks in Review: March 2024
Major Cyber Attacks in Review: March 2024
Apr 16, 2024