Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws
Microsoft’s August 2022 Patch Tuesday, and with it comes fixes for the actively exploited ‘DogWalk’ zero-day vulnerability and a total of 121 flaws.
Seventeen of the 121 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution or elevation of privileges.
The number of bugs in each vulnerability category is listed below:
- 64 Elevation of Privilege Vulnerabilities
- 6 Security Feature Bypass Vulnerabilities
- 31 Remote Code Execution Vulnerabilities
- 12 Information Disclosure Vulnerabilities
- 7 Denial of Service Vulnerabilities
- 1 Spoofing Vulnerability
The above counts do not include twenty vulnerabilities previously fixed in Microsoft Edge.
Two zero-days fixed, one actively exploited
This month’s Patch Tuesday fixes two zero-day vulnerabilities, with one actively exploited in attacks.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
The actively exploited zero-day vulnerability fixed today is jokingly known as ‘DogWalk” and tracked by Microsoft as ‘CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.’
Security researcher Imre Rad discovered this vulnerability in January 2020, but Microsoft decided not to fix it after deeming it not to be a security vulnerability.
However, after the discovery of the Microsoft Office MSDT vulnerability, security researchers once again pushed to have the DogWalk vulnerability fixed as well, which was done as part of today’s updates.
The other zero-day vulnerability is tracked as ‘CVE-2022-30134 – Microsoft Exchange Information Disclosure Vulnerability’ and allows an attacker to read targeted email messages.
Microsoft says that the CVE-2022-30134 vulnerability is publicly disclosed but has not been detected in attacks.
Recent updates from other companies
Other vendors who released updates in August 2022 include:
- Cisco released security updates for numerous products this month.
- Google released Android’s August security updates.
- SAP has released its August 2022 Patch Day updates.
- VMware released security updates and warned that recently disclosed auth bypass flaw is now actively exploited.
The August 2022 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities and released advisories in the August 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.