Skip to content ↓ | Skip to navigation ↓

Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th.

In-The-Wild & Disclosed CVEs

CVE-2022-34713

According to Microsoft, CVE-2022-34713 is a variant of the Dogwalk vulnerability. There has been a lot of Twitter discussion around this Dogwalk as it was first disclosed to Microsoft two years ago. Microsoft has noted that this vulnerability, which requires the user open a specially crafted file to exploit a flaw in the Microsoft Support Diagnostic Tool (MSDT), has been publicly disclosed and exploited.

CVE-2022-30134

This information disclosure vulnerability could allow attackers to read targeted email messages. In this case, installing the August 2022 Exchange Server Security Update (SU) release is not sufficient to defend against this vulnerability. System owners must also enable Exchange Server Support for Windows Extended Protection, which Microsoft has detailed in an Exchange Team Blog Post. The biggest take away here is that there are a number of instances where Microsoft suggests making sure you are aware of the issues associated with enabling Extended Protection, as such it is likely a good idea to read all of the associated documentation before moving forward with enabling this protection, but keep in mind the vulnerability is not fully resolved until the protection is enabled.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed are listed in red.
Tag CVE Count CVEs
Windows WebBrowser Control 1 CVE-2022-30194
Windows Secure Socket Tunneling Protocol (SSTP) 7 CVE-2022-34714, CVE-2022-35745, CVE-2022-34701, CVE-2022-34702, CVE-2022-35766, CVE-2022-35767, CVE-2022-35794
Microsoft Windows Support Diagnostic Tool (MSDT) 2 CVE-2022-34713, CVE-2022-35743
Microsoft ATA Port Driver 1 CVE-2022-35760
Windows Hello 1 CVE-2022-35797
Visual Studio 4 CVE-2022-35777, CVE-2022-35825, CVE-2022-35826, CVE-2022-35827
Windows Canonical Display Driver 1 CVE-2022-35750
System Center Operations Manager 1 CVE-2022-33640
Active Directory Domain Services 1 CVE-2022-34691
Azure Batch Node Agent 1 CVE-2022-33646
Remote Access Service Point-to-Point Tunneling Protocol 3 CVE-2022-35752, CVE-2022-35753, CVE-2022-35769
Windows Network File System 1 CVE-2022-34715
Windows Cloud Files Mini Filter Driver 1 CVE-2022-35757
Microsoft Office Excel 2 CVE-2022-33648, CVE-2022-33631
Windows Defender Credential Guard 6 CVE-2022-34709, CVE-2022-34710, CVE-2022-34712, CVE-2022-34704, CVE-2022-34705, CVE-2022-35771
Windows Kernel 7 CVE-2022-30197, CVE-2022-34707, CVE-2022-34708, CVE-2022-35758, CVE-2022-35761, CVE-2022-35804, CVE-2022-35768
Microsoft Bluetooth Driver 1 CVE-2022-35820
Microsoft Exchange Server 6 CVE-2022-21979, CVE-2022-21980, CVE-2022-24516, CVE-2022-24477, CVE-2022-30134, CVE-2022-34692
Windows Point-to-Point Tunneling Protocol 3 CVE-2022-30133, CVE-2022-35744, CVE-2022-35747
Microsoft Office 1 CVE-2022-34717
Windows Partition Management Driver 2 CVE-2022-33670, CVE-2022-34703
Azure Site Recovery 34 CVE-2022-35776, CVE-2022-35802, CVE-2022-35780, CVE-2022-35781, CVE-2022-35772, CVE-2022-35799, CVE-2022-35774, CVE-2022-35800, CVE-2022-35775, CVE-2022-35801, CVE-2022-35807, CVE-2022-35808, CVE-2022-35782, CVE-2022-35809, CVE-2022-35783, CVE-2022-35784, CVE-2022-35810, CVE-2022-35811, CVE-2022-35785, CVE-2022-35812, CVE-2022-35786, CVE-2022-35787, CVE-2022-35813, CVE-2022-35788, CVE-2022-35814, CVE-2022-35789, CVE-2022-35815, CVE-2022-35790, CVE-2022-35816, CVE-2022-35817, CVE-2022-35791, CVE-2022-35818, CVE-2022-35819, CVE-2022-35824
Windows Local Security Authority (LSA) 2 CVE-2022-34706, CVE-2022-35759
Windows Storage Spaces Direct 5 CVE-2022-35762, CVE-2022-35763, CVE-2022-35764, CVE-2022-35765, CVE-2022-35792
Windows Win32K 1 CVE-2022-34699
Microsoft Office Outlook 1 CVE-2022-35742
.NET Core 1 CVE-2022-34716
Windows Kerberos 1 CVE-2022-35756
Windows Bluetooth Service 1 CVE-2022-30144
Windows Print Spooler Components 2 CVE-2022-35755, CVE-2022-35793
Role: Windows Hyper-V 2 CVE-2022-34696, CVE-2022-35751
Azure Real Time Operating System 8 CVE-2022-30175, CVE-2022-30176, CVE-2022-34685, CVE-2022-34686, CVE-2022-34687, CVE-2022-35773, CVE-2022-35779, CVE-2022-35806
Microsoft Edge (Chromium-based) 20 CVE-2022-33636, CVE-2022-33649, CVE-2022-35796, CVE-2022-2603, CVE-2022-2604, CVE-2022-2605, CVE-2022-2606, CVE-2022-2610, CVE-2022-2611, CVE-2022-2612, CVE-2022-2614, CVE-2022-2615, CVE-2022-2616, CVE-2022-2617, CVE-2022-2618, CVE-2022-2619, CVE-2022-2621, CVE-2022-2622, CVE-2022-2623, CVE-2022-2624
Windows Error Reporting 1 CVE-2022-35795
Role: Windows Fax Service 1 CVE-2022-34690
Windows Secure Boot 3 CVE-2022-34303, CVE-2022-34301, CVE-2022-34302
Azure Sphere 1 CVE-2022-35821
Windows Digital Media 2 CVE-2022-35746, CVE-2022-35749
Windows Unified Write Filter 1 CVE-2022-35754
Windows Internet Information Services 1 CVE-2022-35748

Other Information

At the time of publication, there were no new advisories included with the August Security Guidance.

cyber ebook
[class^="wpforms-"]
[class^="wpforms-"]