Microsoft August 2022 Patch Tuesday (9th August 2022) released patches for 2 zero-day vulnerabilities and 121 vulnerabilities.

The August 2022 Microsoft vulnerabilities are classified as follows:

• 17 – Critical’ as they allow Elevation of Privilege (EoP) and Remote Code Execution (RCE).
• 104 – Important

Further divided as,

• 64 – Elevation of Privilege Vulnerabilities
• 31 – Remote Code Execution Vulnerabilities
• 12 – Information Disclosure Vulnerabilities
• 6 – Security Feature Bypass Vulnerabilities
• 7 – Denial of Service Vulnerabilities
• 1 – Spoofing Vulnerability

Out of the two zero-day vulnerability , The actively exploited zero-day vulnerability named ‘DogWalk’ tracked as CVE-2022-34713 is a Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

The zero-day vulnerability (tracked as CVE-2022-30134) is a Microsoft Exchange Information Disclosure Vulnerability which allows threat actors to read targeted email messages. Even though this vulnerability is publicly disclosed no attacks has been detected yet.

Impact

• Allows threat actors to exploit the publicly disclosed vulnerabilities.

Remediate

• Update to the latest version

Source:

• https://msrc.microsoft.com/update-guide
• https://blog.qualys.com/vulnerabilities-threat-research/2022/08/09/august-2022-patch-tuesday