Home > Security Bulletins > Microsoft Patch Tuesday – August 2022

Microsoft Patch Tuesday – August 2022

Patch Tuesday

Microsoft released patches for 121 vulnerabilities yesterday, including 17 classified as Critical, and 2 zero-day vulnerabilities, with one which is being actively exploited in the wild.
A vulnerability called ‘DogWalk’ has been patched this month. This is a Remote Code Execution vulnerability in the Microsoft Support Diagnostic Tool (MSDT). Unrelated to ‘Follina‘, this vulnerability was disclosed in 2020 with Microsoft originally saying they won’t fix the flaw.

Tracked as CVE-2022-34713 (CVSS 3.1: 7.8/7.2), ‘DogWalk’ is exploited by malicious .diagcab files downloaded from the Internet or delivered by e-mail, and since MSDT ignores the Mark-of-the-Web security feature there’s nothing stopping file execution. Our advice is to deploy this patch immediately.

In total this month there are patches for:

64 Privilege Escalation vulnerabilities

31 Remote Code Execution vulnerabilities

12 Information Disclosure vulnerabilities

7 Denial of Service vulnerabilities

6 Security Feature Bypass vulnerabilities

1 Spoofing vulnerability

Affected Products

.NET Core
Active Directory Domain Services
Azure Batch Node Agent
Azure Real Time Operating System
Azure Site Recovery
Azure Sphere
Microsoft ATA Port Driver
Microsoft Bluetooth Driver
Microsoft Edge (Chromium-based)
Microsoft Exchange Server
Microsoft Office
Microsoft Office Excel
Microsoft Office Outlook
Microsoft Windows Support Diagnostic Tool (MSDT)
Remote Access Service Point-to-Point Tunneling Protocol
Role: Windows Fax Service
Role: Windows Hyper-V
System Center Operations Manager
Visual Studio
Windows Bluetooth Service
Windows Canonical Display Driver
Windows Cloud Files Mini Filter Driver
Windows Defender Credential Guard
Windows Digital Media
Windows Error Reporting
Windows Hello
Windows Internet Information Services
Windows Kerberos
Windows Kernel
Windows Local Security Authority (LSA)
Windows Network File System
Windows Partition Management Driver
Windows Point-to-Point Tunneling Protocol
Windows Print Spooler Components
Windows Secure Boot
Windows Secure Socket Tunneling Protocol (SSTP)
Windows Storage Spaces Direct
Windows Unified Write Filter
Windows WebBrowser Control
Windows Win32K