Microsoft Patch Tuesday – August 2022

Request an audit

Patch Tuesday

Microsoft released patches for 121 vulnerabilities yesterday, including 17 classified as Critical, and 2 zero-day vulnerabilities, with one which is being actively exploited in the wild.
A vulnerability called ‘DogWalk’ has been patched this month. This is a Remote Code Execution vulnerability in the Microsoft Support Diagnostic Tool (MSDT). Unrelated to ‘Follina‘, this vulnerability was disclosed in 2020 with Microsoft originally saying they won’t fix the flaw.

For people who wonder if this is related to #Follina. It's another 0day. Context:https://t.co/05KdKz4hk6

— j00sean (@j00sean) June 6, 2022

Tracked as CVE-2022-34713 (CVSS 3.1: 7.8/7.2), ‘DogWalk’ is exploited by malicious .diagcab files downloaded from the Internet or delivered by e-mail, and since MSDT ignores the Mark-of-the-Web security feature there’s nothing stopping file execution. Our advice is to deploy this patch immediately.

In total this month there are patches for:

64 Privilege Escalation vulnerabilities

31 Remote Code Execution vulnerabilities

12 Information Disclosure vulnerabilities

7 Denial of Service vulnerabilities

6 Security Feature Bypass vulnerabilities

1 Spoofing vulnerability

Affected Products

.NET Core
Active Directory Domain Services
Azure Batch Node Agent
Azure Real Time Operating System
Azure Site Recovery
Azure Sphere
Microsoft ATA Port Driver
Microsoft Bluetooth Driver
Microsoft Edge (Chromium-based)
Microsoft Exchange Server
Microsoft Office
Microsoft Office Excel
Microsoft Office Outlook
Microsoft Windows Support Diagnostic Tool (MSDT)
Remote Access Service Point-to-Point Tunneling Protocol
Role: Windows Fax Service
Role: Windows Hyper-V
System Center Operations Manager
Visual Studio
Windows Bluetooth Service
Windows Canonical Display Driver
Windows Cloud Files Mini Filter Driver
Windows Defender Credential Guard
Windows Digital Media
Windows Error Reporting
Windows Hello
Windows Internet Information Services
Windows Kerberos
Windows Kernel
Windows Local Security Authority (LSA)
Windows Network File System
Windows Partition Management Driver
Windows Point-to-Point Tunneling Protocol
Windows Print Spooler Components
Windows Secure Boot
Windows Secure Socket Tunneling Protocol (SSTP)
Windows Storage Spaces Direct
Windows Unified Write Filter
Windows WebBrowser Control
Windows Win32K

Services

IT security assessment

Security & network assessment

Ethical hacking

OT/IoT security assessment

Red & Blue Teaming

M365 assessment

Governance

Decision tree

GDPR assessment

ISO 27k assessment

Social engineering

Cybersecurity maturity assessment

Networking

Security & network assessment

OT/IoT network assessment

Identify

Managed services

Network Operations Centre (NOC)

Security Operations Centre (SOC)

Network as a Service (NaaS)

Security Governance

UBA

Governance

Chief Information Security Officer (CISO)

Information Security Officer (ISO)

Social engineering

Security awareness training

Information Protection & Governance

Security & networking optimization

High-level design

Wireless/wired networking

Network Virtualisation & Automation (SDN)

SD-WAN

Endpoint security

Prevent & protect

Managed services

Security Operations Center (SOC)

CSIRT

Network Operations Centre (NOC)

Network as a Service (NaaS)

Endpoint Detection & Response

Governance

Chief Information Security Officer (CISO)

Data Protection Officer (DPO)

Detect & respond

Managed services

Network Operations Centre (NOC)

Security Operations Centre (SOC)

Network as a Service (NaaS)

CISO as a Service

DPO as a Service

Governance

Chief Information Security Officer (CISO)

Data Protection Officer (DPO)

Recover

Microsoft Patch Tuesday – August 2022

Patch Tuesday

Affected Products

Ready to discuss your security needs?