Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws

Lawrence Abrams

August 9, 2022
01:34 PM
2

Patch Tuesday

Today is Microsoft's August 2022 Patch Tuesday, and with it comes fixes for the actively exploited 'DogWalk' zero-day vulnerability and a total of 121 flaws.

Seventeen of the 121 vulnerabilities fixed in today's update are classified as 'Critical' as they allow remote code execution or elevation of privileges.

The number of bugs in each vulnerability category is listed below:

64 Elevation of Privilege Vulnerabilities
6 Security Feature Bypass Vulnerabilities
31 Remote Code Execution Vulnerabilities
12 Information Disclosure Vulnerabilities
7 Denial of Service Vulnerabilities
1 Spoofing Vulnerability

The above counts do not include twenty vulnerabilities previously fixed in Microsoft Edge.

For information about the non-security Windows updates, you can read about today's Windows 10 KB5016616 and KB5016623 updates and the Windows 11 KB5016629 update.

Two zero-days fixed, one actively exploited

This month's Patch Tuesday fixes two zero-day vulnerabilities, with one actively exploited in attacks.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The actively exploited zero-day vulnerability fixed today is jokingly known as 'DogWalk" and tracked by Microsoft as 'CVE-2022-34713 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.'

Security researcher Imre Rad discovered this vulnerability in January 2020, but Microsoft decided not to fix it after deeming it not to be a security vulnerability.

However, after the discovery of the Microsoft Office MSDT vulnerability, security researchers once again pushed to have the DogWalk vulnerability fixed as well, which was done as part of today's updates.

The other zero-day vulnerability is tracked as 'CVE-2022-30134 - Microsoft Exchange Information Disclosure Vulnerability' and allows an attacker to read targeted email messages.

Microsoft says that the CVE-2022-30134 vulnerability is publicly disclosed but has not been detected in attacks.

Recent updates from other companies

Other vendors who released updates in August 2022 include:

Cisco released security updates for numerous products this month.
Google released Android's August security updates.
SAP has released its August 2022 Patch Day updates.
VMware released security updates and warned that recently disclosed auth bypass flaw is now actively exploited.

The August 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the August 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Tag	CVE ID	CVE Title	Severity
.NET Core	CVE-2022-34716	.NET Spoofing Vulnerability	Important
Active Directory Domain Services	CVE-2022-34691	Active Directory Domain Services Elevation of Privilege Vulnerability	Critical
Azure Batch Node Agent	CVE-2022-33646	Azure Batch Node Agent Elevation of Privilege Vulnerability	Critical
Azure Real Time Operating System	CVE-2022-34685	Azure RTOS GUIX Studio Information Disclosure Vulnerability	Important
Azure Real Time Operating System	CVE-2022-34686	Azure RTOS GUIX Studio Information Disclosure Vulnerability	Important
Azure Real Time Operating System	CVE-2022-35773	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Real Time Operating System	CVE-2022-35779	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Real Time Operating System	CVE-2022-35806	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Real Time Operating System	CVE-2022-34687	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Real Time Operating System	CVE-2022-30176	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Real Time Operating System	CVE-2022-30175	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	Important
Azure Site Recovery	CVE-2022-35791	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35818	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35809	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35789	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35815	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35817	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35816	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35814	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35785	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35812	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35811	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35784	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35810	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35813	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35788	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35783	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35786	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35787	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35819	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35781	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35775	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35790	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35780	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35799	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35772	Azure Site Recovery Remote Code Execution Vulnerability	Important
Azure Site Recovery	CVE-2022-35800	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35774	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35802	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35782	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35824	Azure Site Recovery Remote Code Execution Vulnerability	Important
Azure Site Recovery	CVE-2022-35801	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35808	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-35776	Azure Site Recovery Denial of Service Vulnerability	Important
Azure Site Recovery	CVE-2022-35807	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Sphere	CVE-2022-35821	Azure Sphere Information Disclosure Vulnerability	Important
Microsoft ATA Port Driver	CVE-2022-35760	Microsoft ATA Port Driver Elevation of Privilege Vulnerability	Important
Microsoft Bluetooth Driver	CVE-2022-35820	Windows Bluetooth Driver Elevation of Privilege Vulnerability	Important
Microsoft Edge (Chromium-based)	CVE-2022-35796	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	Low
Microsoft Edge (Chromium-based)	CVE-2022-33649	Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability	Important
Microsoft Edge (Chromium-based)	CVE-2022-2618	Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2616	Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2617	Chromium: CVE-2022-2617 Use after free in Extensions API	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2619	Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2622	Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2623	Chromium: CVE-2022-2623 Use after free in Offline	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-33636	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	Moderate
Microsoft Edge (Chromium-based)	CVE-2022-2621	Chromium: CVE-2022-2621 Use after free in Extensions	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2615	Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2604	Chromium: CVE-2022-2604 Use after free in Safe Browsing	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2605	Chromium: CVE-2022-2605 Out of bounds read in Dawn	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2624	Chromium: CVE-2022-2624 Heap buffer overflow in PDF	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2603	Chromium: CVE-2022-2603 Use after free in Omnibox	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2606	Chromium: CVE-2022-2606 Use after free in Managed devices API	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2612	Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2614	Chromium: CVE-2022-2614 Use after free in Sign-In Flow	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2610	Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-2611	Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API	Unknown
Microsoft Exchange Server	CVE-2022-34692	Microsoft Exchange Information Disclosure Vulnerability	Important
Microsoft Exchange Server	CVE-2022-21980	Microsoft Exchange Server Elevation of Privilege Vulnerability	Critical
Microsoft Exchange Server	CVE-2022-21979	Microsoft Exchange Information Disclosure Vulnerability	Important
Microsoft Exchange Server	CVE-2022-24516	Microsoft Exchange Server Elevation of Privilege Vulnerability	Critical
Microsoft Exchange Server	CVE-2022-30134	Microsoft Exchange Information Disclosure Vulnerability	Important
Microsoft Exchange Server	CVE-2022-24477	Microsoft Exchange Server Elevation of Privilege Vulnerability	Critical
Microsoft Office	CVE-2022-34717	Microsoft Office Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2022-33648	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2022-33631	Microsoft Excel Security Feature Bypass Vulnerability	Important
Microsoft Office Outlook	CVE-2022-35742	Microsoft Outlook Denial of Service Vulnerability	Important
Microsoft Windows Support Diagnostic Tool (MSDT)	CVE-2022-34713	Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability	Important
Microsoft Windows Support Diagnostic Tool (MSDT)	CVE-2022-35743	Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability	Important
Remote Access Service Point-to-Point Tunneling Protocol	CVE-2022-35752	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Remote Access Service Point-to-Point Tunneling Protocol	CVE-2022-35753	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Remote Access Service Point-to-Point Tunneling Protocol	CVE-2022-35769	Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability	Important
Role: Windows Fax Service	CVE-2022-34690	Windows Fax Service Elevation of Privilege Vulnerability	Important
Role: Windows Hyper-V	CVE-2022-34696	Windows Hyper-V Remote Code Execution Vulnerability	Critical
Role: Windows Hyper-V	CVE-2022-35751	Windows Hyper-V Elevation of Privilege Vulnerability	Important
System Center Operations Manager	CVE-2022-33640	System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability	Important
Visual Studio	CVE-2022-35827	Visual Studio Remote Code Execution Vulnerability	Important
Visual Studio	CVE-2022-35777	Visual Studio Remote Code Execution Vulnerability	Important
Visual Studio	CVE-2022-35825	Visual Studio Remote Code Execution Vulnerability	Important
Visual Studio	CVE-2022-35826	Visual Studio Remote Code Execution Vulnerability	Important
Windows Bluetooth Service	CVE-2022-30144	Windows Bluetooth Service Remote Code Execution Vulnerability	Important
Windows Canonical Display Driver	CVE-2022-35750	Win32k Elevation of Privilege Vulnerability	Important
Windows Cloud Files Mini Filter Driver	CVE-2022-35757	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Important
Windows Defender Credential Guard	CVE-2022-35771	Windows Defender Credential Guard Elevation of Privilege Vulnerability	Important
Windows Defender Credential Guard	CVE-2022-34705	Windows Defender Credential Guard Elevation of Privilege Vulnerability	Important
Windows Defender Credential Guard	CVE-2022-34710	Windows Defender Credential Guard Information Disclosure Vulnerability	Important
Windows Defender Credential Guard	CVE-2022-34709	Windows Defender Credential Guard Security Feature Bypass Vulnerability	Important
Windows Defender Credential Guard	CVE-2022-34704	Windows Defender Credential Guard Information Disclosure Vulnerability	Important
Windows Defender Credential Guard	CVE-2022-34712	Windows Defender Credential Guard Information Disclosure Vulnerability	Important
Windows Digital Media	CVE-2022-35746	Windows Digital Media Receiver Elevation of Privilege Vulnerability	Important
Windows Digital Media	CVE-2022-35749	Windows Digital Media Receiver Elevation of Privilege Vulnerability	Important
Windows Error Reporting	CVE-2022-35795	Windows Error Reporting Service Elevation of Privilege Vulnerability	Important
Windows Hello	CVE-2022-35797	Windows Hello Security Feature Bypass Vulnerability	Important
Windows Internet Information Services	CVE-2022-35748	HTTP.sys Denial of Service Vulnerability	Important
Windows Kerberos	CVE-2022-35756	Windows Kerberos Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2022-35761	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2022-35768	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2022-34708	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2022-34707	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2022-35804	SMB Client and Server Remote Code Execution Vulnerability	Critical
Windows Kernel	CVE-2022-30197	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2022-35758	Windows Kernel Memory Information Disclosure Vulnerability	Important
Windows Local Security Authority (LSA)	CVE-2022-34706	Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability	Important
Windows Local Security Authority (LSA)	CVE-2022-35759	Windows Local Security Authority (LSA) Denial of Service Vulnerability	Important
Windows Network File System	CVE-2022-34715	Windows Network File System Remote Code Execution Vulnerability	Important
Windows Partition Management Driver	CVE-2022-33670	Windows Partition Management Driver Elevation of Privilege Vulnerability	Important
Windows Partition Management Driver	CVE-2022-34703	Windows Partition Management Driver Elevation of Privilege Vulnerability	Important
Windows Point-to-Point Tunneling Protocol	CVE-2022-30133	Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability	Critical
Windows Point-to-Point Tunneling Protocol	CVE-2022-35747	Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability	Important
Windows Point-to-Point Tunneling Protocol	CVE-2022-35744	Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability	Critical
Windows Print Spooler Components	CVE-2022-35793	Windows Print Spooler Elevation of Privilege Vulnerability	Important
Windows Print Spooler Components	CVE-2022-35755	Windows Print Spooler Elevation of Privilege Vulnerability	Important
Windows Secure Boot	CVE-2022-34301	CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass	Important
Windows Secure Boot	CVE-2022-34302	CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass	Important
Windows Secure Boot	CVE-2022-34303	CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass	Important
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-35745	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-35766	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-35794	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-34701	Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability	Important
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-34714	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-34702	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Windows Secure Socket Tunneling Protocol (SSTP)	CVE-2022-35767	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical
Windows Storage Spaces Direct	CVE-2022-35762	Storage Spaces Direct Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Direct	CVE-2022-35765	Storage Spaces Direct Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Direct	CVE-2022-35792	Storage Spaces Direct Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Direct	CVE-2022-35763	Storage Spaces Direct Elevation of Privilege Vulnerability	Important
Windows Storage Spaces Direct	CVE-2022-35764	Storage Spaces Direct Elevation of Privilege Vulnerability	Important
Windows Unified Write Filter	CVE-2022-35754	Unified Write Filter Elevation of Privilege Vulnerability	Important
Windows WebBrowser Control	CVE-2022-30194	Windows WebBrowser Control Remote Code Execution Vulnerability	Important
Windows Win32K	CVE-2022-34699	Windows Win32k Elevation of Privilege Vulnerability	Important

Comments

saturnascends - 1 year ago
I got the zeroday virus, and after downloading the new patches, my entire toolbar disappeared, Microsoft Store disappeared, along with access to any native related apps. I did a rollback, which mostly got me running again, but Eset is still constantly throwing off notifications that various things are being approved (like in startup, HKEY, services.exe, trustedinstaller, etc) Does Microsoft have info on how to proceed with this, or this site? Any help is much appreicated!
BH0 - 1 year ago
You mean zeroday virus called Windows update? :)

Now seriously. If you are coinvced you got virus, wipe the disk and begin from the clean Windows install, or preferably Linux.
Today "oldschool" viruses are very rare. Modern is malware that blackmails you. If you want to get rid of infection, you should use rescue media from Eset, boot into this media and clean the PC before Windows starts. Then repair the Windows itself.

Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws

Lawrence Abrams

Two zero-days fixed, one actively exploited

Recent updates from other companies

The August 2022 Patch Tuesday Security Updates

Lawrence Abrams

Comments

saturnascends - 1 year ago

BH0 - 1 year ago

Post a Comment Community Rules

You need to login in order to post a comment

Login

Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws

Lawrence Abrams

Two zero-days fixed, one actively exploited

Recent updates from other companies

The August 2022 Patch Tuesday Security Updates

Related Articles:

Lawrence Abrams

Comments

saturnascends - 1 year ago

BH0 - 1 year ago

Post a Comment Community Rules

You need to login in order to post a comment

You may also like:

Reporter

Help us understand the problem. What is going on with this comment?