Microsoft dealt with 121 vulnerabilities in the August 2022 Patch Tuesday update round, including two zero-working day bugs.
A person of the zero-days, CVE-2022-34713, has been dubbed “DogWalk” and is a distant code execution bug in the Microsoft Windows Aid Diagnostic Software (MSDT) which has already been noticed in attacks in the wild.
“This is a consumer targeted vulnerability which means the attacker can goal the person with a assortment of social engineering strategies these kinds of as sending a specially crafted file by way of email or convincing the user to click on on hosted web articles specifically crafted to exploit the vulnerability,” stated Chris Goettl, Ivanti VP of item management.
“The vulnerability affects all Windows OS variations and is rated as ‘important’ by Microsoft. Because of to the general public disclosure and identified attacks targeting the vulnerability, it is advised to deal with this as a better priority.”
Qualys director of vulnerability and menace investigate, Bharat Jogi, mentioned DogWalk experienced essentially been reported back again in 2019 but at the time was not thought to be hazardous as it demanded “significant user conversation to exploit,” and there were being other mitigations in area.
Having said that, the visual appeal of the novel Follina zero working day, which also exploits MSDT, compelled Microsoft to rethink, he mentioned.
The next zero-working day (CVE-2022-30134) is an details disclosure vulnerability in Trade Server that is regarded as fewer critical because the community disclosure does not supply purposeful exploit code. Microsoft has offered far more particulars on how to fix it right here.
Apart from these two flaws, Microsoft fixed 17 critical CVEs, a 325% improve on July’s figures.
These contain two RCE bugs in the Windows Level-to-Position Tunneling Protocol which have a CVSS score of 9.8: CVE-2022-30133 and CVE-2022-35744.
“These vulnerabilities allow a network attack that does not demand any motion from the consumer. The attack is exploited on port 1723, triggering remote execution of destructive code,” explained Action1 co-founder, Mike Walters.
“If you have a Windows Server-based distant entry server (RAS) tunnel functioning on this port, you should really adjust it to a less common port. But be mindful or it will induce your tunnels to fall short to link appropriately. Do it correctly on each sides.”
Some pieces of this article are sourced from: