This month, Microsoft has fixed 121 vulnerabilities, including 17 criticals and 2 zero-days.
CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
This is the first zero-day and is jokingly known as DogWalk and is slightly similar to Follina from June 2022. To get affected, the user must open a “diagcab” file, a Cabinet (CAB) file format archive that contains a diagnostic configuration file. It will allow saving a malicious executable file in the user’s autostart folder and executing it the next time the user logs on. The funny thing is this vulnerability was reported to Microsoft in January 2020, but Microsoft decided not to fix it after deeming it not to be a security vulnerability.
CVE-2022-30134 & CVE-2022-21980 & CVE-2022-24477 & CVE-2022-24516 – Microsoft Exchange Server Elevation of Privilege Vulnerability
This is the set of 1 zero-day (CVE-2022-30134) as it’s publicly disclosed and 3 criticals. These bugs could allow an authenticated attacker to take over the mailboxes of any Exchange user. Then the attacker can send emails, read emails, and download attachments from any mailbox on the Exchange server. To fully address these vulnerabilities, Extended Protection has to be enabled as well.
CVE-2022-30133 & CVE-2022-35744 – Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
These highly rated (9.8) bugs could allow an unauthenticated attacker to remote code execution on the Remote Access Server (RAS) machine by sending a specially crafted connection request to a RAS server. Only port 1723 can be used for exploitation, so blocking traffic on that one might be a workaround.
Also CVE-2022-34702 & CVE-2022-34714 & CVE-2022-35745 & CVE-2022-35752 & CVE-2022-35753 & CVE-2022-35766 & CVE-2022-35767 & CVE-2022-35794 (all Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability) are quite simillar, and also marked as critical.
CVE-2022-34691 – Active Directory Domain Services Elevation of Privilege Vulnerability
It’s similar to CVE-2022-26923 from May 2022, so again – an attacker can obtain a certificate that allows authenticating to a domain controller with a high level of privilege – any domain user can become a domain admin if Active Directory Certificate Services is running on the domain (a quite common configuration). The complexity of the attack is still low, so in my opinion, we might observe that one in a wild.
CVE-2022-35804 – SMB Client and Server Remote Code Execution Vulnerability
A remote, unauthenticated attacker can execute code with elevated privileges on affected SMB servers by using this vulnerability. This bug only affects Windows 11. Blocking TCP traffic on port 445 or disabling SMBv3 compression might be a workaround.
#disable SMBv3 compression - client
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" DisableCompression -Type DWORD -Value 1 -Force
#disable SMBv3 compression - server
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -ForceNo reboot is needed after making the change.
CVE-2022-34696 – Windows Hyper-V Remote Code Execution Vulnerability
This bug could allow an authenticated attacker to trigger malicious code in the context of that user to attempt an arbitrary or remote code execution on the Hyper-V host. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host, so if you have it in your environment, consider patching that one.
CVE-2022-33646 – Azure Batch Node Agent Remote Code Execution Vulnerability
This bug exists in your environment when you using Batch Agent in version 1.9.24 or earlier (version 1.9.27 or later is fine). Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability, so the complexity is high. To update the Batch Agent to the latest version, you need to resize your pools to zero or recreate your pool.
Summary
Below you can see the most important CVEs released by Microsoft for August 2022 (zero-days, criticals, and with CVSS at least 8.0). Besides the vulnerabilities already mentioned, you can find also some info about bugs in e.g. NFS, Edge, and Visual Studio. It might be a quite busy week for those of you who have to patch all of these.
| CVE Number | CVE Title | Severity (CVSS score) | Attack Vector | Attack Complexity | Privileges Required | User interaction | Exploit Code Maturity | Applicable for |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-34713 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | Important (7.8) | Local | Low | None | Required | Exploited | Windows 7+ Server 2008 R2+ |
| CVE-2022-30134 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important (7.6) | Network | Low | Low | None | Publicly Disclosed | Exchange Server 2013+ |
| CVE-2022-21980 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical (8.0) | Network | Low | Low | Required | Unproven | Exchange Server 2013+ |
| CVE-2022-24477 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical (8.0) | Network | Low | Low | Required | Unproven | Exchange Server 2013+ |
| CVE-2022-24516 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical (8.0) | Network | Low | Low | Required | Unproven | Exchange Server 2013+ |
| CVE-2022-30133 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | Critical (9.8) | Network | Low | None | None | Unproven | Windows 7+ Server 2008+ |
| CVE-2022-35744 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | Critical (9.8) | Network | Low | None | None | Unproven | Windows 7+ Server 2008+ |
| CVE-2022-34691 | Active Directory Domain Services Elevation of Privilege Vulnerability | Critical (8.8) | Network | Low | Low | None | Unproven | Windows 7+ Server 2008+ |
| CVE-2022-35804 | SMB Client and Server Remote Code Execution Vulnerability | Critical (8.8) | Network | Low | None | Required | Unproven | Windows 11 |
| CVE-2022-34702 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Important (8.4) | Local | Low | Low | None | Unproven | Windows 8.1+ Server 2012+ |
| CVE-2022-34714 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 7+ Server 2008+ |
| CVE-2022-35745 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 7+ Server 2008+ |
| CVE-2022-35752 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 7+ Server 2008+ |
| CVE-2022-35753 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 7+ Server 2008+ |
| CVE-2022-35766 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 10+ Server 2019+ |
| CVE-2022-35767 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 7+ Server 2008+ |
| CVE-2022-35794 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 10+ Server 2019+ |
| CVE-2022-34696 | Windows Hyper-V Remote Code Execution Vulnerability | Critical (7.8) | Local | High | Low | None | Unproven | Windows 8.1+ Server 2012 R2+ |
| CVE-2022-33646 | Azure Batch Node Agent Remote Code Execution Vulnerability | Critical (7.0) | Local | High | Low | None | PoC | Batch Agent 1.9.24- |
| CVE-2022-34715 | Windows Network File System Remote Code Execution Vulnerability | Important (9.8) | Network | Low | None | None | Unproven | Server 2022 |
| CVE-2022-33649 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Important (9.6) | Network | Low | None | Required | Unproven | Edge 103.0.1264.71- |
| CVE-2022-34717 | Microsoft Office Remote Code Execution Vulnerability | Important (8.8) | Network | Low | None | Required | Unproven | Office 2013+ Office LTSC 2021 Office 365 |
| CVE-2022-35777 | Visual Studio Remote Code Execution Vulnerability | Important (8.8) | Network | Low | None | Required | PoC | Visual Studio 2012+ |
| CVE-2022-35825 | Visual Studio Remote Code Execution Vulnerability | Important (8.8) | Network | Low | None | Required | PoC | Visual Studio 2012+ |
| CVE-2022-35826 | Visual Studio Remote Code Execution Vulnerability | Important (8.8) | Network | Low | None | Required | PoC | Visual Studio 2012+ |
| CVE-2022-35827 | Visual Studio Remote Code Execution Vulnerability | Important (8.8) | Network | Low | None | Required | PoC | Visual Studio 2012+ |
| CVE-2022-35761 | Windows Kernel Elevation of Privilege Vulnerability | Important (8.4) | Local | Low | None | None | Unproven | Windows 10+ Server 2016+ |
| CVE-2022-35802 | Azure Site Recovery Elevation of Privilege Vulnerability | Important (8.1) | Network | Low | Low | None | Unproven | Azure Site Recovery VMWare to Azure 9.49- |
- Microsoft Patch Tuesday – January 2024 - January 10, 2024
- Microsoft Patch Tuesday – November 2023 - November 15, 2023
- Microsoft Patch Tuesday – October 2023 - October 11, 2023
Pingback: Microsoft Patch Tuesday – October 2022 - IT Constructors
Pingback: Microsoft Patch Tuesday – January 2023 - IT Constructors