Microsoft Patch Tuesday – August 2022

This month, Microsoft has fixed 121 vulnerabilities, including 17 criticals and 2 zero-days.

CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

This is the first zero-day and is jokingly known as DogWalk and is slightly similar to Follina from June 2022. To get affected, the user must open a “diagcab” file, a Cabinet (CAB) file format archive that contains a diagnostic configuration file. It will allow saving a malicious executable file in the user’s autostart folder and executing it the next time the user logs on. The funny thing is this vulnerability was reported to Microsoft in January 2020, but Microsoft decided not to fix it after deeming it not to be a security vulnerability.

CVE-2022-30134 & CVE-2022-21980 & CVE-2022-24477 & CVE-2022-24516 – Microsoft Exchange Server Elevation of Privilege Vulnerability

This is the set of 1 zero-day (CVE-2022-30134) as it’s publicly disclosed and 3 criticals. These bugs could allow an authenticated attacker to take over the mailboxes of any Exchange user. Then the attacker can send emails, read emails, and download attachments from any mailbox on the Exchange server. To fully address these vulnerabilities, Extended Protection has to be enabled as well.

CVE-2022-30133 & CVE-2022-35744 – Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

These highly rated (9.8) bugs could allow an unauthenticated attacker to remote code execution on the Remote Access Server (RAS) machine by sending a specially crafted connection request to a RAS server. Only port 1723 can be used for exploitation, so blocking traffic on that one might be a workaround.

Also CVE-2022-34702 & CVE-2022-34714 & CVE-2022-35745 & CVE-2022-35752 & CVE-2022-35753 & CVE-2022-35766 & CVE-2022-35767 & CVE-2022-35794 (all Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability) are quite simillar, and also marked as critical.

CVE-2022-34691 – Active Directory Domain Services Elevation of Privilege Vulnerability

It’s similar to CVE-2022-26923 from May 2022, so again – an attacker can obtain a certificate that allows authenticating to a domain controller with a high level of privilege – any domain user can become a domain admin if Active Directory Certificate Services is running on the domain (a quite common configuration). The complexity of the attack is still low, so in my opinion, we might observe that one in a wild.

CVE-2022-35804 – SMB Client and Server Remote Code Execution Vulnerability

A remote, unauthenticated attacker can execute code with elevated privileges on affected SMB servers by using this vulnerability. This bug only affects Windows 11. Blocking TCP traffic on port 445 or disabling SMBv3 compression might be a workaround.

#disable SMBv3 compression - client
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" DisableCompression -Type DWORD -Value 1 -Force

#disable SMBv3 compression - server
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

No reboot is needed after making the change.

CVE-2022-34696 – Windows Hyper-V Remote Code Execution Vulnerability

This bug could allow an authenticated attacker to trigger malicious code in the context of that user to attempt an arbitrary or remote code execution on the Hyper-V host. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host, so if you have it in your environment, consider patching that one.

CVE-2022-33646 – Azure Batch Node Agent Remote Code Execution Vulnerability

This bug exists in your environment when you using Batch Agent in version 1.9.24 or earlier (version 1.9.27 or later is fine). Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability, so the complexity is high. To update the Batch Agent to the latest version, you need to resize your pools to zero or recreate your pool.

Summary

Below you can see the most important CVEs released by Microsoft for August 2022 (zero-days, criticals, and with CVSS at least 8.0). Besides the vulnerabilities already mentioned, you can find also some info about bugs in e.g. NFS, Edge, and Visual Studio. It might be a quite busy week for those of you who have to patch all of these.

CVE NumberCVE TitleSeverity (CVSS score)Attack VectorAttack ComplexityPrivileges RequiredUser interactionExploit Code MaturityApplicable for
CVE-2022-34713Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityImportant (7.8)LocalLowNoneRequiredExploitedWindows 7+
Server 2008 R2+
CVE-2022-30134Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant (7.6)NetworkLowLowNonePublicly DisclosedExchange Server 2013+
CVE-2022-21980Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical (8.0)NetworkLowLowRequiredUnprovenExchange Server 2013+
CVE-2022-24477Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical (8.0)NetworkLowLowRequiredUnprovenExchange Server 2013+
CVE-2022-24516Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical (8.0)NetworkLowLowRequiredUnprovenExchange Server 2013+
CVE-2022-30133Windows Point-to-Point Protocol (PPP) Remote Code Execution VulnerabilityCritical (9.8)NetworkLowNoneNoneUnprovenWindows 7+
Server 2008+
CVE-2022-35744Windows Point-to-Point Protocol (PPP) Remote Code Execution VulnerabilityCritical (9.8)NetworkLowNoneNoneUnprovenWindows 7+
Server 2008+
CVE-2022-34691Active Directory Domain Services Elevation of Privilege VulnerabilityCritical (8.8)NetworkLowLowNoneUnprovenWindows 7+
Server 2008+
CVE-2022-35804SMB Client and Server Remote Code Execution VulnerabilityCritical (8.8)NetworkLowNoneRequiredUnprovenWindows 11
CVE-2022-34702Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityImportant (8.4)LocalLowLowNoneUnprovenWindows 8.1+
Server 2012+
CVE-2022-34714Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 7+
Server 2008+
CVE-2022-35745Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 7+
Server 2008+
CVE-2022-35752Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 7+
Server 2008+
CVE-2022-35753Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 7+
Server 2008+
CVE-2022-35766Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 10+
Server 2019+
CVE-2022-35767Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 7+
Server 2008+
CVE-2022-35794Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 10+
Server 2019+
CVE-2022-34696Windows Hyper-V Remote Code Execution VulnerabilityCritical (7.8)LocalHighLowNoneUnprovenWindows 8.1+
Server 2012 R2+
CVE-2022-33646Azure Batch Node Agent Remote Code Execution VulnerabilityCritical (7.0)LocalHighLowNonePoCBatch Agent 1.9.24-
CVE-2022-34715Windows Network File System Remote Code Execution Vulnerability Important (9.8)NetworkLowNoneNoneUnprovenServer 2022
CVE-2022-33649Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityImportant (9.6)NetworkLowNoneRequiredUnprovenEdge 103.0.1264.71-
CVE-2022-34717Microsoft Office Remote Code Execution VulnerabilityImportant (8.8)NetworkLowNoneRequiredUnprovenOffice 2013+
Office LTSC 2021
Office 365
CVE-2022-35777Visual Studio Remote Code Execution VulnerabilityImportant (8.8)NetworkLowNoneRequiredPoCVisual Studio 2012+
CVE-2022-35825Visual Studio Remote Code Execution VulnerabilityImportant (8.8)NetworkLowNoneRequiredPoCVisual Studio 2012+
CVE-2022-35826Visual Studio Remote Code Execution VulnerabilityImportant (8.8)NetworkLowNoneRequiredPoCVisual Studio 2012+
CVE-2022-35827Visual Studio Remote Code Execution VulnerabilityImportant (8.8)NetworkLowNoneRequiredPoCVisual Studio 2012+
CVE-2022-35761Windows Kernel Elevation of Privilege VulnerabilityImportant (8.4)LocalLowNoneNoneUnprovenWindows 10+
Server 2016+
CVE-2022-35802Azure Site Recovery Elevation of Privilege VulnerabilityImportant (8.1)NetworkLowLowNoneUnprovenAzure Site Recovery
VMWare to Azure 9.49-

2 thoughts on “Microsoft Patch Tuesday – August 2022”

  1. Pingback: Microsoft Patch Tuesday – October 2022 - IT Constructors

  2. Pingback: Microsoft Patch Tuesday – January 2023 - IT Constructors

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top