Patchday: Microsoft seals zero-day vulnerability and 120 other security leaks

Administrators and users have a lot to do on Microsoft’s August patch day: the manufacturer is providing bug fixes for 121 security vulnerabilities. One of the vulnerabilities is already being attacked by cybercriminals, so it is a zero-day vulnerability. Microsoft classifies a total of 17 security-related errors as a critical risk.

The zero-day vulnerability can once again be found in the Microsoft Windows Support Diagnostic Tool MSDT. The company explains that attackers could use manipulated emails or prepared websites to send potential victims files that exploit the error to compromise the computer. Victims would have to open the file via e-mail, on the web server, according to Microsoft’s explanation, visiting the website is sufficient (CVE-2022-34713, CVSS 7.8risk “high“). It is a variant of the MSDT gaps, also known as a dogwalk.

worm potential

A gap in the Windows Point-to-Point Protocol (PPP) also stands out. Microsoft describes that attackers from the network could exploit the vulnerability without authentication and without user interaction – so the vulnerability has worm potential. It is sufficient to send a prepared connection request to the RAS server. Especially if the port is accessible from the Internet, administrators should quickly install the patch (CVE-2022-30133, CVSS 9.8risk “critical“).

Details of a vulnerability in Exchange that could allow attackers to obtain information are already publicly available (CVE-2022-30134, CVSS 7.6, high). In the mail server, Microsoft seals another five vulnerabilities, three of which are critical. Because Exchange vulnerabilities have been heavily targeted by cybercriminals in the past, Microsoft estimates three vulnerabilities – allowing escalation of privileges – as likely to be exploited.

The gaps are spread across many of the company’s products. 44 of the vulnerabilities relate to the Azure portfolio of cloud services. Microsoft’s list is quite extensive. Patches will be available in August for

• .NET Core
• Active Directory Domain Services
• Azure Batch node agent
• Azure real-time operating system
• Azure Site Recovery
• AzureSphere
• Microsoft ATA port driver
• Microsoft Bluetooth driver
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• MicrosoftOffice
• Microsoft Office Excel
• Microsoft Office Outlook
• Microsoft Windows Support Diagnostic Tool (MSDT)
• Remote Access Service Point-to-Point Tunneling Protocol
• Role: Windows Fax Service
• Role: Windows Hyper-V
• System Center Operations Manager
• VisualStudio
• Windows Bluetooth service
• Windows Canonical display driver
• Windows Cloud Files Mini Filter Driver
• Windows Defender Credential Guard
• Windows digital media
• Windows Error Reporting
• Windows Hello
• Windows Internet Information Services
• Windows Kerberos
• Windows kernel
• Windows Local Security Authority (LSA)
• Windows Network File System
• Windows partition management driver
• Windows Point-to-Point Tunneling Protocol
• Windows printer spooler components
• Windows Secure Boot
• Windows Secure Socket Tunneling Protocol (SSTP)
• Windows Storage Spaces Direct
• Windows Unified Write Filter
• Windows WebBrowser control
• WindowsWin32K

Administrators should apply the updates as soon as possible, especially given that a vulnerability is already being actively attacked. In addition, the security gaps classified as critical pose a threat to computer and network security.