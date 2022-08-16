121 vulnerabilities were found in ’s large product portfolio for the August patch day. One of them is already being abused by cybercriminals.

Administrators and users have a lot to do on Microsoft’s August patch day: the manufacturer is providing bug fixes for 121 security vulnerabilities. One of the vulnerabilities is already being attacked by cybercriminals, so it is a zero-day vulnerability. Microsoft classifies a total of 17 security-related errors as a critical risk.

The zero-day vulnerability can once again be found in the Microsoft Windows Support Diagnostic Tool MSDT. The company explains that attackers could use manipulated emails or prepared websites to send potential victims files that exploit the error to compromise the computer. Victims would have to open the file via e-mail, on the web server, according to Microsoft’s explanation, visiting the website is sufficient (CVE-2022-34713, CVSS 7.8risk “high“). It is a variant of the MSDT gaps, also known as a dogwalk.

worm potential

A gap in the Windows Point-to-Point Protocol (PPP) also stands out. Microsoft describes that attackers from the network could exploit the vulnerability without authentication and without user interaction – so the vulnerability has worm potential. It is sufficient to send a prepared connection request to the RAS server. Especially if the port is accessible from the Internet, administrators should quickly install the patch (CVE-2022-30133, CVSS 9.8risk “critical“).

Details of a vulnerability in Exchange that could allow attackers to obtain information are already publicly available (CVE-2022-30134, CVSS 7.6, high). In the mail server, Microsoft seals an five vulnerabilities, three of which are critical. Because Exchange vulnerabilities have been heavily targeted by cybercriminals in the past, Microsoft estimates three vulnerabilities – allowing escalation of privileges – as likely to be exploited.

The gaps are spread across many of the company’s products. 44 of the vulnerabilities relate to the Azure portfolio of cloud services. Microsoft’s list is quite extensive. Patches will be available in August for

.NET Core

Active Directory Domain Services

Azure Batch node agent

Azure real-time operating system

Azure Site Recovery

AzureSphere

Microsoft ATA port driver

Microsoft Bluetooth driver

Microsoft Edge (Chromium-based)

Microsoft Exchange Server

MicrosoftOffice

Microsoft Office Excel

Microsoft Office Outlook

Microsoft Windows Support Diagnostic Tool (MSDT)

Remote Access Service Point-to-Point Tunneling Protocol

Role: Windows Fax Service

Role: Windows Hyper-V

System Center Operations Manager

VisualStudio

Windows Bluetooth service

Windows Canonical display driver

Windows Cloud Files Mini Filter Driver

Windows Defender Credential Guard

Windows digital media

Windows Error Reporting

Windows Hello

Windows Internet Information Services

Windows Kerberos

Windows kernel

Windows Local Security Authority (LSA)

Windows Network File System

Windows partition management driver

Windows Point-to-Point Tunneling Protocol

Windows printer spooler components

Windows Secure Boot

Windows Secure Socket Tunneling Protocol (SSTP)

Windows Storage Spaces Direct

Windows Unified Write Filter

Windows WebBrowser control

WindowsWin32K

Administrators should apply the updates as soon as possible, especially given that a vulnerability is already being actively attacked. In addition, the security gaps classified as critical pose a threat to computer and network security.

