Service Notices

All Notices > Security Notices > Microsoft Releases August 2022 Security Updates

Microsoft Releases August 2022 Security Updates

Aug 12, 2022 GMT+08:00

I. Overview

Microsoft has released its August 2022 security updates. A total of 121 security vulnerabilities have been disclosed, among which 17 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to perform remote code execution, escalate privileges, and leak sensitive information. The affected applications include Microsoft Windows, Microsoft Office, Microsoft Exchange Server, and Microsoft Visual Studio.

For details, visit Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug

The following vulnerabilities have been exploited by attackers:

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-34713): A 0 day vulnerability code named DogWalk. To exploit this vulnerability, an attacker may send a specially crafted file to a user and trick the user into opening the file. Then, the attacker can execute arbitrary code on the target host. The vulnerability details have been disclosed and the vulnerability has been exploited in the wild. The risk is high.

Microsoft Exchange Information Disclosure Vulnerability (CVE-2022-30134): A 0 day vulnerability. An attacker can exploit this vulnerability to read target email messages. The details of the vulnerability have been disclosed. The vulnerability has not been exploited in the wild yet.

20 vulnerabilities (such as CVE-2022-24477, CVE-2022-24516, and CVE-2022-21980) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Microsoft Exchange Server, Microsoft Visual Studio

IV. Vulnerability Details

CVE No.

Vulnerability

Severity

Affected Product

CVE-2022-34691

Active Directory Domain Services Elevation of Privilege Vulnerability

Important

Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows 11, Windows Server 2008/2008R/2012/2012R/2016/2019/2022, Windows Server version 20H2

CVE-2022-35767

CVE-2022-35752

CVE-2022-35745

CVE-2022-35753

CVE-2022-34714

CVE-2022-34702

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Important

Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows 11, Windows Server 2008/2008R/2012/2012R/2016/2019/2022, Windows Server version 20H2

CVE-2022-35766

CVE-2022-35794

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Important

Windows 10, Windows 11, Windows Server 2019/2022, Windows Server, version 20H2

CVE-2022-35744

CVE-2022-30133

Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

Important

Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows 11, Windows Server 2008/2008R/2012/2012R/2016/2019/2022, Windows Server version 20H2

CVE-2022-35804

SMB Client and Server Remote Code Execution Vulnerability

Important

Windows 11

CVE-2022-34696

Windows Hyper-V Remote Code Execution Vulnerability

Important

Windows 10, Windows 8.1, Windows 11, Windows Server 2012R/2016/2019/2022, Windows Server version 20H2

CVE-2022-33646

Azure Batch Node Agent Elevation of Privilege Vulnerability

Important

Azure Batch

CVE-2022-24477

CVE-2022-24516

CVE-2022-21980

Microsoft Exchange Server Elevation of Privilege Vulnerability

Important

Microsoft Exchange Server 2013/2016/2019

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.