High Threat Security Alert (A22-08-06): Multiple Vulnerabilities in Microsoft Products (August 2022)


 

Published on: 10 August 2022

  
  

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug

Reports indicated that a remote code execution vulnerability (CVE-2022-34713) in Microsoft Windows and Server is being actively exploited in the wild and an information disclosure vulnerability (CVE-2022-30134) in Microsoft Exchange Server is at a high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Microsoft Windows 7, 8.1, RT 8.1, 10, 11
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022
  • Microsoft Windows Server, version 20H2
  • Microsoft Office 2013, 2013 RT, 2016, 2019, LTSC 2021
  • Microsoft Office Online Server
  • Microsoft Excel 2013, 2013 RT, 2016
  • Microsoft Outlook 2013, 2013 RT, 2016
  • Microsoft 365 Apps for Enterprise
  • Microsoft Exchange Server 2013, 2016, 2019
  • Microsoft Visual Studio 2012, 2013, 2015, 2017, 2019, 2022
  • System Center Operations Manager (SCOM) 2016, 2019, 2022
  • .NET 6.0
  • .NET Core 3.1
  • Azure Batch
  • Azure Real Time Operating System GUIX Studio
  • Azure Site Recovery VMWare to Azure
  • Azure Sphere
  • Open Management Infrastructure

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security feature bypass and spoofing.

 

Recommendation:

Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug
  • https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-august-2022
  • https://www.cisa.gov/uscert/ncas/current-activity/2022/08/09/microsoft-releases-august-2022-security-updates
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21979 (to CVE-2022-21980)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24477
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24516
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30133 (to CVE-2022-30134)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30144
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30175 (to CVE-2022-30176)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30194
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30197
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33631
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33640
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33646
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33648
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33670
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34301 (to CVE-2022-34303)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34685 (to CVE-2022-34687)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34690 (to CVE-2022-34692)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34696
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34699
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34701 (to CVE-2022-34710)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34712 (to CVE-2022-34717)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35742 (to CVE-2022-35769)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35771 (to CVE-2022-35777)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35779 (to CVE-2022-35795)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35797
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35799 (to CVE-2022-35802)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35804
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35806 (to CVE-2022-35821)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35824 (to CVE-2022-35827)


Tag: Microsoft , Windows , Windows Server , Microsoft Office , Office Online Server , Excel , Outlook , Microsoft 365 Apps , Exchange Server , Visual Studio , System Center , .NET , .NET Core , Azure Batch , Azure RTOS GUIX Studio , Azure Site Recovery , Azure Sphere , Open Management Infrastructure
Tags