May 29, 2023

Microsoft patched 118 CVEs in its August 2022 Patch Tuesday release, with 17 rated as critical and 101 rated as important. Including two zero day fixes.

Patch categories

  • 64 Elevation of Privilege Vulnerabilities
  • 6 Security Feature Bypass Vulnerabilities
  • 31 Remote Code Execution Vulnerabilities
  • 12 Information Disclosure Vulnerabilities
  • 7 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability

This month’s update includes patches for:

  • .NET Core
  • Active Directory Domain Services
  • Azure Batch Node Agent
  • Azure Real Time Operating System
  • Azure Site Recovery
  • Azure Sphere
  • Microsoft ATA Port Driver
  • Microsoft Bluetooth Driver
  • Microsoft Chromium Edge
  • Microsoft Exchange Server
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Windows Support Diagnostic Tool
  • Remote Access Service Point-to-Point Tunneling Protocol
  • Role: Windows Fax Service
  • Role: Windows Hyper-V
  • System Center Operations Manager
  • Visual Studio
  • Windows Bluetooth Service
  • Windows Canonical Display Driver
  • Windows Cloud Files Mini Filter Driver
  • Windows Defender Credential Guard
  • Windows Digital Media
  • Windows Error Reporting
  • Windows Hello
  • Windows Internet Information Services
  • Windows Kerberos
  • Windows Kernel
  • Windows Local Security Authority
  • Windows Network File System
  • Windows Partition Management Driver
  • Windows Point-to-Point Tunneling Protocol
  • Windows Print Spooler Components
  • Windows Secure Boot
  • Windows Secure Socket Tunneling Protocol
  • Windows Storage Spaces Direct
  • Windows Unified Write Filter
  • Windows Web Browser Control
  • Windows Win32K
Advertisements

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerabilities

CVE-2022-34713 and CVE-2022-35743 are RCE vulnerabilities in the Microsoft Windows Support Diagnostic Tool (MSDT) for troubleshooting. Both CVEs received a CVSS score of 7.8 and are rated important.

CVE-2022-34713 first disclosed the flaw in January 2020. At the time, Microsoft chose not to patch the flaw. However, following renewed interest in MSDT spurred by the discovery and exploitation of CVE-2022-30190, Microsoft patched the flaw this month.

Microsoft Exchange Server Elevation of Privilege Vulnerabilities

CVE-2022-21980, CVE-2022-24516 andCVE-2022-24477 are EoP vulnerabilities in Microsoft Exchange Server. All three received a CVSSv3 score of 8.0 and were rated Exploitation More Likely.

All three vulnerabilities require authentication and user interaction to exploit — an attacker would need to entice a target to visit a specially crafted Exchange server, likely through phishing. Microsoft also notes that Extended Protection needs to be enabled to fully mitigate these vulnerabilities.

Windows Print Spooler Elevation of Privilege Vulnerabilities

CVE-2022-35755 andCVE-2022-35793 are EoP vulnerabilities in Windows Print Spooler Components that both received a CVSSv3 score of 7.3 and were rated Exploitation More Likely. Tracing back to the original PrintNightmare (CVE-2021-34527). CVE-2022-35755 can be exploited using a specially crafted “input file,” while exploitation of CVE-2022-35793 requires a user to click on a specially crafted URL. Both would give the attacker SYSTEM privileges.

Advertisements

SMB Client and Server Remote Code Execution Vulnerability

CVE-2022-35804 is an RCE vulnerability affecting both the Server Message Block (SMB) client and server on Windows 11 systems using Microsoft SMB 3.1.1 (SMBv3). Microsoft rated this as Exploitation More Likely and assigned an 8.8 CVSSV3 score.

This vulnerability is reminiscent of past SMB vulnerabilities such as the EternalBlue SMBv1 flaw patched in MS17-010 in March of 2017 that was exploited as part of the WannaCry incident in addition to the more recent CVE-2020-0796 “EternalDarkness” RCE flaw in SMB 3.1.1.

Both vulnerabilities can be mitigated by disabling the Print Spooler service, but CVE-2022-35793 can also be mitigated by disabling inbound remote printing via Group Policy.

Active Directory Domain Services Elevation of Privilege Vulnerability

CVE-2022-34691 is an EoP vulnerability affecting Active Directory Domain Services. With an 8.8 CVSSv3 score, this vulnerability could be exploited by an authenticated attacker to manipulate attributes of accounts and possibly acquire a certificate from Active Directory Certificate Services. This certificate would allow the attacker to elevate their privileges. The advisory notes that exploitation is only possible when Active Directory Certificate Services is running on the domain.

Windows Secure Socket Tunneling Protocol (SSTP) RCE Vulnerability

This vulnerability has a CVSSv3 score of 8.1 and rated exploitation less likely.

Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to RCE on the RAS server machine.

Windows Point-to-Point Protocol RCE Vulnerability

This vulnerability tracked as CVE-2022-30133, CVE-2022-35744  has a CVSSv3 score of 9.8 and is rated as exploitation likely.

This vulnerability can only be exploited by communicating via Port 1723. As a temporary workaround prior to installing the updates that address this vulnerability, you can block traffic through that port thus rendering the vulnerability unexploitable.

Warning: Disabling Port 1723 could affect communications over your network.

Advertisements

Elevation of Privilege Vulnerabilities in Azure Site Recovery

Azure Site Recovery, a suite of tools used for disaster recovery, had a significant number of CVEs patched in this month’s release, including 31 EoP vulnerabilities and  CVSS scores ranging from 4.4 to 8.1, and all the flaws were rated as Important and “Exploitation Less Likely.”

Microsoft Chromium Edge Security Feature Bypass Vulnerability

Tracked as CVE-2022-33649, vulnerability has a CVSSv3.1 score of 9.6 and is rated as exploitation less likely.

An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases, an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to act, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.

Microsoft Chromium Edge RCE Vulnerability

This vulnerability was tracked as CVE-2022-33636, CVE-2022-35796 with a CVSSv3 score of 8.3 and rated exploitation less likely

An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to act, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.

Windows Server 20H2 End of Support

Windows Server, version 20H2 has now reached its end of service and will no longer receive security updates. A Tenable plugin to identify systems using this version of Windows server will be released soon and we will update this post with the plugin ID once it is available.

Advertisements
CVE IDTagSeverity
CVE-2022-34716.NET CoreImportant
CVE-2022-34691Active Directory Domain ServicesCritical
CVE-2022-33646Azure Batch Node AgentCritical
CVE-2022-34685Azure Real Time Operating SystemImportant
CVE-2022-34686Azure Real Time Operating SystemImportant
CVE-2022-35773Azure Real Time Operating SystemImportant
CVE-2022-35779Azure Real Time Operating SystemImportant
CVE-2022-35806Azure Real Time Operating SystemImportant
CVE-2022-34687Azure Real Time Operating SystemImportant
CVE-2022-30176Azure Real Time Operating SystemImportant
CVE-2022-30175Azure Real Time Operating SystemImportant
CVE-2022-35791Azure Site RecoveryImportant
CVE-2022-35818Azure Site RecoveryImportant
CVE-2022-35809Azure Site RecoveryImportant
CVE-2022-35789Azure Site RecoveryImportant
CVE-2022-35815Azure Site RecoveryImportant
CVE-2022-35817Azure Site RecoveryImportant
CVE-2022-35816Azure Site RecoveryImportant
CVE-2022-35814Azure Site RecoveryImportant
CVE-2022-35785Azure Site RecoveryImportant
CVE-2022-35812Azure Site RecoveryImportant
CVE-2022-35811Azure Site RecoveryImportant
CVE-2022-35784Azure Site RecoveryImportant
CVE-2022-35810Azure Site RecoveryImportant
CVE-2022-35813Azure Site RecoveryImportant
CVE-2022-35788Azure Site RecoveryImportant
CVE-2022-35783Azure Site RecoveryImportant
CVE-2022-35786Azure Site RecoveryImportant
CVE-2022-35787Azure Site RecoveryImportant
CVE-2022-35819Azure Site RecoveryImportant
CVE-2022-35781Azure Site RecoveryImportant
CVE-2022-35775Azure Site RecoveryImportant
CVE-2022-35790Azure Site RecoveryImportant
CVE-2022-35780Azure Site RecoveryImportant
CVE-2022-35799Azure Site RecoveryImportant
CVE-2022-35772Azure Site RecoveryImportant
CVE-2022-35800Azure Site RecoveryImportant
CVE-2022-35774Azure Site RecoveryImportant
CVE-2022-35802Azure Site RecoveryImportant
CVE-2022-35782Azure Site RecoveryImportant
CVE-2022-35824Azure Site RecoveryImportant
CVE-2022-35801Azure Site RecoveryImportant
CVE-2022-35808Azure Site RecoveryImportant
CVE-2022-35776Azure Site RecoveryImportant
CVE-2022-35807Azure Site RecoveryImportant
CVE-2022-35821Azure SphereImportant
CVE-2022-35760Microsoft ATA Port DriverImportant
CVE-2022-35820Microsoft Bluetooth DriverImportant
CVE-2022-35796Microsoft Edge (Chromium-based)Low
CVE-2022-33649Microsoft Edge (Chromium-based)Important
CVE-2022-2618Microsoft Edge (Chromium-based)Unknown
CVE-2022-2616Microsoft Edge (Chromium-based)Unknown
CVE-2022-2617Microsoft Edge (Chromium-based)Unknown
CVE-2022-2619Microsoft Edge (Chromium-based)Unknown
CVE-2022-2622Microsoft Edge (Chromium-based)Unknown
CVE-2022-2623Microsoft Edge (Chromium-based)Unknown
CVE-2022-33636Microsoft Edge (Chromium-based)Moderate
CVE-2022-2621Microsoft Edge (Chromium-based)Unknown
CVE-2022-2615Microsoft Edge (Chromium-based)Unknown
CVE-2022-2604Microsoft Edge (Chromium-based)Unknown
CVE-2022-2605Microsoft Edge (Chromium-based)Unknown
CVE-2022-2624Microsoft Edge (Chromium-based)Unknown
CVE-2022-2603Microsoft Edge (Chromium-based)Unknown
CVE-2022-2606Microsoft Edge (Chromium-based)Unknown
CVE-2022-2612Microsoft Edge (Chromium-based)Unknown
CVE-2022-2614Microsoft Edge (Chromium-based)Unknown
CVE-2022-2610Microsoft Edge (Chromium-based)Unknown
CVE-2022-2611Microsoft Edge (Chromium-based)Unknown
CVE-2022-34692Microsoft Exchange ServerImportant
CVE-2022-21980Microsoft Exchange ServerCritical
CVE-2022-21979Microsoft Exchange ServerImportant
CVE-2022-24516Microsoft Exchange ServerCritical
CVE-2022-30134Microsoft Exchange ServerImportant
CVE-2022-24477Microsoft Exchange ServerCritical
CVE-2022-34717Microsoft OfficeImportant
CVE-2022-33648Microsoft Office ExcelImportant
CVE-2022-33631Microsoft Office ExcelImportant
CVE-2022-35742Microsoft Office OutlookImportant
CVE-2022-34713Microsoft Windows Support Diagnostic Tool (MSDT)Important
CVE-2022-35743Microsoft Windows Support Diagnostic Tool (MSDT)Important
CVE-2022-35752Remote Access Service Point-to-Point Tunneling ProtocolCritical
CVE-2022-35753Remote Access Service Point-to-Point Tunneling ProtocolCritical
CVE-2022-35769Remote Access Service Point-to-Point Tunneling ProtocolImportant
CVE-2022-34690Role: Windows Fax ServiceImportant
CVE-2022-34696Role: Windows Hyper-VCritical
CVE-2022-35751Role: Windows Hyper-VImportant
CVE-2022-33640System Center Operations ManagerImportant
CVE-2022-35827Visual StudioImportant
CVE-2022-35777Visual StudioImportant
CVE-2022-35825Visual StudioImportant
CVE-2022-35826Visual StudioImportant
CVE-2022-30144Windows Bluetooth ServiceImportant
CVE-2022-35750Windows Canonical Display DriverImportant
CVE-2022-35757Windows Cloud Files Mini Filter DriverImportant
CVE-2022-35771Windows Defender Credential GuardImportant
CVE-2022-34705Windows Defender Credential GuardImportant
CVE-2022-34710Windows Defender Credential GuardImportant
CVE-2022-34709Windows Defender Credential GuardImportant
CVE-2022-34704Windows Defender Credential GuardImportant
CVE-2022-34712Windows Defender Credential GuardImportant
CVE-2022-35746Windows Digital MediaImportant
CVE-2022-35749Windows Digital MediaImportant
CVE-2022-35795Windows Error ReportingImportant
CVE-2022-35797Windows HelloImportant
CVE-2022-35748Windows Internet Information ServicesImportant
CVE-2022-35756Windows KerberosImportant
CVE-2022-35761Windows KernelImportant
CVE-2022-35768Windows KernelImportant
CVE-2022-34708Windows KernelImportant
CVE-2022-34707Windows KernelImportant
CVE-2022-35804Windows KernelCritical
CVE-2022-30197Windows KernelImportant
CVE-2022-35758Windows KernelImportant
CVE-2022-34706Windows Local Security Authority (LSA)Important
CVE-2022-35759Windows Local Security Authority (LSA)Important
CVE-2022-34715Windows Network File SystemImportant
CVE-2022-33670Windows Partition Management DriverImportant
CVE-2022-34703Windows Partition Management DriverImportant
CVE-2022-30133Windows Point-to-Point Tunneling ProtocolCritical
CVE-2022-35747Windows Point-to-Point Tunneling ProtocolImportant
CVE-2022-35744Windows Point-to-Point Tunneling ProtocolCritical
CVE-2022-35793Windows Print Spooler ComponentsImportant
CVE-2022-35755Windows Print Spooler ComponentsImportant
CVE-2022-34301Windows Secure BootImportant
CVE-2022-34302Windows Secure BootImportant
CVE-2022-34303Windows Secure BootImportant
CVE-2022-35745Windows Secure Socket Tunneling Protocol (SSTP)Critical
CVE-2022-35766Windows Secure Socket Tunneling Protocol (SSTP)Critical
CVE-2022-35794Windows Secure Socket Tunneling Protocol (SSTP)Critical
CVE-2022-34701Windows Secure Socket Tunneling Protocol (SSTP)Important
CVE-2022-34714Windows Secure Socket Tunneling Protocol (SSTP)Critical
CVE-2022-34702Windows Secure Socket Tunneling Protocol (SSTP)Critical
CVE-2022-35767Windows Secure Socket Tunneling Protocol (SSTP)Critical
CVE-2022-35762Windows Storage Spaces DirectImportant
CVE-2022-35765Windows Storage Spaces DirectImportant
CVE-2022-35792Windows Storage Spaces DirectImportant
CVE-2022-35763Windows Storage Spaces DirectImportant
CVE-2022-35764Windows Storage Spaces DirectImportant
CVE-2022-35754Windows Unified Write FilterImportant
CVE-2022-30194Windows WebBrowser ControlImportant
CVE-2022-34699Windows Win32KImportant
%d bloggers like this: