Patch Tuesday Advisory - August 2022

Fixes for 17 critical CVEs and 2 zero-days including DogWalk

For August, the number of patched threats announced by Microsoft totals 121, including 17 deemed as Critical and two zero-days. The headline issue is a zero-day vulnerability, previously codenamed DogWalk, which was discovered over 2 years ago and has been actively exploited. We are definitely in the “dog days” of summer! 

The DogWalk vulnerability is identified as CVE-2022-34713 “Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability”. The other zero-day vulnerability, CVE-2022-30134, affects Microsoft Exchange but has been assessed as unlikely to be exploited.

Also note that Microsoft previously released 20 fixes for Microsoft Edge (Chromium-Based) on August 5th. 

As always, Balbix can identify all affected assets within 1 hour of release. There are no scans to run. Balbix customers simply search for the CVE name in their Balbix dashboard to view the list of affected assets. Users can also use the filtered search functionality to search for the CVE by site, subnet, location, or other distinguishing factors.