Patch Tuesday, August 2022 Microsoft fixes 121 security issues, including a zero-day vulnerability

Microsoft has updated Windows 11, Windows 10, Windows 8.1 and Windows 7 - almost a hundred vulnerabilities fixed. Also Including one zero-day vulnerability that was actively exploited by attackers.

- Advertisement -

Microsoft regularly releases an anticipated batch of security patches and updates for various products and services on every second Tuesday of the month. And This has become known as Microsoft security Patch Tuesday update, keep this tradition today 09 August 2022 second Tuesday of the month and the company has released 84 security fixes including a zero-day vulnerability. Four of the vulnerabilities fixed today were classified as Critical and the rest as Important. The types of security vulnerabilities addressed today are distributed as follows:

Patch Tuesday updates are cumulative updates that usually only include minor patches and security fixes, rather than any new features.

Delivers security fixes for 121 vulnerabilities (with seven classified as Critical as they allow remote code execution and 114 as Important.)

  • 64 Elevation of Privilege Vulnerabilities
  • 31 Remote Code Execution Vulnerabilities
  • 20 vulnerabilities fixed in Microsoft Edge
  • 12 Information Disclosure Vulnerabilities
  • 7 Denial of Service Vulnerabilities
  • 6 Security Feature Bypass Vulnerabilities
  • 1 Spoofing Vulnerability

Fixed an actively exploited zero-day vulnerability

Also, Microsoft has fixed two zero-day vulnerabilities, with one actively exploited in attacks.

- Advertisement -

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The actively exploited zero-day vulnerability fixed today is jokingly known as ‘DogWalk” and tracked by Microsoft as ‘CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.’

In this attack, an actor would persuade potential victims to click on a link provided by them.The actors would entice a potential victim in a message through email or instant message to open the file or link they sent.

According to Microsoft, “In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.”

- Advertisement -

On the other hand, “In a web-based attack scenario, an attacker could host a website containing a specially crafted file designed to exploit the vulnerability.”

Recent updates from other companies

Other vendors who released updates in August 2022 include:

Windows security updates

- Advertisement -

In addition to the security fixes, Microsoft has also published an update for the Windows Update service to improve its reliability and performance.

Windows 11

Microsoft fixes 54 vulnerabilities in Windows 11, 13 of which are considered critical.

  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35766
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35794
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35767
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35753
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35752
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35745
  • Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability — CVE-2022-35744
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-34714
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-34702
  • Windows Hyper-V Remote Code Execution Vulnerability — CVE-2022-34696
  • Active Directory Domain Services Elevation of Privilege Vulnerability — CVE-2022-34691
  • Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability — CVE-2022-30133
  • SMB Client and Server Remote Code Execution Vulnerability — CVE-2022-35804

Windows 11 (version 21H2) – KB5016629 (OS Build 22000.856). Manual download from Microsoft Update Catalog.

windows 11

Windows 11 KB5015814 updates include the following changes:

  • Security updates for your Windows operating system.
  • Fixes security issues for your Windows operating system.

This security update includes improvements that were part of update KB5015882 (released July 21, 2022) and also Addresses a known issue that might prevent some of you from opening the Start menu.

  • Windows 11 Servicing Stack Update – 22000.856: This update brings quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing Stack Updates (SSUs) ensure that you have a robust servicing stack so that your devices can receive and install Microsoft updates.

Windows 10:

Windows 10 20H2, 21H1 and 21H2 are affected by 58 security patches, 12 of which correct critical problems.

Note. Versions 1903 and 1909, as well as 2004, 20H2, 21H1, and 21H2 share a common base operating system version and have an identical set of system files. That is why they receive the same cumulative updates.

windows 10

Windows 10 KB5015807 and KB5015811 updates include the following changes:

  • Addresses an issue that affects the printing of files you submit to a printer.

  • Addresses a known issue that might prevent the Input Indicator and Language Bar from displaying in the notification area. This issue affects devices that have more than one language installed.

  • Addresses security issues for your Windows operating system.

Windows 8.1 and Windows Server 2012 R2

On the side of Windows 8.1, 39 vulnerabilities have been resolved. We have 10 critical flaws.

  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35753
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35767
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35752
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35745
  • Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability — CVE-2022-35744
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-34714
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-34702
  • Windows Hyper-V Remote Code Execution Vulnerability — CVE-2022-34696
  • Active Directory Domain Services Elevation of Privilege Vulnerability — CVE-2022-34691
  • Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability — CVE-2022-30133

windows 8.1

Windows 8.1 KB5016681, KB5016683 updates include the following changes:

  • Addresses an issue in which Speech and Network troubleshooters will not start.
  • Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. This issue affects devices that have installed Windows updates dated June 14, 2022 or later. This issue occurs when the device performs a specific form of service for user (S4U) in a non-Trusted Computing Base (TCB) Windows service that runs as Network Service.
  • Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. If they do not comply, Active Directory domain controllers will not authenticate them. Mitigations that allowed non-compliant devices to authenticate will not exist after August 9, 2022

Windows 7 SP1 and Windows Server 2008 R2

This Patch Tuesday fixes 29 security vulnerabilities in Windows 7, 9 of which is considered critical.

  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35753
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35767
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35752
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-35745
  • Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability — CVE-2022-35744
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-34714
  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-34702
  • Active Directory Domain Services Elevation of Privilege Vulnerability — CVE-2022-34691
  • Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability — CVE-2022-30133

windows 7

Windows 7 KB5015861 and KB5015862 updates include the following changes:

  • Addresses an issue in which Speech and Network troubleshooters will not start.

  • Addresses an issue that might cause the Local Security Authority Server Service (LSASS) to leak tokens. This issue affects devices that have installed Windows updates dated June 14, 2022 or later. This issue occurs when the device performs a specific form of service for user (S4U) in a non-Trusted Computing Base (TCB) Windows service that runs as Network Service.
  • Enforces a hardening change that requires printers and scanners that use smart cards for authentication to have firmware that complies with section 3.2.1 of RFC 4556. If they do not comply, Active Directory domain controllers will not authenticate them. Mitigations that allowed non-compliant devices to authenticate will not exist after August 9, 2022.

Download the windows 10 update

All these security updates are automatically downloaded and installed via windows update. Or you force Windows update from settings, update & security check for updates to install August 2022 patch updates immediately on your device.

Checking for windows updates

If you are Looking for Windows 10 21H2 Update ISO image click here. Or check How to Upgrade to Windows 10 version 21H2 Using the media creation tool.

If you face any difficulty while installing these updates, Check Windows 10 Update troubleshooting guide to fix the windows 10 Cumulative update stuck downloading, failed to install with different errors, etc.

Also read:

- Advertisement -

Advertisment

ALSO READ:-

- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here