Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th.

In-The-Wild & Disclosed CVEs

CVE-2022-34713

According to Microsoft, CVE-2022-34713 is a variant of the Dogwalk vulnerability. There has been a lot of Twitter discussion around this Dogwalk as it was first disclosed to Microsoft two years ago. Microsoft has noted that this vulnerability, which requires the user open a specially crafted file to exploit a flaw in the Microsoft Support Diagnostic Tool (MSDT), has been publicly disclosed and exploited.

CVE-2022-30134

This information disclosure vulnerability could allow attackers to read targeted email messages. In this case, installing the August 2022 Exchange Server Security Update (SU) release is not sufficient to defend against this vulnerability. System owners must also enable Exchange Server Support for Windows Extended Protection, which Microsoft has detailed in an Exchange Team Blog Post. The biggest take away here is that there are a number of instances where Microsoft suggests making sure you are aware of the issues associated with enabling Extended Protection, as such it is likely a good idea to read all of the associated documentation before moving forward with enabling this protection, but keep in mind the vulnerability is not fully resolved until the protection is enabled.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed are listed in red.
Tag CVE Count CVEs
Windows WebBrowser Control 1 CVE-2022-30194
Windows Secure Socket Tunneling Protocol (Read more...)