VERT Threat Alert: August 2022 Patch Tuesday Analysis
Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th.
In-The-Wild & Disclosed CVEs
According to Microsoft, CVE-2022-34713 is a variant of the Dogwalk vulnerability. There has been a lot of Twitter discussion around this Dogwalk as it was first disclosed to Microsoft two years ago. Microsoft has noted that this vulnerability, which requires the user open a specially crafted file to exploit a flaw in the Microsoft Support Diagnostic Tool (MSDT), has been publicly disclosed and exploited.
This information disclosure vulnerability could allow attackers to read targeted email messages. In this case, installing the August 2022 Exchange Server Security Update (SU) release is not sufficient to defend against this vulnerability. System owners must also enable Exchange Server Support for Windows Extended Protection, which Microsoft has detailed in an Exchange Team Blog Post. The biggest take away here is that there are a number of instances where Microsoft suggests making sure you are aware of the issues associated with enabling Extended Protection, as such it is likely a good idea to read all of the associated documentation before moving forward with enabling this protection, but keep in mind the vulnerability is not fully resolved until the protection is enabled.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed are listed in red.
Tag | CVE Count | CVEs |
Windows WebBrowser Control | 1 | CVE-2022-30194 |
Windows Secure Socket Tunneling Protocol (Read more...) |
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-news/vert-threat-alert-august-2022-patch-tuesday-analysis/