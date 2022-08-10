



August 2022 Patch Tuesday has arrived with fixes for an unexpectedly large number of vulnerabilities in various Microsoft products, including two zero-days.

Priority Vulnerability

CVE-2022-34713 is a vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that allows remote code execution. To exploit it, an attacker would have to trick the target into opening a specially crafted file (delivered by email or downloaded from a website).

“Anything that is actually being exploited should be at the top of the list to be patched. ,” said Kevin Breen, Director of Cyber ​​Threat Research at Immersive Labs.

According to Microsoft, CVE-2022-34713 is a variant of the vulnerability commonly known as Dogwalk.

“With reports of CVE-2022-34713 being exploited in the wild, these types of flaws are so valuable to launch spear-phishing attacks that attackers have been trying to exploit flaws within MSDT. A variety of threat actors, from Advanced Persistent Threat (APT) groups to ransomware affiliates, are using spear phishing,” commented Satnam Narang, senior staff research engineer at Tenable.

“Flaws like CVE-2017-11882, a remote code execution bug in Microsoft Office, have been exploited for years after patches became available. Flaws such as Follina and CVE-2022-34713 will continue to be in use for the next few months, as bugs that can be run are still a valuable tool, so it’s important that organizations apply any available patches as soon as possible. .”

CVE-2022-30134 is a known information disclosure vulnerability affecting Microsoft Exchange that could be exploited by attackers to read targeted email messages, but has not been exploited at this time. Hmm.

More importantly, three critical privilege escalation vulnerabilities affecting Exchange (CVE-2022-24477, CVE-2022-24516, CVE-2022-21980) appear to have been patched by Microsoft.

“Elevation of Privilege (EoP) bugs are rarely rated critical, but they certainly qualify. These bugs allow an authenticated attacker to take over the mailboxes of all Exchange users.” It was then possible to read and send emails and download attachments from any mailbox on the Exchange server.Administrators should enable Extended Protection to fully address these vulnerabilities. ,” said Dustin Childs of Trend Micros Zero Day Initiative.

Additional instructions have been provided by Microsoft on how to run these specific updates on on-premises Exchange installations and affected users are urged to install them immediately.

“Exchanges are a treasure trove of information and can be a valuable target for attackers,” commented Breen.

“For example, CVE-2022-24477 allows an attacker to gain initial access to a user’s host, hijack all Exchange user mailboxes, and send and read emails and documents. For attackers focused on compromising email, this type of vulnerability can be very damaging.”

Finally, there is CVE-2022-35804, an unauthenticated RCE affecting SMB clients and servers.

Childs states that it can be infected with a worm and recommends applying the patch, although there is a workaround (disable SMBv3 compression).

“Microsoft has included a set of remediations that can prevent successful attacks and organizations should consider applying them as soon as possible. Compatibility should be tested to ensure business continuity is not impacted.The patch notes also include advice to restrict external connections to SMB port 445.” added Breen.

