August 2022 Patch Tuesday: MSDT update fixes zero-day DogWalk and Exchange

Head Nerd

Agosto 10th, 2022 27 mins

Content

Microsoft Vulnerabilities Addressed Microsoft Patch Tuesday Vulnerability Prioritization Cumulative Updates Known Complications of Note Other Vendors

August brings fixes for a longstanding Microsoft Support Diagnostics Tool bug, a long list of Critical and Exploitation More Likely vulnerabilities, along with an Exchange Server zero-day. This is a lot for defenders to digest, but the good news is timely application of security updates and following the instructions provided by Microsoft should make short work of this month’s two zero-days. This hopefully brings an end to the DogWalk vulnerability and similar issues being a challenge to mitigate now that Microsoft has provided a fix rather than workaround guidance.

Microsoft Vulnerabilities Addressed

This Patch Tuesday brings an increase in the total number of fixes from the previous month and is one of the highest counts for the year—121 different vulnerabilities have been addressed with two more receiving updates for previous fixes. CVE-2022-26832 and CVE-2022-30130 have both received version updates, with Microsoft also recommending the application of KB5016268.

These vulnerabilities are rated as Low and Important, so they aren’t going to be on many priority lists, but they do highlight that dealing with vulnerabilities is a continuous effort. Fixes applied to deal with a vulnerability may need tweaking as the vulnerability becomes better understood. It’s not impossible to see the same vulnerability receive multiple fixes over an extended period—another reason why having established processes and automated patching in place is so important.

There are also two MSDT-related fixes in this Patch Tuesday release: CVE-2022-35743 and CVE-2022-34713. When it was originally discovered two years ago, the MSDT vulnerability now referred to as DogWalk was considered a won’t fix item by Microsoft. However, the Follina vulnerability from last month put the spotlight back on these previous MSDT vulnerabilities and this has resulted in fixes being issued this month. Combine the fact that CVE-2022-34713 is marked as Exploitation Detected, CVE-2022-35743 is Exploitation More Likely, and the large install base, basically every modern Windows OS should be putting these toward the top of priority lists.

The Exchange zero-day, CVE-2022-30134, is marked as Exploitation Unlikely with no publicly available proof of concept attack and designated as Important severity. What the vulnerability allows though—for an attacker to read emails—should raise it toward the top of any Exchange admins to-do list regardless of the likelihood of exploitation.

Microsoft Patch Tuesday Vulnerability Prioritization

CVE-2022-30134, CVE-2022-35743, and CVE-2022-34713 are some of the Windows vulnerabilities to prioritize this month. As always, it is important to not just prioritize vulnerabilities based on their severity but also their exploitation likelihood and the impact exploitation of the vulnerability will have on an environment. Vulnerabilities marked as Exploitation More Likely and Exploitation Detected are as important, and some may say even more important, to address quickly due to their increased likelihood to cause actual impacts to an environment. These CVEs from Microsoft should be top of the list as they are all marked as Exploitation More Likely, Exploitation Detected, or Critical.

CVE	Description	Exploitability	Severity
CVE-2022-33646	Azure Batch Node Agent Elevation of Privilege Vulnerability	Exploitation More Likely	Critical
CVE-2022-33670	Windows Partition Management Driver Elevation of Privilege Vulnerability	Exploitation More Likely	Important
CVE-2022-34699	Windows Win32k Elevation of Privilege Vulnerability	Exploitation More Likely	Important
CVE-2022-34703	Windows Partition Management Driver Elevation of Privilege Vulnerability	Exploitation More Likely	Important
CVE-2022-34713	Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability	Exploitation More Likely	Important
CVE-2022-35743	Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability	Exploitation More Likely	Important
CVE-2022-35748	HTTP.sys Denial of Service Vulnerability	Exploitation More Likely	Important
CVE-2022-35750	Win32k Elevation of Privilege Vulnerability	Exploitation More Likely	Important
CVE-2022-35751	Windows Hyper-V Elevation of Privilege Vulnerability	Exploitation More Likely	Important
CVE-2022-35755	Windows Print Spooler Elevation of Privilege Vulnerability	Exploitation More Likely	Important
CVE-2022-35756	Windows Kerberos Elevation of Privilege Vulnerability	Exploitation More Likely	Important
CVE-2022-35761	Windows Kernel Elevation of Privilege Vulnerability	Exploitation More Likely	Important
CVE-2022-34303	CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass	Exploitation More Likely	Important
CVE-2022-34301	CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass	Exploitation More Likely	Important
CVE-2022-35804	SMB Client and Server Remote Code Execution Vulnerability	Exploitation More Likely	Critical
CVE-2022-21980	Microsoft Exchange Server Elevation of Privilege Vulnerability	Exploitation More Likely	Critical
CVE-2022-24516	Microsoft Exchange Server Elevation of Privilege Vulnerability	Exploitation More Likely	Critical
CVE-2022-24477	Microsoft Exchange Server Elevation of Privilege Vulnerability	Exploitation More Likely	Critical
CVE-2022-34302	CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass	Exploitation More Likely	Important
CVE-2022-35793	Windows Print Spooler Elevation of Privilege Vulnerability	Exploitation More Likely	Important
CVE-2022-35820	Windows Bluetooth Driver Elevation of Privilege Vulnerability	Exploitation More Likely	Important
CVE-2022-34691	Active Directory Domain Services Elevation of Privilege Vulnerability	Exploitation Less Likely	Critical
CVE-2022-24477	Microsoft Exchange Server Elevation of Privilege Vulnerability	Exploitation More Likely	Critical
CVE-2022-35752	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Exploitation Less Likely	Critical
CVE-2022-35753	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Exploitation Less Likely	Critical
CVE-2022-34696	Windows Hyper-V Remote Code Execution Vulnerability	Exploitation Less Likely	Critical
CVE-2022-30133	Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability	Exploitation Less Likely	Critical
CVE-2022-35744	Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability	Exploitation Less Likely	Critical
CVE-2022-35745	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Exploitation Less Likely	Critical
CVE-2022-35766	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Exploitation Less Likely	Critical
CVE-2022-35794	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Exploitation Less Likely	Critical
CVE-2022-34714	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Exploitation Less Likely	Critical
CVE-2022-34702	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Exploitation Less Likely	Critical
CVE-2022-35767	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Exploitation Less Likely	Critical

Cumulative Updates

The cumulative updates KB5016616, KB5016623, KB5016622, and KB5016639 were released for various builds of Windows 10 and KB5016629 for Windows 11 as well this month. Containing the usual rollup of fixes from previous months and new features there is not much to highlight with CUs this month.

Known Complications of Note

There are no major complications being reported as of this blog being published. It is worth highlighting though that the Exchange vulnerabilities being addressed this month has additional guidance by Microsoft detailing the need to manually enable Windows Extended Protection to block exploitation.

Other Vendors

VMware released fixes for CVE-2022-31656 and CVE-2022-31659 in recent weeks. With exploit code already available for one and PoCs likely coming soon, any VMware admins should be ensuring updates are applied and that plans to replace EOS versions of VMware is an action item.

Summary

As always make sure you have established patching processes for evaluation, testing, and pushing into production. If you have traditionally only dealt with patches by applying them based on their severity consider including prioritization of patches for Zero-Days, Exploitation Detected, and Exploitation More Likely vulnerabilities in your Patch Management routines.

Looking for more information on the Patch Management section? Check out this section on our blog.

Lewis Pope is the Head Security Nerd at N‑able. You can follow him on Twitter: @cybersec_nerd

LinkedIn: thesecuritypope

Twitch: cybersec_nerd

Il presente documento viene fornito per puro scopo informativo e i suoi contenuti non vanno considerati come una consulenza legale. N‑able non rilascia alcuna garanzia, esplicita o implicita, né si assume alcuna responsabilità legale per quanto riguarda l’accuratezza, la completezza o l’utilità delle informazioni qui contenute.

N-ABLE, N-CENTRAL e gli altri marchi e loghi di N‑able sono di esclusiva proprietà di N‑able Solutions ULC e N‑able Technologies Ltd. e potrebbero essere marchi di common law, marchi registrati o in attesa di registrazione presso l’Ufficio marchi e brevetti degli Stati Uniti e di altri paesi. Tutti gli altri marchi menzionati qui sono utilizzati esclusivamente a scopi identificativi e sono marchi (o potrebbero essere marchi registrati) delle rispettive aziende.

Cove offre ora supporto per il disaster recovery nel cloud in Azure

Report sulla situazione dei SOC per il 2025

N‑able è campione per Canalys per il secondo anno consecutivo