DogWalk Zero-day Flaw fixed in Microsoft August 2022 Patch Tuesday
Additionally, Microsoft has also pushed the updates for Windows 7 and Windows 8.1. However, it is important to note that only Windows 7 users who have purchased extended security update (ESU) support will receive the update.
A total of 121 vulnerabilities were fixed in the August 2022 Patch Tuesday update, whereas 17 are classified as 'Critical' which are allow remote code execution or elevation of privileges.
There are a couple of zero-day vulnerabilities fixed with today's update, with one actively exploited in attacks. One is known as DogWalk" and tracked by Microsoft as CVE-2022-34713 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. The other zero-day vulnerability is tracked as CVE-2022-30134 - Microsoft Exchange Information Disclosure Vulnerability and allows an attacker to read targeted email messages. However, Microsoft says that the CVE-2022-30134 is publicly disclosed but has not been detected in attacks.
The number of bugs in each vulnerability category is listed below:
- 64 Elevation of Privilege Vulnerabilities
- 6 Security Feature Bypass Vulnerabilities
- 31 Remote Code Execution Vulnerabilities
- 12 Information Disclosure Vulnerabilities
- 7 Denial of Service Vulnerabilities
- 1 Spoofing Vulnerability
For information about the non-security Windows updates, you can read about today's Windows 10 KB5016616 and KB5016623 update and the Windows 11 KB5016629 update. You can find standalone links to download the new update on Microsoft Update Catalog at this link here.
More Tuesday updates from other companies
Other vendors who released updates in August 2022 include:
- Google released Android's August security updates.
- Cisco released security updates for numerous products this month.
- SAP has released its August 2022 Patch Day updates.
- VMware released security updates and warned that the recently disclosed authentication bypass vulnerability is now actively exploited.
Windows Server, version 20H2 has reached End of Servicing
With all the above security updates, Microsoft has also announced the End of Servicing for Windows Server version 20H2.
"As of August 9, 2022, all editions of Windows Server, version 20H2 have reached the end of service. The August 2022 security update, released on August 9, 2022, is the last update available for this version. Devices running this version will no longer receive monthly security and quality updates containing protection from the latest security threats." -Microsoft says
This is also the retirement of the Windows Server Semi-Annual Channel (SAC). As the Windows Server is moving to the Long-Term Servicing Channel (LTSC) as the primary release channel, there will be no future SAC releases of Windows Server.
Customers using Windows Server SAC were asked to move to Azure Stack HCI or else customers may use the Long-Term Servicing Channel of Windows Server.
Join the conversation