DogWalk Zero-day Flaw fixed in Microsoft August 2022 Patch Tuesday

Microsoft August 2022 Patch Tuesday update details.

Microsoft August Patch Update

Microsoft has released the August 2022 Patch Tuesday update for Windows 10, and 11. The new update comes with a few highlights and improvements, along with fixing the actively exploited 'DogWalk' zero-day vulnerability. 

Additionally, Microsoft has also pushed the updates for Windows 7 and Windows 8.1. However,  it is important to note that only Windows 7 users who have purchased extended security update (ESU) support will receive the update.

A total of 121 vulnerabilities were fixed in the August 2022 Patch Tuesday update, whereas 17 are classified as 'Critical' which are allow remote code execution or elevation of privileges.

There are a couple of zero-day vulnerabilities fixed with today's update, with one actively exploited in attacks. One is known as DogWalk" and tracked by Microsoft as CVE-2022-34713 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. The other zero-day vulnerability is tracked as CVE-2022-30134 - Microsoft Exchange Information Disclosure Vulnerability and allows an attacker to read targeted email messages. However, Microsoft says that the CVE-2022-30134 is publicly disclosed but has not been detected in attacks.

The number of bugs in each vulnerability category is listed below:

  • 64 Elevation of Privilege Vulnerabilities
  • 6 Security Feature Bypass Vulnerabilities
  • 31 Remote Code Execution Vulnerabilities
  • 12 Information Disclosure Vulnerabilities
  • 7 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability

For information about the non-security Windows updates, you can read about today's Windows 10 KB5016616 and KB5016623 update and the Windows 11 KB5016629 update. You can find standalone links to download the new update on Microsoft Update Catalog at this link here.

More Tuesday updates from other companies

Other vendors who released updates in August 2022 include:

Windows Server, version 20H2 has reached End of Servicing

With all the above security updates, Microsoft has also announced the End of Servicing for Windows Server version 20H2. 

"As of August 9, 2022, all editions of Windows Server, version 20H2 have reached the end of service. The August 2022 security update, released on August 9, 2022, is the last update available for this version. Devices running this version will no longer receive monthly security and quality updates containing protection from the latest security threats." -Microsoft says

This is also the retirement of the Windows Server Semi-Annual Channel (SAC). As the Windows Server is moving to the Long-Term Servicing Channel (LTSC) as the primary release channel, there will be no future SAC releases of Windows Server.

Customers using Windows Server SAC were asked to move to Azure Stack HCI or else customers may use the Long-Term Servicing Channel of Windows Server. 

Read Also
Post a Comment