August 10, 2022

Microsoft Patches One 0-Days & 31 RCE Vulnerabilities

As part of August’s monthly security rollup updates, Microsoft has patched one 0-Day and 31 Remote Code Execution vulnerabilities.

Overall, Microsoft has patched 121 vulnerabilities across Windows, Azure, Active Directory, Hyper-V, Exchange, and others.

The Zero-Day Vulnerability

• CVE-2022-34713 (CVSS 3.1: 7.2, High Severity) – Path traversal vulnerability, in the Windows Support Diagnostic Tool (MSDT), an attackers can exploit the vulnerability to gain remote code execution on compromised systems.

For the full patched vulnerabilities list, including the 31 RCEs, visit Microsoft August 2022 Security Updates.

Affected Systems

The Vulnerability affects all Windows versions under support, including the latest client and server releases, Windows 11 and Windows Server 2022.

Mitigation

CYREBRO recommends implementing the latest available Microsoft security/monthly rollup updates in all relevant systems as soon as possible.

References: update.