Welcome to our summary of this month’s Patch Tuesday (August 2022). We have tabulated the vulnerabilities that the latest patches from Microsoft and Adobe fix, so that you can easily export them for use in your vulnerability management program.
Microsoft Patch Tuesday August 2022
121 vulnerabilities have been fixed in Microsoft’s August 2022 update.
17 were marked as Critical vulnerabilities as they allow Elevation of Privilege (EoP) and Remote Code Execution (RCE).
The new patches address CVEs in Microsoft Windows and Windows Components; Azure Batch Node Agent, Real Time Operating System, Site Recovery, and Sphere; Microsoft Dynamics; Microsoft Edge (Chromium-based); Exchange Server; Office and Office Components; PPTP, SSTP, and Remote Access Service PPTP; Hyper-V; System Center Operations Manager; Windows Internet Information Services; Print Spooler Components; and Windows Defender Credential Guard.
This is in addition to the 17 CVEs patched in Microsoft Edge (Chromium-based) and 3 patches related to secure boot from CERT/CC, bringing the total number of MS CVEs to 141.
CVE | Title | Severity | CVSS | Public | Exploited | Type |
---|---|---|---|---|---|---|
CVE-2022-34713 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | Important | 7.8 | Yes | Yes | RCE |
CVE-2022-30134 | Microsoft Exchange Information Disclosure Vulnerability | Important | 7.6 | Yes | No | Info |
CVE-2022-30133 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | Critical | 9.8 | No | No | RCE |
CVE-2022-35744 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | Critical | 9.8 | No | No | RCE |
CVE-2022-34691 | Active Directory Domain Services Elevation of Privilege Vulnerability | Critical | 8.8 | No | No | EoP |
CVE-2022-33646 | Azure Batch Node Agent Remote Code Execution Vulnerability | Critical | 7 | No | No | RCE |
CVE-2022-21980 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical | 8 | No | No | EoP |
CVE-2022-24477 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical | 8 | No | No | EoP |
CVE-2022-24516 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical | 8 | No | No | EoP |
CVE-2022-35752 | RAS Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
CVE-2022-35753 | RAS Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
CVE-2022-35804 | SMB Client and Server Remote Code Execution Vulnerability | Critical | 8.8 | No | No | RCE |
CVE-2022-34696 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 7.8 | No | No | RCE |
CVE-2022-34702 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
CVE-2022-34714 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
CVE-2022-35745 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
CVE-2022-35766 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
CVE-2022-35767 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
CVE-2022-35794 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
CVE-2022-34716 | .NET Spoofing Vulnerability | Important | 5.9 | No | No | Spoofing |
CVE-2022-34685 | Azure RTOS GUIX Studio Information Disclosure Vulnerability | Important | 7.8 | No | No | Info |
CVE-2022-34686 | Azure RTOS GUIX Studio Information Disclosure Vulnerability | Important | 7.8 | No | No | Info |
CVE-2022-30175 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
CVE-2022-30176 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
CVE-2022-34687 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
CVE-2022-35773 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
CVE-2022-35779 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
CVE-2022-35806 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
CVE-2022-35776 | Azure Site Recovery Denial of Service Vulnerability | Important | 6.2 | No | No | DoS |
CVE-2022-35802 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 8.1 | No | No | EoP |
CVE-2022-35775 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35780 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35781 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35782 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35784 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35785 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35786 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35788 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35789 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35790 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35791 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35799 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35801 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35807 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35808 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35809 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35810 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35811 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35813 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35814 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35815 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35816 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35817 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35818 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35819 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | EoP |
CVE-2022-35774 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 4.9 | No | No | EoP |
CVE-2022-35787 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 4.9 | No | No | EoP |
CVE-2022-35800 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 4.9 | No | No | EoP |
CVE-2022-35783 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 4.4 | No | No | EoP |
CVE-2022-35812 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 4.4 | No | No | EoP |
CVE-2022-35824 | Azure Site Recovery Remote Code Execution Vulnerability | Important | Unknown | No | No | RCE |
CVE-2022-35772 | Azure Site Recovery Remote Code Execution Vulnerability | Important | 7.2 | No | No | RCE |
CVE-2022-35821 | Azure Sphere Information Disclosure Vulnerability | Important | 4.4 | No | No | Info |
CVE-2022-34301 * | CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass | Important | N/A | No | No | SFB |
CVE-2022-34302 * | CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass | Important | N/A | No | No | SFB |
CVE-2022-34303 * | CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass | Important | N/A | No | No | SFB |
CVE-2022-35748 | HTTP.sys Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
CVE-2022-35760 | Microsoft ATA Port Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-33649 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Important | 9.6 | No | No | SFB |
CVE-2022-33648 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
CVE-2022-33631 | Microsoft Excel Security Feature Bypass Vulnerability | Important | 7.3 | No | No | SFB |
CVE-2022-34692 | Microsoft Exchange Information Disclosure Vulnerability | Important | 5.3 | No | No | Info |
CVE-2022-21979 | Microsoft Exchange Information Disclosure Vulnerability | Important | 4.8 | No | No | Info |
CVE-2022-34717 | Microsoft Office Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2022-35742 | Microsoft Outlook Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
CVE-2022-35743 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
CVE-2022-35762 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-35763 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-35764 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-35765 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-35792 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-33640 | System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-35754 | Unified Write Filter Elevation of Privilege Vulnerability | Important | 6.7 | No | No | EoP |
CVE-2022-35777 | Visual Studio Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2022-35825 | Visual Studio Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2022-35826 | Visual Studio Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2022-35827 | Visual Studio Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2022-35750 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-35820 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-30144 | Windows Bluetooth Service Remote Code Execution Vulnerability | Important | 7.5 | No | No | RCE |
CVE-2022-35757 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important | 7.3 | No | No | EoP |
CVE-2022-34705 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-35771 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-34704 | Windows Defender Credential Guard Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
CVE-2022-34710 | Windows Defender Credential Guard Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
CVE-2022-34712 | Windows Defender Credential Guard Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
CVE-2022-34709 | Windows Defender Credential Guard Security Feature Bypass Vulnerability | Important | 6 | No | No | SFB |
CVE-2022-35746 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-35749 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-35795 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-34690 | Windows Fax Service Elevation of Privilege Vulnerability | Important | 7.1 | No | No | EoP |
CVE-2022-35797 | Windows Hello Security Feature Bypass Vulnerability | Important | 6.1 | No | No | SFB |
CVE-2022-35751 | Windows Hyper-V Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-35756 | Windows Kerberos Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-35761 | Windows Kernel Elevation of Privilege Vulnerability | Important | 8.4 | No | No | EoP |
CVE-2022-34707 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-35768 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-34708 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
CVE-2022-35758 | Windows Kernel Memory Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
CVE-2022-30197 | Windows Kernel Security Feature Bypass | Important | 7.8 | No | No | SFB |
CVE-2022-35759 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Important | 6.5 | No | No | DoS |
CVE-2022-34706 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-34715 | Windows Network File System Remote Code Execution Vulnerability | Important | 9.8 | No | No | RCE |
CVE-2022-33670 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-34703 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-35769 | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
CVE-2022-35747 | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | Important | 5.9 | No | No | DoS |
CVE-2022-35755 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.3 | No | No | EoP |
CVE-2022-35793 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.3 | No | No | EoP |
CVE-2022-34701 | Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | Important | 5.3 | No | No | DoS |
CVE-2022-30194 | Windows WebBrowser Control Remote Code Execution Vulnerability | Important | 7.5 | No | No | RCE |
CVE-2022-34699 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2022-33636 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Moderate | 8.3 | No | No | RCE |
CVE-2022-35796 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Low | 7.5 | No | No | EoP |
CVE-2022-2603 * | Chromium: CVE-2022-2603 Use after free in Omnibox | High | N/A | No | No | RCE |
CVE-2022-2604 * | Chromium: CVE-2022-2604 Use after free in Safe Browsing | High | N/A | No | No | RCE |
CVE-2022-2605 * | Chromium: CVE-2022-2605 Out of bounds read in Dawn | High | N/A | No | No | RCE |
CVE-2022-2606 * | Chromium: CVE-2022-2606 Use after free in Managed devices API | High | N/A | No | No | RCE |
CVE-2022-2610 * | Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch | Medium | N/A | No | No | SFB |
CVE-2022-2611 * | Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API | Medium | N/A | No | No | N/A |
CVE-2022-2612 * | Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input | Medium | N/A | No | No | Info |
CVE-2022-2614 * | Chromium: CVE-2022-2614 Use after free in Sign-In Flow | Medium | N/A | No | No | RCE |
CVE-2022-2615 * | Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies | Medium | N/A | No | No | SFB |
CVE-2022-2616 * | Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API |