Webinar Library
Welcome to my August Patch Tuesday newsletter. It's an average month with Microsoft releasing patches for 142 different CVE's of which 18 are rated as critical. There are two zero days (highlighted in bold) in the chart below. One of them (noted with ***) has been detected as already being actively exploited in the wild. So you will want to apply these updates as soon as possible and make sure the pending reboots happen ASAP. You will notice that I have also highlighted some CVE's with * in the chart. These have been given an exploitability assessment by Microsoft rated "Exploitation More Likely". So please make sure these get applied as soon as possible. If you have Exchange Server installed on-prem, then please check the chart below to see if you have any of the version / cumulative update combinations that need to be updated. Keep in mind that the OS updates in the chart below also apply to Server Core installations. Make sure those don't get looked over.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 7, 8.1, RT 8.1, 10, 11
Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations
Critical
CVE-2022-30133 CVE-2022-30144 CVE-2022-30194 CVE-2022-30197 CVE-2022-33670* CVE-2022-34301* CVE-2022-34302* CVE-2022-34303* CVE-2022-34690 CVE-2022-34691 CVE-2022-34696 CVE-2022-34699* CVE-2022-34701 CVE-2022-34702 CVE-2022-34703* CVE-2022-34704 CVE-2022-34705 CVE-2022-34706 CVE-2022-34707 CVE-2022-34708 CVE-2022-34709 CVE-2022-34710 CVE-2022-34712 CVE-2022-34713*** CVE-2022-34714 CVE-2022-34715 CVE-2022-35743* CVE-2022-35744 CVE-2022-35745 CVE-2022-35746 CVE-2022-35747 CVE-2022-35748* CVE-2022-35749 CVE-2022-35750* CVE-2022-35751* CVE-2022-35752 CVE-2022-35753 CVE-2022-35754 CVE-2022-35755* CVE-2022-35756* CVE-2022-35757 CVE-2022-35758 CVE-2022-35759 CVE-2022-35760 CVE-2022-35761* CVE-2022-35762 CVE-2022-35763 CVE-2022-35764 CVE-2022-35765 CVE-2022-35766 CVE-2022-35767 CVE-2022-35768 CVE-2022-35769 CVE-2022-35771 CVE-2022-35792 CVE-2022-35793* CVE-2022-35794 CVE-2022-35795 CVE-2022-35797 CVE-2022-35804* CVE-2022-35820*
Workaround: No Exploited: Yes*** Public: Yes
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Feature Bypass
Edge
Chromium-based
Moderate
CVE-2022-2477 CVE-2022-2478 CVE-2022-2479 CVE-2022-2480 CVE-2022-2481 CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612 CVE-2022-2614 CVE-2022-2615 CVE-2022-2616 CVE-2022-2617 CVE-2022-2618 CVE-2022-2619 CVE-2022-2621 CVE-2022-2622 CVE-2022-2623 CVE-2022-2624 CVE-2022-33636 CVE-2022-33649 CVE-2022-35796
Workaround: No Exploited: No Public: No
Office
365 Apps for Enterprise
Excel/Outlook 2013 RT SP1, 2013 SP1, 2016
Office 2013 RT SP1, 2013 SP1, 2016, 2019, LTSC 2021
Online Server
Important
CVE-2022-33631 CVE-2022-33648 CVE-2022-34717 CVE-2022-35742
Azure
Arc Jumpstart
Batch
Real Time Operating System GUIX Studio
Site Recovery VMWare to Azure
Sphere
Open Management Infrastructure
CVE-2022-30175 CVE-2022-30176 CVE-2022-33640 CVE-2022-33646* CVE-2022-34685 CVE-2022-34686 CVE-2022-34687 CVE-2022-35772 CVE-2022-35773 CVE-2022-35774 CVE-2022-35775 CVE-2022-35776 CVE-2022-35779 CVE-2022-35780 CVE-2022-35781 CVE-2022-35782 CVE-2022-35783 CVE-2022-35784 CVE-2022-35785 CVE-2022-35786 CVE-2022-35787 CVE-2022-35788 CVE-2022-35789 CVE-2022-35790 CVE-2022-35791 CVE-2022-35798 CVE-2022-35799 CVE-2022-35800 CVE-2022-35801 CVE-2022-35802 CVE-2022-35806 CVE-2022-35807 CVE-2022-35808 CVE-2022-35809 CVE-2022-35810 CVE-2022-35811 CVE-2022-35812 CVE-2022-35813 CVE-2022-35814 CVE-2022-35815 CVE-2022-35816 CVE-2022-35817 CVE-2022-35818 CVE-2022-35819 CVE-2022-35821 CVE-2022-35824
Visual Studio
2012 Update 5
2013 Update 5
2015 Update 3
2017 15.9 and earlier
2019 16.11 and earlier
2022 17.2, 17.0
CVE-2022-35777 CVE-2022-35825 CVE-2022-35826 CVE-2022-35827
.NET
Core 3.1
6.0
CVE-2022-34716
Spoofing
Exchange Server
2013 CU23, 2016 CU22 and CU23, 2019 CU11 and CU12
CVE-2022-21979 CVE-2022-21980* CVE-2022-24477* CVE-2022-24516* CVE-2022-30134 CVE-2022-34692
Workaround: No Exploited: No Public: Yes
System Center
SCOM 2016, 2019, 2022
CVE-2022-33640