Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Active Directory Password Management: Understanding the Controls, Risks and Gaps

Webinar Library

Latest Blogs

Recent Security Features in Active Directory You Probably Aren't Using

Active Directory security features you probably aren’t using and more in my sessions at The Experts Conference 2019

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Top Resources

Security Log

Additional Resources

August, 2022: Patch Tuesday: 142 Patches, 18 Critical, 2 Zero-Days and 1 in the Wild

Welcome to my August Patch Tuesday newsletter. It's an average month with Microsoft releasing patches for 142 different CVE's of which 18 are rated as critical. There are two zero days (highlighted in bold) in the chart below. One of them (noted with ***) has been detected as already being actively exploited in the wild. So you will want to apply these updates as soon as possible and make sure the pending reboots happen ASAP. You will notice that I have also highlighted some CVE's with * in the chart. These have been given an exploitability assessment by Microsoft rated "Exploitation More Likely". So please make sure these get applied as soon as possible. If you have Exchange Server installed on-prem, then please check the chart below to see if you have any of the version / cumulative update combinations that need to be updated. Keep in mind that the OS updates in the chart below also apply to Server Core installations. Make sure those don't get looked over.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 7, 8.1, RT 8.1, 10, 11 Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations	Critical	CVE-2022-30133 CVE-2022-30144 CVE-2022-30194 CVE-2022-30197 CVE-2022-33670* CVE-2022-34301* CVE-2022-34302* CVE-2022-34303* CVE-2022-34690 CVE-2022-34691 CVE-2022-34696 CVE-2022-34699* CVE-2022-34701 CVE-2022-34702 CVE-2022-34703* CVE-2022-34704 CVE-2022-34705 CVE-2022-34706 CVE-2022-34707 CVE-2022-34708 CVE-2022-34709 CVE-2022-34710 CVE-2022-34712 CVE-2022-34713*** CVE-2022-34714 CVE-2022-34715 CVE-2022-35743* CVE-2022-35744 CVE-2022-35745 CVE-2022-35746 CVE-2022-35747 CVE-2022-35748* CVE-2022-35749 CVE-2022-35750* CVE-2022-35751* CVE-2022-35752 CVE-2022-35753 CVE-2022-35754 CVE-2022-35755* CVE-2022-35756* CVE-2022-35757 CVE-2022-35758 CVE-2022-35759 CVE-2022-35760 CVE-2022-35761* CVE-2022-35762 CVE-2022-35763 CVE-2022-35764 CVE-2022-35765 CVE-2022-35766 CVE-2022-35767 CVE-2022-35768 CVE-2022-35769 CVE-2022-35771 CVE-2022-35792 CVE-2022-35793* CVE-2022-35794 CVE-2022-35795 CVE-2022-35797 CVE-2022-35804* CVE-2022-35820*	Workaround: No Exploited: Yes* Public: Yes**	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass
Edge	Chromium-based	Moderate	CVE-2022-2477 CVE-2022-2478 CVE-2022-2479 CVE-2022-2480 CVE-2022-2481 CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612 CVE-2022-2614 CVE-2022-2615 CVE-2022-2616 CVE-2022-2617 CVE-2022-2618 CVE-2022-2619 CVE-2022-2621 CVE-2022-2622 CVE-2022-2623 CVE-2022-2624 CVE-2022-33636 CVE-2022-33649 CVE-2022-35796	Workaround: No Exploited: No Public: No	Security Feature Bypass Elevation of Privilege Remote Code Execution
Office	365 Apps for Enterprise Excel/Outlook 2013 RT SP1, 2013 SP1, 2016 Office 2013 RT SP1, 2013 SP1, 2016, 2019, LTSC 2021 Online Server	Important	CVE-2022-33631 CVE-2022-33648 CVE-2022-34717 CVE-2022-35742	Workaround: No Exploited: No Public: No	Denial of Service Remote Code Execution Security Feature Bypass
Azure	Arc Jumpstart Batch Real Time Operating System GUIX Studio Site Recovery VMWare to Azure Sphere Open Management Infrastructure	Critical	CVE-2022-30175 CVE-2022-30176 CVE-2022-33640 CVE-2022-33646* CVE-2022-34685 CVE-2022-34686 CVE-2022-34687 CVE-2022-35772 CVE-2022-35773 CVE-2022-35774 CVE-2022-35775 CVE-2022-35776 CVE-2022-35779 CVE-2022-35780 CVE-2022-35781 CVE-2022-35782 CVE-2022-35783 CVE-2022-35784 CVE-2022-35785 CVE-2022-35786 CVE-2022-35787 CVE-2022-35788 CVE-2022-35789 CVE-2022-35790 CVE-2022-35791 CVE-2022-35798 CVE-2022-35799 CVE-2022-35800 CVE-2022-35801 CVE-2022-35802 CVE-2022-35806 CVE-2022-35807 CVE-2022-35808 CVE-2022-35809 CVE-2022-35810 CVE-2022-35811 CVE-2022-35812 CVE-2022-35813 CVE-2022-35814 CVE-2022-35815 CVE-2022-35816 CVE-2022-35817 CVE-2022-35818 CVE-2022-35819 CVE-2022-35821 CVE-2022-35824	Workaround: No Exploited: No Public: No	Denial of Service Information Disclosure Remote Code Execution Elevation of Privilege
Visual Studio	2012 Update 5 2013 Update 5 2015 Update 3 2017 15.9 and earlier 2019 16.11 and earlier 2022 17.2, 17.0	Important	CVE-2022-35777 CVE-2022-35825 CVE-2022-35826 CVE-2022-35827	Workaround: No Exploited: No Public: No	Remote Code Execution
.NET	Core 3.1 6.0	Important	CVE-2022-34716	Workaround: No Exploited: No Public: No	Spoofing
Exchange Server	2013 CU23, 2016 CU22 and CU23, 2019 CU11 and CU12	Critical	CVE-2022-21979 CVE-2022-21980* CVE-2022-24477* CVE-2022-24516* CVE-2022-30134 CVE-2022-34692	Workaround: No Exploited: No Public: Yes	Elevation of Privilege Information Disclosure
System Center	SCOM 2016, 2019, 2022	Important	CVE-2022-33640	Workaround: No Exploited: No Public: No	Elevation of Privilege

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

August 2022 Patch Tuesday	"Patch Tuesday: 142 Patches, 18 Critical, 2 Zero-Days and 1 in the Wild " - sponsored by LOGbinder

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2022 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.