August, 2022: Patch Tuesday: 142 Patches, 18 Critical, 2 Zero-Days and 1 in the Wild

Welcome to my August Patch Tuesday newsletter.  It's an average month with Microsoft releasing patches for 142 different CVE's of which 18 are rated as critical.  There are two zero days (highlighted in bold) in the chart below.  One of them (noted with ***) has been detected as already being actively exploited in the wild.  So you will want to apply these updates as soon as possible and make sure the pending reboots happen ASAP.  You will notice that I have also highlighted some CVE's with * in the chart.  These have been given an exploitability assessment by Microsoft rated "Exploitation More Likely".  So please make sure these get applied as soon as possible.  If you have Exchange Server installed on-prem, then please check the chart below to see if you have any of the version / cumulative update combinations that need to be updated.  Keep in mind that the OS updates in the chart below also apply to Server Core installations.  Make sure those don't get looked over.

Patch data provided by:

LOGbinder.com

Technology

Products Affected

Severity

Reference

Workaround/ Exploited / Publicly Disclosed

Vulnerability Info

Windows

Windows 7, 8.1, RT 8.1, 10, 11

Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations

Critical

CVE-2022-30133
CVE-2022-30144
CVE-2022-30194
CVE-2022-30197
CVE-2022-33670*
CVE-2022-34301*
CVE-2022-34302*
CVE-2022-34303*
CVE-2022-34690
CVE-2022-34691
CVE-2022-34696
CVE-2022-34699*
CVE-2022-34701
CVE-2022-34702
CVE-2022-34703*
CVE-2022-34704
CVE-2022-34705
CVE-2022-34706
CVE-2022-34707
CVE-2022-34708
CVE-2022-34709
CVE-2022-34710
CVE-2022-34712
CVE-2022-34713***
CVE-2022-34714
CVE-2022-34715
CVE-2022-35743*
CVE-2022-35744
CVE-2022-35745
CVE-2022-35746
CVE-2022-35747
CVE-2022-35748*
CVE-2022-35749
CVE-2022-35750*
CVE-2022-35751*
CVE-2022-35752
CVE-2022-35753
CVE-2022-35754
CVE-2022-35755*
CVE-2022-35756*
CVE-2022-35757
CVE-2022-35758
CVE-2022-35759
CVE-2022-35760
CVE-2022-35761*
CVE-2022-35762
CVE-2022-35763
CVE-2022-35764
CVE-2022-35765
CVE-2022-35766
CVE-2022-35767
CVE-2022-35768
CVE-2022-35769
CVE-2022-35771
CVE-2022-35792
CVE-2022-35793*
CVE-2022-35794
CVE-2022-35795
CVE-2022-35797
CVE-2022-35804*
CVE-2022-35820*

Workaround: No
Exploited: Yes***
Public: Yes

Denial of Service

Elevation of Privilege

Information Disclosure

Remote Code Execution

Security Feature Bypass

Edge

Chromium-based

Moderate

CVE-2022-2477
CVE-2022-2478
CVE-2022-2479
CVE-2022-2480
CVE-2022-2481
CVE-2022-2603
CVE-2022-2604
CVE-2022-2605
CVE-2022-2606
CVE-2022-2610
CVE-2022-2611
CVE-2022-2612
CVE-2022-2614
CVE-2022-2615
CVE-2022-2616
CVE-2022-2617
CVE-2022-2618
CVE-2022-2619
CVE-2022-2621
CVE-2022-2622
CVE-2022-2623
CVE-2022-2624
CVE-2022-33636
CVE-2022-33649
CVE-2022-35796

Workaround: No
Exploited: No
Public: No

Security Feature Bypass

Elevation of Privilege

Remote Code Execution

Office

365 Apps for Enterprise

Excel/Outlook 2013 RT SP1, 2013 SP1, 2016

Office 2013 RT SP1, 2013 SP1, 2016, 2019, LTSC 2021

Online Server

Important

CVE-2022-33631
CVE-2022-33648
CVE-2022-34717
CVE-2022-35742

Workaround: No
Exploited: No
Public: No

Denial of Service

Remote Code Execution

Security Feature Bypass

Azure

Arc Jumpstart

Batch

Real Time Operating System GUIX Studio

Site Recovery VMWare to Azure

Sphere

Open Management Infrastructure

Critical

CVE-2022-30175
CVE-2022-30176
CVE-2022-33640
CVE-2022-33646*
CVE-2022-34685
CVE-2022-34686
CVE-2022-34687
CVE-2022-35772
CVE-2022-35773
CVE-2022-35774
CVE-2022-35775
CVE-2022-35776
CVE-2022-35779
CVE-2022-35780
CVE-2022-35781
CVE-2022-35782
CVE-2022-35783
CVE-2022-35784
CVE-2022-35785
CVE-2022-35786
CVE-2022-35787
CVE-2022-35788
CVE-2022-35789
CVE-2022-35790
CVE-2022-35791
CVE-2022-35798
CVE-2022-35799
CVE-2022-35800
CVE-2022-35801
CVE-2022-35802
CVE-2022-35806
CVE-2022-35807
CVE-2022-35808
CVE-2022-35809
CVE-2022-35810
CVE-2022-35811
CVE-2022-35812
CVE-2022-35813
CVE-2022-35814
CVE-2022-35815
CVE-2022-35816
CVE-2022-35817
CVE-2022-35818
CVE-2022-35819
CVE-2022-35821
CVE-2022-35824

Workaround: No
Exploited: No
Public: No

Denial of Service

Information Disclosure

Remote Code Execution

Elevation of Privilege

Visual Studio

2012 Update 5

2013 Update 5

2015 Update 3

2017 15.9 and earlier

2019 16.11 and earlier

2022 17.2, 17.0

Important

CVE-2022-35777
CVE-2022-35825
CVE-2022-35826
CVE-2022-35827

Workaround: No
Exploited: No
Public: No

Remote Code Execution

.NET

Core 3.1

6.0

Important

CVE-2022-34716

Workaround: No
Exploited: No
Public: No

Spoofing

Exchange Server

2013 CU23,
2016 CU22 and CU23,
2019 CU11 and CU12

Critical

CVE-2022-21979
CVE-2022-21980*
CVE-2022-24477*
CVE-2022-24516*
CVE-2022-30134
CVE-2022-34692

Workaround: No
Exploited: No
Public: Yes

Elevation of Privilege

Information Disclosure

System Center

SCOM 2016, 2019, 2022

Important

CVE-2022-33640

Workaround: No
Exploited: No
Public: No

Elevation of Privilege