121 CVEs addressed through the August 2022 Patch Tuesday rollout

News » Security » Patch Tuesday

Reading time icon 10 min. read

Calendar icon Published on

by Alexandru Poloboc 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Key notes

  • Check out the entire list of updates released via this month's Patch Tuesday event.
  • August 2022 comes with a whopping 121 new updates for various Windows CVEs.
  • Out of all the CVEs, know that 17 are rated Critical, and 102 are rated Important.
patch tuesday

If you are feeling a tad uncomfortable, it’s because we’re already in August and the temperatures are starting to slowly build up in our offices.

Windows users, however, are looking towards Microsoft in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve already provided the direct download links for the cumulative updates released today for Windows 10 and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again.

This month, the Redmond tech giant released 121 new patches, which is a lot more than some people were expecting right after Easter.

These software updates address CVEs in:

  • Microsoft Windows and Windows Components
  • Azure Batch Node Agent
  • Real Time Operating System
  • Site Recovery, and Sphere
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Exchange Server
  • Office and Office Components
  • PPTP
  • SSTP
  • Remote Access Service PPTP
  • Hyper-V
  • System Center Operations Manager
  • Windows Internet Information Services
  • Print Spooler Components
  • Windows Defender Credential Guard

All of this is beside the 17 CVEs patched in Edge (Chromium-based) and three patches related to secure boot from CERT/CC, which actually brings the total number of CVEs to 141

Microsoft provides fixes for 121 flaws in August 2022

It’s pretty much safe to say that this wasn’t either the busiest or the lightest month for Redmond-based security experts.

You might like to know that, out of the 121 new CVEs released, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity.

Please keep in mind that two of these bugs are listed as publicly known, and one is listed as under active attack at the time of release.

CVETitleSeverityCVSSPublicExploitedType
CVE-2022-34713Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityImportant7.8YesYesRCE
CVE-2022-30134Microsoft Exchange Information Disclosure VulnerabilityImportant7.6YesNoInfo
CVE-2022-30133Windows Point-to-Point Protocol (PPP) Remote Code Execution VulnerabilityCritical9.8NoNoRCE
CVE-2022-35744Windows Point-to-Point Protocol (PPP) Remote Code Execution VulnerabilityCritical9.8NoNoRCE
CVE-2022-34691Active Directory Domain Services Elevation of Privilege VulnerabilityCritical8.8NoNoEoP
CVE-2022-33646Azure Batch Node Agent Remote Code Execution VulnerabilityCritical7NoNoRCE
CVE-2022-21980Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical8NoNoEoP
CVE-2022-24477Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical8NoNoEoP
CVE-2022-24516Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical8NoNoEoP
CVE-2022-35752RAS Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2022-35753RAS Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2022-35804SMB Client and Server Remote Code Execution VulnerabilityCritical8.8NoNoRCE
CVE-2022-34696Windows Hyper-V Remote Code Execution VulnerabilityCritical7.8NoNoRCE
CVE-2022-34702Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2022-34714Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2022-35745Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2022-35766Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2022-35767Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2022-35794Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2022-34716.NET Spoofing VulnerabilityImportant5.9NoNoSpoofing
CVE-2022-34685Azure RTOS GUIX Studio Information Disclosure VulnerabilityImportant7.8NoNoInfo
CVE-2022-34686Azure RTOS GUIX Studio Information Disclosure VulnerabilityImportant7.8NoNoInfo
CVE-2022-30175Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-30176Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-34687Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-35773Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-35779Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-35806Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-35776Azure Site Recovery Denial of Service VulnerabilityImportant6.2NoNoDoS
CVE-2022-35802Azure Site Recovery Elevation of Privilege VulnerabilityImportant8.1NoNoEoP
CVE-2022-35775Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35780Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35781Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35782Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35784Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35785Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35786Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35788Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35789Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35790Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35791Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35799Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35801Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35807Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35808Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35809Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35810Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35811Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35813Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35814Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35815Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35816Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35817Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35818Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35819Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-35774Azure Site Recovery Elevation of Privilege VulnerabilityImportant4.9NoNoEoP
CVE-2022-35787Azure Site Recovery Elevation of Privilege VulnerabilityImportant4.9NoNoEoP
CVE-2022-35800Azure Site Recovery Elevation of Privilege VulnerabilityImportant4.9NoNoEoP
CVE-2022-35783Azure Site Recovery Elevation of Privilege VulnerabilityImportant4.4NoNoEoP
CVE-2022-35812Azure Site Recovery Elevation of Privilege VulnerabilityImportant4.4NoNoEoP
CVE-2022-35824Azure Site Recovery Remote Code Execution VulnerabilityImportantUnknownNoNoRCE
CVE-2022-35772Azure Site Recovery Remote Code Execution VulnerabilityImportant7.2NoNoRCE
CVE-2022-35821Azure Sphere Information Disclosure VulnerabilityImportant4.4NoNoInfo
CVE-2022-34301 *CERT/CC: CVE-2022-34301 Eurosoft Boot Loader BypassImportantN/ANoNoSFB
CVE-2022-34302 *CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader BypassImportantN/ANoNoSFB
CVE-2022-34303 *CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader BypassImportantN/ANoNoSFB
CVE-2022-35748HTTP.sys Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2022-35760Microsoft ATA Port Driver Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-33649Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityImportant9.6NoNoSFB
CVE-2022-33648Microsoft Excel Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-33631Microsoft Excel Security Feature Bypass VulnerabilityImportant7.3NoNoSFB
CVE-2022-34692Microsoft Exchange Information Disclosure VulnerabilityImportant5.3NoNoInfo
CVE-2022-21979Microsoft Exchange Information Disclosure VulnerabilityImportant4.8NoNoInfo
CVE-2022-34717Microsoft Office Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2022-35742Microsoft Outlook Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2022-35743Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-35762Storage Spaces Direct Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-35763Storage Spaces Direct Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-35764Storage Spaces Direct Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-35765Storage Spaces Direct Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-35792Storage Spaces Direct Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-33640System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-35754Unified Write Filter Elevation of Privilege VulnerabilityImportant6.7NoNoEoP
CVE-2022-35777Visual Studio Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2022-35825Visual Studio Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2022-35826Visual Studio Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2022-35827Visual Studio Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2022-35750Win32k Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-35820Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-30144Windows Bluetooth Service Remote Code Execution VulnerabilityImportant7.5NoNoRCE
CVE-2022-35757Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant7.3NoNoEoP
CVE-2022-34705Windows Defender Credential Guard Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-35771Windows Defender Credential Guard Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-34704Windows Defender Credential Guard Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2022-34710Windows Defender Credential Guard Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2022-34712Windows Defender Credential Guard Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2022-34709Windows Defender Credential Guard Security Feature Bypass VulnerabilityImportant6NoNoSFB
CVE-2022-35746Windows Digital Media Receiver Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-35749Windows Digital Media Receiver Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-35795Windows Error Reporting Service Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-34690Windows Fax Service Elevation of Privilege VulnerabilityImportant7.1NoNoEoP
CVE-2022-35797Windows Hello Security Feature Bypass VulnerabilityImportant6.1NoNoSFB
CVE-2022-35751Windows Hyper-V Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-35756Windows Kerberos Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-35761Windows Kernel Elevation of Privilege VulnerabilityImportant8.4NoNoEoP
CVE-2022-34707Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-35768Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-34708Windows Kernel Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2022-35758Windows Kernel Memory Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2022-30197Windows Kernel Security Feature BypassImportant7.8NoNoSFB
CVE-2022-35759Windows Local Security Authority (LSA) Denial of Service VulnerabilityImportant6.5NoNoDoS
CVE-2022-34706Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-34715Windows Network File System Remote Code Execution VulnerabilityImportant9.8NoNoRCE
CVE-2022-33670Windows Partition Management Driver Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-34703Windows Partition Management Driver Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-35769Windows Point-to-Point Protocol (PPP) Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2022-35747Windows Point-to-Point Protocol (PPP) Denial of Service VulnerabilityImportant5.9NoNoDoS
CVE-2022-35755Windows Print Spooler Elevation of Privilege VulnerabilityImportant7.3NoNoEoP
CVE-2022-35793Windows Print Spooler Elevation of Privilege VulnerabilityImportant7.3NoNoEoP
CVE-2022-34701Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service VulnerabilityImportant5.3NoNoDoS
CVE-2022-30194Windows WebBrowser Control Remote Code Execution VulnerabilityImportant7.5NoNoRCE
CVE-2022-34699Windows Win32k Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-33636Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate8.3NoNoRCE
CVE-2022-35796Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityLow7.5NoNoEoP
CVE-2022-2603 *Chromium: CVE-2022-2603 Use after free in OmniboxHighN/ANoNoRCE
CVE-2022-2604 *Chromium: CVE-2022-2604 Use after free in Safe BrowsingHighN/ANoNoRCE
CVE-2022-2605 *Chromium: CVE-2022-2605 Out of bounds read in DawnHighN/ANoNoRCE
CVE-2022-2606 *Chromium: CVE-2022-2606 Use after free in Managed devices APIHighN/ANoNoRCE
CVE-2022-2610 *Chromium: CVE-2022-2610 Insufficient policy enforcement in Background FetchMediumN/ANoNoSFB
CVE-2022-2611 *Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen APIMediumN/ANoNoN/A
CVE-2022-2612 *Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard inputMediumN/ANoNoInfo
CVE-2022-2614 *Chromium: CVE-2022-2614 Use after free in Sign-In FlowMediumN/ANoNoRCE
CVE-2022-2615 *Chromium: CVE-2022-2615 Insufficient policy enforcement in CookiesMediumN/ANoNoSFB
CVE-2022-2616 *Chromium: CVE-2022-2616 Inappropriate implementation in Extensions APIMediumN/ANoNoN/A
CVE-2022-2617 *Chromium: CVE-2022-2617 Use after free in Extensions APIMediumN/ANoNoRCE
CVE-2022-2618 *Chromium: CVE-2022-2618 Insufficient validation of untrusted input in InternalsMediumN/ANoNoSpoofing
CVE-2022-2619 *Chromium: CVE-2022-2619 Insufficient validation of untrusted input in SettingsMediumN/ANoNoSpoofing
CVE-2022-2621 *Chromium: CVE-2022-2621 Use after free in ExtensionsMediumN/ANoNoRCE
CVE-2022-2622 *Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe BrowsingMediumN/ANoNoSpoofing
CVE-2022-2623 *Chromium: CVE-2022-2623 Use after free in OfflineMediumN/ANoNoRCE
CVE-2022-2624 *Chromium: CVE-2022-2624 Heap buffer overflow in PDFMediumN/ANoNoRCE

You should know that the month of August brings no less than 34 updates just for the Azure Site Recovery component.

This brings the tally up to 66 updates for this component in July and August, which is a pretty big number even by Microsoft standards.

For August 2022, there are two RCE bugs, one DoS, and 31 EoP vulnerabilities being fixed, just to clarify the situation.

All of the above-mentioned bugs involve the VMWare-to-Azure scenario. That being said, if you use Azure Site Recovery, you will need to update to 9.50 to be protected.

Also, there are nine other code execution bugs fixed through this month’s Patch Tuesday rollout, including another bug in MSDT that is not under active attack for the time being.

We’re also looking at two bugs in the Windows Defender Credential Guard, both of which could allow an attacker to access Kerberos-protected data.

Before we conclude, let’s also state the fact that seven different Denial-of-Service (DoS) vulnerabilities received fixes this month, including the above-mentioned Outlook and Azure Site Recovery bugs.

You can track all of the CVEs addressed this month from the list above, and be aware of everything that is happening.

Looking forward, the next Patch Tuesday security update rollout will be on the 13th of September, which is a bit sooner than some expected it.

Have you found any other issues after installing this month’s security updates? Share your opinion in the comments section below.

More about the topics: patch tuesday

Alexandru Poloboc

Alexandru Poloboc Shield

Tech Journalist

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio entertainment show host. A certified gadget freak, he always feels the need to surround himself with next-generation electronics. When he is not working, he splits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.

User forum

0 messages