121 CVEs addressed through the August 2022 Patch Tuesday rollout

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • Check out the entire list of updates released via this month's Patch Tuesday event.
  • August 2022 comes with a whopping 121 new updates for various Windows CVEs.
  • Out of all the CVEs, know that 17 are rated Critical, and 102 are rated Important.
patch tuesday

If you are feeling a tad uncomfortable, it’s because we’re already in August and the temperatures are starting to slowly build up in our offices.

Windows users, however, are looking towards Microsoft in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve already provided the direct download links for the cumulative updates released today for Windows 10 and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again.

This month, the Redmond tech giant released 121 new patches, which is a lot more than some people were expecting right after Easter.

These software updates address CVEs in:

  • Microsoft Windows and Windows Components
  • Azure Batch Node Agent
  • Real Time Operating System
  • Site Recovery, and Sphere
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Exchange Server
  • Office and Office Components
  • PPTP
  • SSTP
  • Remote Access Service PPTP
  • Hyper-V
  • System Center Operations Manager
  • Windows Internet Information Services
  • Print Spooler Components
  • Windows Defender Credential Guard

All of this is beside the 17 CVEs patched in Edge (Chromium-based) and three patches related to secure boot from CERT/CC, which actually brings the total number of CVEs to 141

Microsoft provides fixes for 121 flaws in August 2022

It’s pretty much safe to say that this wasn’t either the busiest or the lightest month for Redmond-based security experts.

You might like to know that, out of the 121 new CVEs released, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity.

Please keep in mind that two of these bugs are listed as publicly known, and one is listed as under active attack at the time of release.

CVE Title Severity CVSS Public Exploited Type
CVE-2022-34713 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Important 7.8 Yes Yes RCE
CVE-2022-30134 Microsoft Exchange Information Disclosure Vulnerability Important 7.6 Yes No Info
CVE-2022-30133 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2022-35744 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2022-34691 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No EoP
CVE-2022-33646 Azure Batch Node Agent Remote Code Execution Vulnerability Critical 7 No No RCE
CVE-2022-21980 Microsoft Exchange Server Elevation of Privilege Vulnerability Critical 8 No No EoP
CVE-2022-24477 Microsoft Exchange Server Elevation of Privilege Vulnerability Critical 8 No No EoP
CVE-2022-24516 Microsoft Exchange Server Elevation of Privilege Vulnerability Critical 8 No No EoP
CVE-2022-35752 RAS Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-35753 RAS Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-35804 SMB Client and Server Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2022-34696 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2022-34702 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-34714 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-35745 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-35766 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-35767 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-35794 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-34716 .NET Spoofing Vulnerability Important 5.9 No No Spoofing
CVE-2022-34685 Azure RTOS GUIX Studio Information Disclosure Vulnerability Important 7.8 No No Info
CVE-2022-34686 Azure RTOS GUIX Studio Information Disclosure Vulnerability Important 7.8 No No Info
CVE-2022-30175 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-30176 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-34687 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-35773 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-35779 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-35806 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-35776 Azure Site Recovery Denial of Service Vulnerability Important 6.2 No No DoS
CVE-2022-35802 Azure Site Recovery Elevation of Privilege Vulnerability Important 8.1 No No EoP
CVE-2022-35775 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35780 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35781 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35782 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35784 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35785 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35786 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35788 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35789 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35790 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35791 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35799 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35801 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35807 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35808 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35809 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35810 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35811 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35813 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35814 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35815 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35816 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35817 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35818 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35819 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35774 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-35787 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-35800 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-35783 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.4 No No EoP
CVE-2022-35812 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.4 No No EoP
CVE-2022-35824 Azure Site Recovery Remote Code Execution Vulnerability Important Unknown No No RCE
CVE-2022-35772 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-35821 Azure Sphere Information Disclosure Vulnerability Important 4.4 No No Info
CVE-2022-34301 * CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass Important N/A No No SFB
CVE-2022-34302 * CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass Important N/A No No SFB
CVE-2022-34303 * CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass Important N/A No No SFB
CVE-2022-35748 HTTP.sys Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-35760 Microsoft ATA Port Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-33649 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Important 9.6 No No SFB
CVE-2022-33648 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-33631 Microsoft Excel Security Feature Bypass Vulnerability Important 7.3 No No SFB
CVE-2022-34692 Microsoft Exchange Information Disclosure Vulnerability Important 5.3 No No Info
CVE-2022-21979 Microsoft Exchange Information Disclosure Vulnerability Important 4.8 No No Info
CVE-2022-34717 Microsoft Office Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-35742 Microsoft Outlook Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-35743 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-35762 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35763 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35764 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35765 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35792 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-33640 System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35754 Unified Write Filter Elevation of Privilege Vulnerability Important 6.7 No No EoP
CVE-2022-35777 Visual Studio Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-35825 Visual Studio Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-35826 Visual Studio Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-35827 Visual Studio Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-35750 Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35820 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-30144 Windows Bluetooth Service Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-35757 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.3 No No EoP
CVE-2022-34705 Windows Defender Credential Guard Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35771 Windows Defender Credential Guard Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-34704 Windows Defender Credential Guard Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-34710 Windows Defender Credential Guard Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-34712 Windows Defender Credential Guard Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-34709 Windows Defender Credential Guard Security Feature Bypass Vulnerability Important 6 No No SFB
CVE-2022-35746 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35749 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35795 Windows Error Reporting Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-34690 Windows Fax Service Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2022-35797 Windows Hello Security Feature Bypass Vulnerability Important 6.1 No No SFB
CVE-2022-35751 Windows Hyper-V Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35756 Windows Kerberos Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35761 Windows Kernel Elevation of Privilege Vulnerability Important 8.4 No No EoP
CVE-2022-34707 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35768 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-34708 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-35758 Windows Kernel Memory Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-30197 Windows Kernel Security Feature Bypass Important 7.8 No No SFB
CVE-2022-35759 Windows Local Security Authority (LSA) Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2022-34706 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-34715 Windows Network File System Remote Code Execution Vulnerability Important 9.8 No No RCE
CVE-2022-33670 Windows Partition Management Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-34703 Windows Partition Management Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35769 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-35747 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability Important 5.9 No No DoS
CVE-2022-35755 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.3 No No EoP
CVE-2022-35793 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.3 No No EoP
CVE-2022-34701 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Important 5.3 No No DoS
CVE-2022-30194 Windows WebBrowser Control Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-34699 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-33636 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Moderate 8.3 No No RCE
CVE-2022-35796 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Low 7.5 No No EoP
CVE-2022-2603 * Chromium: CVE-2022-2603 Use after free in Omnibox High N/A No No RCE
CVE-2022-2604 * Chromium: CVE-2022-2604 Use after free in Safe Browsing High N/A No No RCE
CVE-2022-2605 * Chromium: CVE-2022-2605 Out of bounds read in Dawn High N/A No No RCE
CVE-2022-2606 * Chromium: CVE-2022-2606 Use after free in Managed devices API High N/A No No RCE
CVE-2022-2610 * Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch Medium N/A No No SFB
CVE-2022-2611 * Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API Medium N/A No No N/A
CVE-2022-2612 * Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input Medium N/A No No Info
CVE-2022-2614 * Chromium: CVE-2022-2614 Use after free in Sign-In Flow Medium N/A No No RCE
CVE-2022-2615 * Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies Medium N/A No No SFB
CVE-2022-2616 * Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API Medium N/A No No N/A
CVE-2022-2617 * Chromium: CVE-2022-2617 Use after free in Extensions API Medium N/A No No RCE
CVE-2022-2618 * Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals Medium N/A No No Spoofing
CVE-2022-2619 * Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings Medium N/A No No Spoofing
CVE-2022-2621 * Chromium: CVE-2022-2621 Use after free in Extensions Medium N/A No No RCE
CVE-2022-2622 * Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing Medium N/A No No Spoofing
CVE-2022-2623 * Chromium: CVE-2022-2623 Use after free in Offline Medium N/A No No RCE
CVE-2022-2624 * Chromium: CVE-2022-2624 Heap buffer overflow in PDF Medium N/A No No RCE

You should know that the month of August brings no less than 34 updates just for the Azure Site Recovery component.

This brings the tally up to 66 updates for this component in July and August, which is a pretty big number even by Microsoft standards.

For August 2022, there are two RCE bugs, one DoS, and 31 EoP vulnerabilities being fixed, just to clarify the situation.

All of the above-mentioned bugs involve the VMWare-to-Azure scenario. That being said, if you use Azure Site Recovery, you will need to update to 9.50 to be protected.

Also, there are nine other code execution bugs fixed through this month’s Patch Tuesday rollout, including another bug in MSDT that is not under active attack for the time being.

We’re also looking at two bugs in the Windows Defender Credential Guard, both of which could allow an attacker to access Kerberos-protected data.

Before we conclude, let’s also state the fact that seven different Denial-of-Service (DoS) vulnerabilities received fixes this month, including the above-mentioned Outlook and Azure Site Recovery bugs.

You can track all of the CVEs addressed this month from the list above, and be aware of everything that is happening.

Looking forward, the next Patch Tuesday security update rollout will be on the 13th of September, which is a bit sooner than some expected it.

Have you found any other issues after installing this month’s security updates? Share your opinion in the comments section below.

This article covers:Topics: