Microsoft Patch Tuesday, August 9, 2022
Date of Notice: 08/10/2022
Action Level - High
Description
Microsoft’s latest security update on Tuesday, August 9, 2022, contains 121 CVEs, with two that are either currently known to be exploited or were publicly known at the time of release.
Notably, CVE-2022-34713 AKA ‘DogWalk’ is an actively exploited MSDT (Microsoft Support Diagnostic Tool) vulnerability which allows remote code execution. CVE-2022-30134, the other zero-day vulnerability, allows an attacker to read targeted email messages and is not currently known to be exploited.
Overall, 17 of the CVEs in this cycle are rated Critical. One Important vulnerability is known to be exploited currently, and one other Important has been publicly disclosed.
Remediation
Ensure your devices are running current patches per vendor guidance. If you are unable to patch, review the Critical and Disclosed CVEs and explore their specific mitigation options. Zero Day Initiative has a consolidated list here.