Sierpniowy Patch Tuesday Microsoftu

cert.pse-online.pl 2 lat temu

9 sierpnia 2022 r. firma Microsoft opublikowała aktualizacje zabezpieczeń usuwające luki w wielu produktach, a wraz z nimi poprawki aktywnie wykorzystywanej luki zero-day „DogWalk” i łącznie 121 luk.

Aktywnie wykorzystywana luka zero-day, naprawiona dzisiaj, jest żartobliwie nazywana „DogWalk” i śledzona przez firmę Microsoft jako „CVE-2022-34713 — luka w zabezpieczeniach narzędzia Microsoft Windows Support Diagnostic Tool (MSDT) umożliwiająca zdalne wykonanie kodu”.

Poniżej znajduje się pełna lista usuniętych luk w zabezpieczeniach i wydanych porad we wtorkowych aktualizacjach poprawek z sierpnia 2022 r.

TagNumer CVECVE OpisKrytyczność
.NET CoreCVE-2022-34716.NET Spoofing VulnerabilityWażna
Active Directory Domain ServicesCVE-2022-34691Active Directory Domain Services Elevation of Privilege VulnerabilityKrytyczna
Azure Batch Node AgentCVE-2022-33646Azure Batch Node Agent Elevation of Privilege VulnerabilityKrytyczna
Azure Real Time Operating SystemCVE-2022-34685Azure RTOS GUIX Studio Information Disclosure VulnerabilityWażna
Azure Real Time Operating SystemCVE-2022-34686Azure RTOS GUIX Studio Information Disclosure VulnerabilityWażna
Azure Real Time Operating SystemCVE-2022-35773Azure RTOS GUIX Studio Remote Code Execution VulnerabilityWażna
Azure Real Time Operating SystemCVE-2022-35779Azure RTOS GUIX Studio Remote Code Execution VulnerabilityWażna
Azure Real Time Operating SystemCVE-2022-35806Azure RTOS GUIX Studio Remote Code Execution VulnerabilityWażna
Azure Real Time Operating SystemCVE-2022-34687Azure RTOS GUIX Studio Remote Code Execution VulnerabilityWażna
Azure Real Time Operating SystemCVE-2022-30176Azure RTOS GUIX Studio Remote Code Execution VulnerabilityWażna
Azure Real Time Operating SystemCVE-2022-30175Azure RTOS GUIX Studio Remote Code Execution VulnerabilityWażna
Azure Site RecoveryCVE-2022-35791Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35818Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35809Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35789Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35815Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35817Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35816Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35814Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35785Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35812Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35811Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35784Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35810Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35813Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35788Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35783Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35786Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35787Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35819Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35781Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35775Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35790Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35780Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35799Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35772Azure Site Recovery Remote Code Execution VulnerabilityWażna
Azure Site RecoveryCVE-2022-35800Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35774Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35802Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35782Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35824Azure Site Recovery Remote Code Execution VulnerabilityWażna
Azure Site RecoveryCVE-2022-35801Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35808Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure Site RecoveryCVE-2022-35776Azure Site Recovery Denial of Service VulnerabilityWażna
Azure Site RecoveryCVE-2022-35807Azure Site Recovery Elevation of Privilege VulnerabilityWażna
Azure SphereCVE-2022-35821Azure Sphere Information Disclosure VulnerabilityWażna
Microsoft ATA Port DriverCVE-2022-35760Microsoft ATA Port Driver Elevation of Privilege VulnerabilityWażna
Microsoft Bluetooth DriverCVE-2022-35820Windows Bluetooth Driver Elevation of Privilege VulnerabilityWażna
Microsoft Edge (Chromium-based)CVE-2022-35796Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityNiska
Microsoft Edge (Chromium-based)CVE-2022-33649Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityWażna
Microsoft Edge (Chromium-based)CVE-2022-2618Chromium: CVE-2022-2618 Insufficient validation of untrusted input in InternalsNieznana
Microsoft Edge (Chromium-based)CVE-2022-2616Chromium: CVE-2022-2616 Inappropriate implementation in Extensions APINieznana
Microsoft Edge (Chromium-based)CVE-2022-2617Chromium: CVE-2022-2617 Use after free in Extensions APINieznana
Microsoft Edge (Chromium-based)CVE-2022-2619Chromium: CVE-2022-2619 Insufficient validation of untrusted input in SettingsNieznana
Microsoft Edge (Chromium-based)CVE-2022-2622Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe BrowsingNieznana
Microsoft Edge (Chromium-based)CVE-2022-2623Chromium: CVE-2022-2623 Use after free in OfflineNieznana
Microsoft Edge (Chromium-based)CVE-2022-33636Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityMierna
Microsoft Edge (Chromium-based)CVE-2022-2621Chromium: CVE-2022-2621 Use after free in ExtensionsNieznana
Microsoft Edge (Chromium-based)CVE-2022-2615Chromium: CVE-2022-2615 Insufficient policy enforcement in CookiesNieznana
Microsoft Edge (Chromium-based)CVE-2022-2604Chromium: CVE-2022-2604 Use after free in Safe BrowsingNieznana
Microsoft Edge (Chromium-based)CVE-2022-2605Chromium: CVE-2022-2605 Out of bounds read in DawnNieznana
Microsoft Edge (Chromium-based)CVE-2022-2624Chromium: CVE-2022-2624 Heap buffer overflow in PDFNieznana
Microsoft Edge (Chromium-based)CVE-2022-2603Chromium: CVE-2022-2603 Use after free in OmniboxNieznana
Microsoft Edge (Chromium-based)CVE-2022-2606Chromium: CVE-2022-2606 Use after free in Managed devices APINieznana
Microsoft Edge (Chromium-based)CVE-2022-2612Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard inputNieznana
Microsoft Edge (Chromium-based)CVE-2022-2614Chromium: CVE-2022-2614 Use after free in Sign-In FlowNieznana
Microsoft Edge (Chromium-based)CVE-2022-2610Chromium: CVE-2022-2610 Insufficient policy enforcement in Background FetchNieznana
Microsoft Edge (Chromium-based)CVE-2022-2611Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen APINieznana
Microsoft Exchange ServerCVE-2022-34692Microsoft Exchange Information Disclosure VulnerabilityWażna
Microsoft Exchange ServerCVE-2022-21980Microsoft Exchange Server Elevation of Privilege VulnerabilityKrytyczna
Microsoft Exchange ServerCVE-2022-21979Microsoft Exchange Information Disclosure VulnerabilityWażna
Microsoft Exchange ServerCVE-2022-24516Microsoft Exchange Server Elevation of Privilege VulnerabilityKrytyczna
Microsoft Exchange ServerCVE-2022-30134Microsoft Exchange Information Disclosure VulnerabilityWażna
Microsoft Exchange ServerCVE-2022-24477Microsoft Exchange Server Elevation of Privilege VulnerabilityKrytyczna
Microsoft OfficeCVE-2022-34717Microsoft Office Remote Code Execution VulnerabilityWażna
Microsoft Office ExcelCVE-2022-33648Microsoft Excel Remote Code Execution VulnerabilityWażna
Microsoft Office ExcelCVE-2022-33631Microsoft Excel Security Feature Bypass VulnerabilityWażna
Microsoft Office OutlookCVE-2022-35742Microsoft Outlook Denial of Service VulnerabilityWażna
Microsoft Windows Support Diagnostic Tool (MSDT)CVE-2022-34713Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityWażna
Microsoft Windows Support Diagnostic Tool (MSDT)CVE-2022-35743Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityWażna
Remote Access Service Point-to-Point Tunneling ProtocolCVE-2022-35752Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityKrytyczna
Remote Access Service Point-to-Point Tunneling ProtocolCVE-2022-35753Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityKrytyczna
Remote Access Service Point-to-Point Tunneling ProtocolCVE-2022-35769Windows Point-to-Point Protocol (PPP) Denial of Service VulnerabilityWażna
Role: Windows Fax ServiceCVE-2022-34690Windows Fax Service Elevation of Privilege VulnerabilityWażna
Role: Windows Hyper-VCVE-2022-34696Windows Hyper-V Remote Code Execution VulnerabilityKrytyczna
Role: Windows Hyper-VCVE-2022-35751Windows Hyper-V Elevation of Privilege VulnerabilityWażna
System Center Operations ManagerCVE-2022-33640System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityWażna
Visual StudioCVE-2022-35827Visual Studio Remote Code Execution VulnerabilityWażna
Visual StudioCVE-2022-35777Visual Studio Remote Code Execution VulnerabilityWażna
Visual StudioCVE-2022-35825Visual Studio Remote Code Execution VulnerabilityWażna
Visual StudioCVE-2022-35826Visual Studio Remote Code Execution VulnerabilityWażna
Windows Bluetooth ServiceCVE-2022-30144Windows Bluetooth Service Remote Code Execution VulnerabilityWażna
Windows Canonical Display DriverCVE-2022-35750Win32k Elevation of Privilege VulnerabilityWażna
Windows Cloud Files Mini Filter DriverCVE-2022-35757Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityWażna
Windows Defender Credential GuardCVE-2022-35771Windows Defender Credential Guard Elevation of Privilege VulnerabilityWażna
Windows Defender Credential GuardCVE-2022-34705Windows Defender Credential Guard Elevation of Privilege VulnerabilityWażna
Windows Defender Credential GuardCVE-2022-34710Windows Defender Credential Guard Information Disclosure VulnerabilityWażna
Windows Defender Credential GuardCVE-2022-34709Windows Defender Credential Guard Security Feature Bypass VulnerabilityWażna
Windows Defender Credential GuardCVE-2022-34704Windows Defender Credential Guard Information Disclosure VulnerabilityWażna
Windows Defender Credential GuardCVE-2022-34712Windows Defender Credential Guard Information Disclosure VulnerabilityWażna
Windows Digital MediaCVE-2022-35746Windows Digital Media Receiver Elevation of Privilege VulnerabilityWażna
Windows Digital MediaCVE-2022-35749Windows Digital Media Receiver Elevation of Privilege VulnerabilityWażna
Windows Error ReportingCVE-2022-35795Windows Error Reporting Service Elevation of Privilege VulnerabilityWażna
Windows HelloCVE-2022-35797Windows Hello Security Feature Bypass VulnerabilityWażna
Windows Internet Information ServicesCVE-2022-35748HTTP.sys Denial of Service VulnerabilityWażna
Windows KerberosCVE-2022-35756Windows Kerberos Elevation of Privilege VulnerabilityWażna
Windows KernelCVE-2022-35761Windows Kernel Elevation of Privilege VulnerabilityWażna
Windows KernelCVE-2022-35768Windows Kernel Elevation of Privilege VulnerabilityWażna
Windows KernelCVE-2022-34708Windows Kernel Information Disclosure VulnerabilityWażna
Windows KernelCVE-2022-34707Windows Kernel Elevation of Privilege VulnerabilityWażna
Windows KernelCVE-2022-35804SMB Client and Server Remote Code Execution VulnerabilityKrytyczna
Windows KernelCVE-2022-30197Windows Kernel Information Disclosure VulnerabilityWażna
Windows KernelCVE-2022-35758Windows Kernel Memory Information Disclosure VulnerabilityWażna
Windows Local Security Authority (LSA)CVE-2022-34706Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityWażna
Windows Local Security Authority (LSA)CVE-2022-35759Windows Local Security Authority (LSA) Denial of Service VulnerabilityWażna
Windows Network File SystemCVE-2022-34715Windows Network File System Remote Code Execution VulnerabilityWażna
Windows Partition Management DriverCVE-2022-33670Windows Partition Management Driver Elevation of Privilege VulnerabilityWażna
Windows Partition Management DriverCVE-2022-34703Windows Partition Management Driver Elevation of Privilege VulnerabilityWażna
Windows Point-to-Point Tunneling ProtocolCVE-2022-30133Windows Point-to-Point Protocol (PPP) Remote Code Execution VulnerabilityKrytyczna
Windows Point-to-Point Tunneling ProtocolCVE-2022-35747Windows Point-to-Point Protocol (PPP) Denial of Service VulnerabilityWażna
Windows Point-to-Point Tunneling ProtocolCVE-2022-35744Windows Point-to-Point Protocol (PPP) Remote Code Execution VulnerabilityKrytyczna
Windows Print Spooler ComponentsCVE-2022-35793Windows Print Spooler Elevation of Privilege VulnerabilityWażna
Windows Print Spooler ComponentsCVE-2022-35755Windows Print Spooler Elevation of Privilege VulnerabilityWażna
Windows Secure BootCVE-2022-34301CERT/CC: CVE-2022-34301 Eurosoft Boot Loader BypassWażna
Windows Secure BootCVE-2022-34302CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader BypassWażna
Windows Secure BootCVE-2022-34303CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader BypassWażna
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-35745Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityKrytyczna
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-35766Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityKrytyczna
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-35794Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityKrytyczna
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-34701Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service VulnerabilityWażna
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-34714Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityKrytyczna
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-34702Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityKrytyczna
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-35767Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityKrytyczna
Windows Storage Spaces DirectCVE-2022-35762Storage Spaces Direct Elevation of Privilege VulnerabilityWażna
Windows Storage Spaces DirectCVE-2022-35765Storage Spaces Direct Elevation of Privilege VulnerabilityWażna
Windows Storage Spaces DirectCVE-2022-35792Storage Spaces Direct Elevation of Privilege VulnerabilityWażna
Windows Storage Spaces DirectCVE-2022-35763Storage Spaces Direct Elevation of Privilege VulnerabilityWażna
Windows Storage Spaces DirectCVE-2022-35764Storage Spaces Direct Elevation of Privilege VulnerabilityWażna
Windows Unified Write FilterCVE-2022-35754Unified Write Filter Elevation of Privilege VulnerabilityWażna
Windows WebBrowser ControlCVE-2022-30194Windows WebBrowser Control Remote Code Execution VulnerabilityWażna
Windows Win32KCVE-2022-34699Windows Win32k Elevation of Privilege VulnerabilityWażna

Źródło:

https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2022-patch-tuesday-fixes-exploited-zero-day-121-flaws/

https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug

Idź do oryginalnego materiału