Microsoft Fixes 141 Bugs, Including 2 Zero-Day Vulnerabilities
Microsoft has released patches for 141 bugs in its August 2022 Patch update, including two previously undisclosed (zero-day) flaws, of which one is actively being exploited.
The total patch count for the August 2022 Patch update includes 20 flaws in Edge that Microsoft had previously released fixes for, leaving 121 flaws affecting Windows, Office, Azure, .NET Core, Visual Studio, and Exchange Server, reports ZDNet.
The Zero Day Initiative noted that the volume of fixes released this month is “markedly higher” than expected in an August release.
“It is almost triple the size of last year’s August release, and it’s the second largest release this year,” the bug hunting group was quoted as saying.
Microsoft addressed 17 critical flaws and 102 important flaws this month across.
The fixes address 64 elevations of privilege flaws and 32 remote code execution flaws, as well as security feature bypasses and information disclosure flaws.
Also, 34 of this month’s fixes address bugs in Azure Site Recovery, Microsoft’s disaster recovery toolset for the cloud.
The actively exploited bug is a remote code execution flaw affecting the Microsoft Windows Support Diagnostic Tool (MSDT), tracked as CVE-2022-34713.
According to Microsoft, it is related to a bug that some security researchers refer to as “Dogwalk”.
Researchers reported the Dogwalk bug to Microsoft in early 2020 but Microsoft did not address it until May this year when attackers began exploiting MSDT via malicious Word documents.
The company that month issued the identifier CVE-2022-30190 with mitigation steps, followed by a patch in mid-June and further defense-in-depth measures in July.