Security News > 2022 > August > Microsoft fixes exploited zero-day in Windows Support Diagnostic Tool (CVE-2022-34713)
The August 2022 Patch Tuesday has arrived, with fixes for an unexpectedly high number of vulnerabilities in various Microsoft products, including two zero-days: one actively exploited and one not yet.
CVE-2022-34713 is a vulnerability in Microsoft Windows Support Diagnostic Tool that allows for remote code execution.
"Anything actively exploited in the wild must be at the top of the list of things to patch. This one is related to a wave of attacks in May when malicious documents were used to gain code execution via the MSDT tool," noted Kevin Breen, Director of Cyber Threat Research at Immersive Labs.
"We've seen flaws like CVE-2017-11882, a remote code execution bug in Microsoft Office, continue to be exploited years after patches have been made available. For attackers, bugs that can be executed via malicious documents remain a valuable tool, so flaws like Follina and CVE-2022-34713 will continue to be used for months. Therefore, it is vital that organizations apply the available patches as soon as possible."
CVE-2022-30134 is a publicly known information disclosure vulnerability that affects Microsoft Exchange and could be exploited by attackers to read targeted email messages, but it's not under attack at the moment.
"Rarely are elevation of privilege bugs rated Critical, but these certainly qualify. These bugs could allow an authenticated attacker to take over the mailboxes of all Exchange users. They could then read and send emails or download attachments from any mailbox on the Exchange server. Administrators will also need to enable Extended Protection to fully address these vulnerabilities," noted Dustin Childs, with Trend Micro's Zero Day Initiative.
News URL
https://www.helpnetsecurity.com/2022/08/09/cve-2022-34713/
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft now force installing Windows 11 23H2 on eligible PCs (source)
- Microsoft has started testing Wi-Fi 7 support in Windows 11 (source)
- Lazarus hackers exploited Windows zero-day to gain Kernel privileges (source)
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- Microsoft rolls back decision to stop Windows 11 22H2 preview updates (source)
- Windows Kernel bug fixed last month exploited as zero-day since August (source)
- Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs (source)
- Microsoft is killing off the Android apps in Windows 11 feature (source)
- Microsoft says Windows 10 21H2 support is ending in June (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-09 | CVE-2022-34713 | Unspecified vulnerability in Microsoft products Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 7.8 |
| 2022-08-09 | CVE-2022-30134 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 6.5 |
| 2017-11-15 | CVE-2017-11882 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". | 9.3 |