Security News > 2022 > August > Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Of the 121 Microsoft bugs, 17 are considered critical.
First, CVE-2022-34713, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that's under active attack.
To exploit this bug, an attacker would need to trick a victim into opening a specially crafted file, likely either via a phishing email or malicious website that contains a file designed to exploit the vulnerability.
Yes, this issue of MSDT bugs under active exploit has been an ongoing issue for the software giant.
The second Microsoft vulnerability listed as publicly known, tracked as CVE-2022-30134, is an information disclosure bug in Microsoft Exchange.
VMware issued three new security updates today and warned that a critical authentication bypass bug disclosed last week has since been exploited in the wild.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/09/august_patch_tuesday_microsoft/
Related news
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Microsoft SharePoint RCE bug exploited to breach corporate network (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-09 | CVE-2022-34713 | Unspecified vulnerability in Microsoft products Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 0.0 |
| 2022-08-09 | CVE-2022-30134 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 0.0 |