Security News > 2022 > August > Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Of the 121 Microsoft bugs, 17 are considered critical.
First, CVE-2022-34713, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that's under active attack.
To exploit this bug, an attacker would need to trick a victim into opening a specially crafted file, likely either via a phishing email or malicious website that contains a file designed to exploit the vulnerability.
Yes, this issue of MSDT bugs under active exploit has been an ongoing issue for the software giant.
The second Microsoft vulnerability listed as publicly known, tracked as CVE-2022-30134, is an information disclosure bug in Microsoft Exchange.
VMware issued three new security updates today and warned that a critical authentication bypass bug disclosed last week has since been exploited in the wild.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/09/august_patch_tuesday_microsoft/
Related news
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-09 | CVE-2022-34713 | Unspecified vulnerability in Microsoft products Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 7.8 |
| 2022-08-09 | CVE-2022-30134 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 0.0 |