Security News > 2022 > August > Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Of the 121 Microsoft bugs, 17 are considered critical.
First, CVE-2022-34713, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that's under active attack.
To exploit this bug, an attacker would need to trick a victim into opening a specially crafted file, likely either via a phishing email or malicious website that contains a file designed to exploit the vulnerability.
Yes, this issue of MSDT bugs under active exploit has been an ongoing issue for the software giant.
The second Microsoft vulnerability listed as publicly known, tracked as CVE-2022-30134, is an information disclosure bug in Microsoft Exchange.
VMware issued three new security updates today and warned that a critical authentication bypass bug disclosed last week has since been exploited in the wild.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/09/august_patch_tuesday_microsoft/
Related news
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Mitel 0-day, 5-year-old Oracle RCE bug under active exploit (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-09 | CVE-2022-34713 | Unspecified vulnerability in Microsoft products Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 0.0 |
| 2022-08-09 | CVE-2022-30134 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 0.0 |