Security News > 2022 > August > Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Of the 121 Microsoft bugs, 17 are considered critical.
First, CVE-2022-34713, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that's under active attack.
To exploit this bug, an attacker would need to trick a victim into opening a specially crafted file, likely either via a phishing email or malicious website that contains a file designed to exploit the vulnerability.
Yes, this issue of MSDT bugs under active exploit has been an ongoing issue for the software giant.
The second Microsoft vulnerability listed as publicly known, tracked as CVE-2022-30134, is an information disclosure bug in Microsoft Exchange.
VMware issued three new security updates today and warned that a critical authentication bypass bug disclosed last week has since been exploited in the wild.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/09/august_patch_tuesday_microsoft/
Related news
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-09 | CVE-2022-34713 | Unspecified vulnerability in Microsoft products Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 7.8 |
| 2022-08-09 | CVE-2022-30134 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 0.0 |