Security News > 2022 > August > Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Of the 121 Microsoft bugs, 17 are considered critical.
First, CVE-2022-34713, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that's under active attack.
To exploit this bug, an attacker would need to trick a victim into opening a specially crafted file, likely either via a phishing email or malicious website that contains a file designed to exploit the vulnerability.
Yes, this issue of MSDT bugs under active exploit has been an ongoing issue for the software giant.
The second Microsoft vulnerability listed as publicly known, tracked as CVE-2022-30134, is an information disclosure bug in Microsoft Exchange.
VMware issued three new security updates today and warned that a critical authentication bypass bug disclosed last week has since been exploited in the wild.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/09/august_patch_tuesday_microsoft/
Related news
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-09 | CVE-2022-34713 | Unspecified vulnerability in Microsoft products Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 7.8 |
| 2022-08-09 | CVE-2022-30134 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 6.5 |