Security News > 2022 > August > Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack

As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild.

It's worth noting that the 121 security flaws are in addition to 25 shortcomings the tech giant addressed in its Chromium-based Edge browser late last month and the previous week.

Topping the list of patches is CVE-2022-34713, a case of remote code execution affecting the Microsoft Windows Support Diagnostic Tool, making it the second flaw in the same component after Follina to be weaponized in real-world attacks within three months.

Microsoft also resolved three privilege escalation flaws in Exchange Server that could be abused to read targeted email messages and download attachments and one publicly-known information disclosure vulnerability in Exchange which could as well lead to the same impact.

The security update further remediates multiple remote code execution flaws in Windows Point-to-Point Protocol, Windows Secure Socket Tunneling Protocol, Azure RTOS GUIX Studio, Microsoft Office, and Windows Hyper-V. The Patch Tuesday fix is also notable for addressing dozens of privilege escalation flaws: 31 in Azure Site Recovery, a month after Microsoft squashed 30 similar bugs in the business continuity service, five in Storage Spaces Direct, three in Windows Kernel, and two in the Print Spooler module.

Aside from Microsoft, security updates have also been released by other vendors since the start of the month to rectify several vulnerabilities, including -.

News URL

https://thehackernews.com/2022/08/microsoft-issues-patches-for-121-flaws.html