Headline
Microsoft Patches Zero-Day Actively Exploited in the Wild
The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit.
Microsoft patched 118 vulnerabilities in its software products and components on Aug. 9, including a flaw that attackers have exploited in the wild to run malicious code when users click on a link, according to security experts.
The patches, part of Microsoft’s regularly scheduled Patch Tuesday, fixed the zero-day vulnerability (CVE-2022-34713) and a second remote code execution (RCE) vulnerability (CVE-2022-35743) in the Microsoft Support Diagnostic Tool (MSDT) that has not yet been exploited.
The MSDT vulnerabilities are a variant of an issue that researchers have called “DogWalk,” public discussion of which began about 18 months ago, although it has been exploited only recently, Satnam Narang, a staff research engineer at cybersecurity firm Tenable, tells Dark Reading.
The MSDT vulnerabilities give attackers the ability to use the MSDT protocol through a URL contained in a document — such as a Microsoft Office Word file — that, when clicked, will execute code in the security context of the application.
“An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application,” Microsoft stated in its advisory for the previous MSDT exploit. “The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.”
Security teams that cannot apply the patch can disable the MSDT URL protocol, update their Microsoft Defender detections, or rely on Protected View and Application Guard for Office to prevent the current attacks.
The zero-day vulnerability, and a previous one exploited in May, are being used by attackers in phishing campaigns, Narang says.
"[I]t would appear that attackers are looking to take advantage of flaws within MSDT as these types of flaws are extremely valuable to launch spear-phishing attacks," he says. “We’ve seen flaws … continue to be exploited years after patches have been made available. Therefore, it is vital that organizations apply the available patches as soon as possible.”
Security Teams Wrestle with Patching Tsunami
The tranche of updates fixes 17 vulnerabilities rated critical and 101 rated important. Elevation-of-privilege issues dominated the patches, accounting for 64 of the CVEs, while RCE vulnerabilities make up 31 of the 118 security issues fixed in the software updates, according to Tenable’s analysis of the updates. Information-disclosure vulnerabilities account for 12 of the patched vulnerabilities, and denial-of-service issues account for seven vulnerabilities. Another three vulnerabilities allowed security features to be bypassed.
The vulnerabilities — along with another 25 flaws issued by Adobe on the same day and nearly 20 issues released for Microsoft’s Edge browser on Friday — highlight the workload faced by security teams on Patch Tuesday.
“The volume of fixes released this month is markedly higher than what is normally expected in an August release,” Dustin Childs, security communications manager for Trend Micro’s Zero Day Initiative, wrote in a review of the updates released on Patch Tuesday. “It’s almost triple the size of last year’s August release, and it’s the second largest release this year.”
Some companies have reported that Microsoft fixed 121 flaws, rather than 118, but that tally includes three issues in Windows Secure Boot that previously were reported through the CERT Coordination Center and are updates to third-party drivers, according to Tenable’s analysis.
While the MSDT vulnerabilities are the most critical to fix, more than a third of the vulnerabilities fixed by the patches occur in local components of Microsoft Azure, including 34 vulnerabilities in Azure Site Recovery software, eight flaws in the Azure Real Time Operating Systems, and a single vulnerability for Azure Sphere and the Azure Batch Node Agent.
The updates also fix vulnerabilities in the code handling older tunneling protocols, such as Point-to-Point Protocol (PPP) and Secure Socket Tunneling Protocol (SSTP), including four vulnerabilities affecting Windows PPP and nine affecting the SSTP functionality.
“These are older protocols that should be blocked at your perimeter,” Trend Micro’s Childs wrote in the ZDI analysis of the patches. “However, if you’re still using one of these, it’s probably because you need it, so don’t miss these patches.”
Adobe Patch Tuesday
Microsoft is not the only company to drop significant monthly patches. Adobe also published updates to fix 25 vulnerabilities in five different products, including Adobe Commerce, Adobe Acrobat and Reader, Adobe Illustrator, Adobe FrameMaker, and Adobe Premier Elements.
“None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release,” Childs wrote. “Adobe categorizes the majority of these updates as a deployment priority rating of 3, with the Acrobat patch being the lone exception at 2.”
Related news
Whitepaper called Bughunter's Life-Style: A DIY guide to become an alone long time bughunter for ordinary people. Written in Spanish.
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.
Plus: Chrome patches another zero-day flaw, Microsoft closes up 100 vulnerabilities, Android gets a significant patch, and more.
Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Everyone seems to want to create the next “Netflix” of something. Xbox’s Game Pass is the “Netflix of video games.” Rent the Runway is a “Netflix of fashion” where customers subscribe to a rotation of fancy clothes. And now threat actors are looking to be the “Netflix of malware.” All categories of malware have some sort of "as-a-service" twist now. Some of the largest ransomware groups in the world operate “as a service,” allowing smaller groups to pay a fee in exchange for using the larger group’s tools. Our latest report on information-stealers points out that “infostealers as-a-service" are growing in popularity, and our researchers also discovered a new “C2 as-a-service" platform where attackers can pay to have this third-party site act as their command and control. And like Netflix, this Dark Utilities site offers several other layers of tools and malware to choose from. This is a parti...
August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.
Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: patch Tuesday Tags: MSDT Tags: NFS Tags: PPP Tags: Exchange Tags: CVE-2022-34713 Tags: CVE-2022-35743 Tags: DogWalk Tags: CVE-2022-30134 Tags: CVE-2022-24477 Tags: CVE-2022-24516 Tags: CVE-2022-30133 Tags: CVE-2022-34715 Tags: Adobe Tags: Cisco Tags: Google Tags: Android Tags: SAP Tags: VMWare Patch Tuesday for August 2022 has come around. We take a look at the most important vulnerabilities that Microsoft's fixed and a brief look at what other vendors did. (Read more...) The post Update now! Microsoft fixes two zero-days in August's Patch Tuesday appeared first on Malwarebytes Labs.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a
As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues
As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.
By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months. This batch of updates also includes a fix for a new vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that’s actively being exploited in the wild, according to Microsoft. MSDT was already the target of the so-called “Follina” zero-day vulnerability in June. In all, August’s Patch Tuesday includes 15 critical vulnerabilities and a single low- and moderate-severity issue. The remainder is classified as “important.” Two of the important vulnerabilities CVE-2022-35743 and CVE-2022-34713 are remote code execution vulnerabilities in MSDT. However, only CVE-2022-34713 has been exploited in the wild and Microsoft considers it “more likely” to be exploited. Microsoft Exchange Server contains two critical elevation of privilege vulnerabilities, CVE-2...
By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months. This batch of updates also includes a fix for a new vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that’s actively being exploited in the wild, according to Microsoft. MSDT was already the target of the so-called “Follina” zero-day vulnerability in June. In all, August’s Patch Tuesday includes 15 critical vulnerabilities and a single low- and moderate-severity issue. The remainder is classified as “important.” Two of the important vulnerabilities CVE-2022-35743 and CVE-2022-34713 are remote code execution vulnerabilities in MSDT. However, only CVE-2022-34713 has been exploited in the wild and Microsoft considers it “more likely” to be exploited. Microsoft Exchange Server contains two critical elevation of privilege vulnerabilities, CVE-2...
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35743.