Headline
Microsoft Patch Tuesday for August 2022 — Snort rules and prominent vulnerabilities
By Jon Munshaw and Vanja Svajcer.
Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months.
This batch of updates also includes a fix for a new vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that’s actively being exploited in the wild, according to Microsoft. MSDT was already the target of the so-called “Follina” zero-day vulnerability in June.
In all, August’s Patch Tuesday includes 15 critical vulnerabilities and a single low- and moderate-severity issue. The remainder is classified as “important.”
Two of the important vulnerabilities CVE-2022-35743 and CVE-2022-34713 are remote code execution vulnerabilities in MSDT. However, only CVE-2022-34713 has been exploited in the wild and Microsoft considers it “more likely” to be exploited.
Microsoft Exchange Server contains two critical elevation of privilege vulnerabilities, CVE-2022-21980 and CVE-2022-24477. An attacker could exploit this vulnerability by tricking a target into visiting a malicious, attacker-hosted server or website. In addition to applying the patch released today, potentially affected users should enable Extended Protection on vulnerable versions of the server.
The Windows Point-to-Point Tunneling Protocol is also vulnerable to three critical vulnerabilities. Two of them, CVE-2022-35744 and CVE-2022-30133, could allow an attacker to execute remote code on an RAS server machine. The other, CVE-2022-35747, could lead to a denial-of-service condition. CVE-2022-35744 has a CVSS severity score of 9.8 out of 10, one of the highest-rated vulnerabilities this month. An attacker could exploit these vulnerabilities by communicating via Port 1723. Affected users can render these issues unexploitable by blocking that port, though it runs the risk of disrupting other legitimate communications.
Another critical code execution vulnerability, CVE-2022-35804, affects the SMB Client and Server and the way the protocol handles specific requests. An attacker could exploit this on the SMB Client by configuring a malicious SMBv3 server and tricking a user into connecting to it through a phishing link. It could also be exploited in the Server by sending specially crafted packets to the server.
Microsoft recommended that users block access to Port 445 to protect against the exploitation of CVE-2022-35804. However, only certain versions of Windows 11 are vulnerable to this issue.
Talos would also like to highlight eight important vulnerabilities that Microsoft considers to be “more likely” to be exploited:
CVE-2022-34699: Win32k elevation of privilege vulnerability CVE-2022-35748: HTTP.sys denial-of-service vulnerability CVE-2022-35750: Win32k elevation of privilege vulnerability CVE-2022-35751: Windows Hyper-V elevation of privilege vulnerability CVE-2022-35755: Windows print spooler elevation of privilege vulnerability CVE-2022-35756: Windows Kerberos elevation of privilege vulnerability CVE-2022-35761: Windows Kernel elevation of privilege vulnerability CVE-2022-35793: Windows Print Spooler elevation of privilege vulnerability
A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page. In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. The rules included in this release that protect against the exploitation of many of these vulnerabilities are 60371 - 60384, 60386 and 60387. There are also Snort 3 rules 300233 - 300239.
By Jon Munshaw and Vanja Svajcer.
Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months.
This batch of updates also includes a fix for a new vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that’s actively being exploited in the wild, according to Microsoft. MSDT was already the target of the so-called “Follina” zero-day vulnerability in June.
In all, August’s Patch Tuesday includes 15 critical vulnerabilities and a single low- and moderate-severity issue. The remainder is classified as “important.”
Two of the important vulnerabilities CVE-2022-35743 and CVE-2022-34713 are remote code execution vulnerabilities in MSDT. However, only CVE-2022-34713 has been exploited in the wild and Microsoft considers it “more likely” to be exploited.
Microsoft Exchange Server contains two critical elevation of privilege vulnerabilities, CVE-2022-21980 and CVE-2022-24477. An attacker could exploit this vulnerability by tricking a target into visiting a malicious, attacker-hosted server or website. In addition to applying the patch released today, potentially affected users should enable Extended Protection on vulnerable versions of the server.
The Windows Point-to-Point Tunneling Protocol is also vulnerable to three critical vulnerabilities. Two of them, CVE-2022-35744 and CVE-2022-30133, could allow an attacker to execute remote code on an RAS server machine. The other, CVE-2022-35747, could lead to a denial-of-service condition. CVE-2022-35744 has a CVSS severity score of 9.8 out of 10, one of the highest-rated vulnerabilities this month. An attacker could exploit these vulnerabilities by communicating via Port 1723. Affected users can render these issues unexploitable by blocking that port, though it runs the risk of disrupting other legitimate communications.
Another critical code execution vulnerability, CVE-2022-35804, affects the SMB Client and Server and the way the protocol handles specific requests. An attacker could exploit this on the SMB Client by configuring a malicious SMBv3 server and tricking a user into connecting to it through a phishing link. It could also be exploited in the Server by sending specially crafted packets to the server.
Microsoft recommended that users block access to Port 445 to protect against the exploitation of CVE-2022-35804. However, only certain versions of Windows 11 are vulnerable to this issue.
Talos would also like to highlight eight important vulnerabilities that Microsoft considers to be “more likely” to be exploited:
- CVE-2022-34699: Win32k elevation of privilege vulnerability
- CVE-2022-35748: HTTP.sys denial-of-service vulnerability
- CVE-2022-35750: Win32k elevation of privilege vulnerability
- CVE-2022-35751: Windows Hyper-V elevation of privilege vulnerability
- CVE-2022-35755: Windows print spooler elevation of privilege vulnerability
- CVE-2022-35756: Windows Kerberos elevation of privilege vulnerability
- CVE-2022-35761: Windows Kernel elevation of privilege vulnerability
- CVE-2022-35793: Windows Print Spooler elevation of privilege vulnerability
A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.
In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 60371 - 60384, 60386 and 60387. There are also Snort 3 rules 300233 - 300239.
Related news
Whitepaper called Bughunter's Life-Style: A DIY guide to become an alone long time bughunter for ordinary people. Written in Spanish.
Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Plus: Chrome patches another zero-day flaw, Microsoft closes up 100 vulnerabilities, Android gets a significant patch, and more.
Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Everyone seems to want to create the next “Netflix” of something. Xbox’s Game Pass is the “Netflix of video games.” Rent the Runway is a “Netflix of fashion” where customers subscribe to a rotation of fancy clothes. And now threat actors are looking to be the “Netflix of malware.” All categories of malware have some sort of "as-a-service" twist now. Some of the largest ransomware groups in the world operate “as a service,” allowing smaller groups to pay a fee in exchange for using the larger group’s tools. Our latest report on information-stealers points out that “infostealers as-a-service" are growing in popularity, and our researchers also discovered a new “C2 as-a-service" platform where attackers can pay to have this third-party site act as their command and control. And like Netflix, this Dark Utilities site offers several other layers of tools and malware to choose from. This is a parti...
August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.
Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: patch Tuesday Tags: MSDT Tags: NFS Tags: PPP Tags: Exchange Tags: CVE-2022-34713 Tags: CVE-2022-35743 Tags: DogWalk Tags: CVE-2022-30134 Tags: CVE-2022-24477 Tags: CVE-2022-24516 Tags: CVE-2022-30133 Tags: CVE-2022-34715 Tags: Adobe Tags: Cisco Tags: Google Tags: Android Tags: SAP Tags: VMWare Patch Tuesday for August 2022 has come around. We take a look at the most important vulnerabilities that Microsoft's fixed and a brief look at what other vendors did. (Read more...) The post Update now! Microsoft fixes two zero-days in August's Patch Tuesday appeared first on Malwarebytes Labs.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a
As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.
The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit.
SMB Client and Server Remote Code Execution Vulnerability.
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34707, CVE-2022-35768.
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35743.
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35744.
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24516.
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35755.
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24477, CVE-2022-24516.
Windows Win32k Elevation of Privilege Vulnerability.