Microsoft has just released Patch Tuesday for August 2022 to fix 121 security flaws found in its products, including Exchange Server, Windows, and Office.
According to TechUnwrapped update Patch Tuesday , 17 were marked as critical, 102 critical, 1 medium and 1 low risk. Of these, only 2 were publicly known at the time of patch release.
Microsoft says a vulnerability in the aforementioned list could open the door to remote code execution through Microsoft Performance and Resource Monitor (MSDT), a Windows that generates reports on the state of internal hardware. machine, system response times and local computer processes, as well as system information and configuration data. The exploit requires the user to open a file created specifically for that purpose.
The remote code execution found in the MSDT was identified as CVE-2022-34713. However, that is not the only vulnerability found in this tool as Microsoft has patched another vulnerability of the same type identified as CVE-2022-35743.
There are also fixes for remote execution vulnerabilities, applicable to Windows Point-to-Point Protocol (PPP), Windows Secure Sockets Tunneling Protocol (SSTP), Azure RTOS GUIX Studio, Microsoft Office, and Hyper-V hypervisor included in the Windows operating system.
In addition, three vulnerabilities were also found in Exchange Server (CVE-2022-21980, CVE-2022-24477 and CVE-2022-24516) which, when exploited, can be used to read specific emails. and download attachments.
Patch Tuesday is responsible for fixing dozens security vulnerabilities , including 31 in Azure Site Recovery. Users can check for updates through the Windows Update feature in Microsoft’s operating system.