Security Advisory Archives

Patch Tuesday Blog August 2022

August 10, 2022

Patch Tuesday Blog August 2022

Patch Tuesday is back. With a grand total of 121 vulnerabilities; 17 Critical, 2 publicly disclosed and 1 exploited in the wild, this looks to be the busiest patch Tuesday we have had in months. Elevation of privilege and remote code execution continue to be the leaders in classification with 64 and 31 respectively. With such a high number of total vulnerabilities as well as the proportion that are critical it is unusual to see publicly disclosed and exploited in the wild so low.

August’s instalment includes patches for some key software such as:

  • Active Directory Domain Services
  • Azure Sphere
  • Microsoft ATA Port Driver
  • Microsoft Edge (Chromium-based)
  • Microsoft Exchange Server
  • Microsoft Office
  • Microsoft Windows Support Diagnostic Tool (MSDT)
  • Role: Windows Fax Service
  • Role: Windows Hyper-V
  • Visual Studio
  • Windows Hello
  • Windows Kerberos
  • Windows Kernel
  • Windows Local Security Authority (LSA)
  • Windows Secure Boot
  • Windows Storage Spaces Direct
  • Windows WebBrowser Control
  • Windows Win32K

CVE-2022-34713: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

With a CVSS of 7.8 and labelled as important. This is the only vulnerability this month to be publicly disclosed and seen in the wild. This vulnerability requires a user to open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

CVE-2022-30134: Microsoft Exchange Information Disclosure Vulnerability

This important vulnerability is the second vulnerability to be publicly disclosed. With a score of 7.8, this vulnerability could allow an attacker to read targeted email messages if the victim is persuaded to connect to a malicious server. Customers vulnerable to this issue would need to enable Extended Protection in order to prevent this attack.

CVE-2022-34691: Active Directory Domain Services Elevation of Privilege Vulnerability

This critical vulnerability with a score of 8.8 could allow an authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System.

31 Elevation of Privilege Vulnerabilities: Azure Site Recovery

Azure Site Recovery is a service that is used for disaster recovery. With a massive 31 separate vulnerabilities to do with this service scoring from 4.4 to 8.1, this offers a serious threat to organisations using this service.

For a full list of this month’s updates please see the links below:

Patch Tuesday release notes:

Security update guide:


Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.

Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.


Ironshare is a provider of Information and Cyber Security services.

we went with; wizard pi