fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft August 2022 Patch Tuesday Fixes Exploited zero-day, 121 Flaws

Microsoft August 2022 Patch Tuesday Fixes Exploited zero-day, 121 Flaws

Today is Microsoft’s August 2022 Patch Tuesday, and with it comes fixes for the actively exploited ‘DogWalk’ zero-day vulnerability and a total of 121 flaws.

Seventeen of the 121 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution or elevation of privileges.

The number of bugs in each vulnerability category is listed below:

  • 64 Elevation of Privilege Vulnerabilities
  • 6 Security Feature Bypass Vulnerabilities
  • 31 Remote Code Execution Vulnerabilities
  • 12 Information Disclosure Vulnerabilities
  • 7 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability

The above counts do not include twenty vulnerabilities previously fixed in Microsoft Edge.

Also Read: EU GDPR Articles: Key For Business Security And Success

For information about the non-security Windows updates, you can read about today’s Windows 10 KB5016616 and KB5016623 updates and the Windows 11 KB5016629 update.

Two zero-days fixed, one actively exploited

This month’s Patch Tuesday fixes two zero-day vulnerabilities, with one actively exploited in attacks.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The actively exploited zero-day vulnerability fixed today is jokingly known as ‘DogWalk” and tracked by Microsoft as ‘CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.’

Security researcher Imre Rad discovered this vulnerability in January 2020, but Microsoft decided not to fix it after deeming it not to be a security vulnerability.

However, after the discovery of the Microsoft Office MSDT vulnerability, security researchers once again pushed to have the DogWalk vulnerability fixed as well, which was done as part of today’s updates.

The other zero-day vulnerability is tracked as ‘CVE-2022-30134 – Microsoft Exchange Information Disclosure Vulnerability’ and allows an attacker to read targeted email messages.

Microsoft says that the CVE-2022-30134 vulnerability is publicly disclosed but has not been detected in attacks.

Also Read: 7 Simple Tips On How To Create A Good Business Card Data

Recent updates from other companies

Other vendors who released updates in August 2022 include:

The August 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the August 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
.NET CoreCVE-2022-34716.NET Spoofing VulnerabilityImportant
Active Directory Domain ServicesCVE-2022-34691Active Directory Domain Services Elevation of Privilege VulnerabilityCritical
Azure Batch Node AgentCVE-2022-33646Azure Batch Node Agent Elevation of Privilege VulnerabilityCritical
Azure Real Time Operating SystemCVE-2022-34685Azure RTOS GUIX Studio Information Disclosure VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-34686Azure RTOS GUIX Studio Information Disclosure VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-35773Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-35779Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-35806Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-34687Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-30176Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-30175Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-35791Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35818Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35809Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35789Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35815Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35817Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35816Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35814Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35785Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35812Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35811Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35784Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35810Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35813Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35788Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35783Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35786Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35787Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35819Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35781Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35775Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35790Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35780Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35799Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35772Azure Site Recovery Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-35800Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35774Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35802Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35782Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35824Azure Site Recovery Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-35801Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35808Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure Site RecoveryCVE-2022-35776Azure Site Recovery Denial of Service VulnerabilityImportant
Azure Site RecoveryCVE-2022-35807Azure Site Recovery Elevation of Privilege VulnerabilityImportant
Azure SphereCVE-2022-35821Azure Sphere Information Disclosure VulnerabilityImportant
Microsoft ATA Port DriverCVE-2022-35760Microsoft ATA Port Driver Elevation of Privilege VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2022-35820Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-35796Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2022-33649Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-2618Chromium: CVE-2022-2618 Insufficient validation of untrusted input in InternalsUnknown
Microsoft Edge (Chromium-based)CVE-2022-2616Chromium: CVE-2022-2616 Inappropriate implementation in Extensions APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-2617Chromium: CVE-2022-2617 Use after free in Extensions APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-2619Chromium: CVE-2022-2619 Insufficient validation of untrusted input in SettingsUnknown
Microsoft Edge (Chromium-based)CVE-2022-2622Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2022-2623Chromium: CVE-2022-2623 Use after free in OfflineUnknown
Microsoft Edge (Chromium-based)CVE-2022-33636Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-2621Chromium: CVE-2022-2621 Use after free in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2022-2615Chromium: CVE-2022-2615 Insufficient policy enforcement in CookiesUnknown
Microsoft Edge (Chromium-based)CVE-2022-2604Chromium: CVE-2022-2604 Use after free in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2022-2605Chromium: CVE-2022-2605 Out of bounds read in DawnUnknown
Microsoft Edge (Chromium-based)CVE-2022-2624Chromium: CVE-2022-2624 Heap buffer overflow in PDFUnknown
Microsoft Edge (Chromium-based)CVE-2022-2603Chromium: CVE-2022-2603 Use after free in OmniboxUnknown
Microsoft Edge (Chromium-based)CVE-2022-2606Chromium: CVE-2022-2606 Use after free in Managed devices APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-2612Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard inputUnknown
Microsoft Edge (Chromium-based)CVE-2022-2614Chromium: CVE-2022-2614 Use after free in Sign-In FlowUnknown
Microsoft Edge (Chromium-based)CVE-2022-2610Chromium: CVE-2022-2610 Insufficient policy enforcement in Background FetchUnknown
Microsoft Edge (Chromium-based)CVE-2022-2611Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen APIUnknown
Microsoft Exchange ServerCVE-2022-34692Microsoft Exchange Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2022-21980Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical
Microsoft Exchange ServerCVE-2022-21979Microsoft Exchange Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2022-24516Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical
Microsoft Exchange ServerCVE-2022-30134Microsoft Exchange Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2022-24477Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical
Microsoft OfficeCVE-2022-34717Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2022-33648Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2022-33631Microsoft Excel Security Feature Bypass VulnerabilityImportant
Microsoft Office OutlookCVE-2022-35742Microsoft Outlook Denial of Service VulnerabilityImportant
Microsoft Windows Support Diagnostic Tool (MSDT)CVE-2022-34713Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityImportant
Microsoft Windows Support Diagnostic Tool (MSDT)CVE-2022-35743Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityImportant
Remote Access Service Point-to-Point Tunneling ProtocolCVE-2022-35752Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Remote Access Service Point-to-Point Tunneling ProtocolCVE-2022-35753Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Remote Access Service Point-to-Point Tunneling ProtocolCVE-2022-35769Windows Point-to-Point Protocol (PPP) Denial of Service VulnerabilityImportant
Role: Windows Fax ServiceCVE-2022-34690Windows Fax Service Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-34696Windows Hyper-V Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2022-35751Windows Hyper-V Elevation of Privilege VulnerabilityImportant
System Center Operations ManagerCVE-2022-33640System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2022-35827Visual Studio Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2022-35777Visual Studio Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2022-35825Visual Studio Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2022-35826Visual Studio Remote Code Execution VulnerabilityImportant
Windows Bluetooth ServiceCVE-2022-30144Windows Bluetooth Service Remote Code Execution VulnerabilityImportant
Windows Canonical Display DriverCVE-2022-35750Win32k Elevation of Privilege VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2022-35757Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Defender Credential GuardCVE-2022-35771Windows Defender Credential Guard Elevation of Privilege VulnerabilityImportant
Windows Defender Credential GuardCVE-2022-34705Windows Defender Credential Guard Elevation of Privilege VulnerabilityImportant
Windows Defender Credential GuardCVE-2022-34710Windows Defender Credential Guard Information Disclosure VulnerabilityImportant
Windows Defender Credential GuardCVE-2022-34709Windows Defender Credential Guard Security Feature Bypass VulnerabilityImportant
Windows Defender Credential GuardCVE-2022-34704Windows Defender Credential Guard Information Disclosure VulnerabilityImportant
Windows Defender Credential GuardCVE-2022-34712Windows Defender Credential Guard Information Disclosure VulnerabilityImportant
Windows Digital MediaCVE-2022-35746Windows Digital Media Receiver Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2022-35749Windows Digital Media Receiver Elevation of Privilege VulnerabilityImportant
Windows Error ReportingCVE-2022-35795Windows Error Reporting Service Elevation of Privilege VulnerabilityImportant
Windows HelloCVE-2022-35797Windows Hello Security Feature Bypass VulnerabilityImportant
Windows Internet Information ServicesCVE-2022-35748HTTP.sys Denial of Service VulnerabilityImportant
Windows KerberosCVE-2022-35756Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-35761Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-35768Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-34708Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2022-34707Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-35804SMB Client and Server Remote Code Execution VulnerabilityCritical
Windows KernelCVE-2022-30197Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2022-35758Windows Kernel Memory Information Disclosure VulnerabilityImportant
Windows Local Security Authority (LSA)CVE-2022-34706Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows Local Security Authority (LSA)CVE-2022-35759Windows Local Security Authority (LSA) Denial of Service VulnerabilityImportant
Windows Network File SystemCVE-2022-34715Windows Network File System Remote Code Execution VulnerabilityImportant
Windows Partition Management DriverCVE-2022-33670Windows Partition Management Driver Elevation of Privilege VulnerabilityImportant
Windows Partition Management DriverCVE-2022-34703Windows Partition Management Driver Elevation of Privilege VulnerabilityImportant
Windows Point-to-Point Tunneling ProtocolCVE-2022-30133Windows Point-to-Point Protocol (PPP) Remote Code Execution VulnerabilityCritical
Windows Point-to-Point Tunneling ProtocolCVE-2022-35747Windows Point-to-Point Protocol (PPP) Denial of Service VulnerabilityImportant
Windows Point-to-Point Tunneling ProtocolCVE-2022-35744Windows Point-to-Point Protocol (PPP) Remote Code Execution VulnerabilityCritical
Windows Print Spooler ComponentsCVE-2022-35793Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-35755Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Secure BootCVE-2022-34301CERT/CC: CVE-2022-34301 Eurosoft Boot Loader BypassImportant
Windows Secure BootCVE-2022-34302CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader BypassImportant
Windows Secure BootCVE-2022-34303CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader BypassImportant
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-35745Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-35766Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-35794Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-34701Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service VulnerabilityImportant
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-34714Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-34702Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2022-35767Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Storage Spaces DirectCVE-2022-35762Storage Spaces Direct Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces DirectCVE-2022-35765Storage Spaces Direct Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces DirectCVE-2022-35792Storage Spaces Direct Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces DirectCVE-2022-35763Storage Spaces Direct Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces DirectCVE-2022-35764Storage Spaces Direct Elevation of Privilege VulnerabilityImportant
Windows Unified Write FilterCVE-2022-35754Unified Write Filter Elevation of Privilege VulnerabilityImportant
Windows WebBrowser ControlCVE-2022-30194Windows WebBrowser Control Remote Code Execution VulnerabilityImportant
Windows Win32KCVE-2022-34699Windows Win32k Elevation of Privilege VulnerabilityImportant

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us