Windows users, however, are looking towards Microsoft in hopes that some of the flaws they’ve been struggling with will finally get fixed. We’ve already provided the direct download links for the cumulative updates released today for Windows 10 and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again. This month, the Redmond tech giant released 121 new patches, which is a lot more than some people were expecting right after Easter. These software updates address CVEs in:
Microsoft Windows and Windows Components Azure Batch Node Agent Real Time Operating System Site Recovery, and Sphere Microsoft Dynamics Microsoft Edge (Chromium-based) Exchange Server Office and Office Components PPTP SSTP Remote Access Service PPTP Hyper-V System Center Operations Manager Windows Internet Information Services Print Spooler Components Windows Defender Credential Guard
All of this is beside the 17 CVEs patched in Edge (Chromium-based) and three patches related to secure boot from CERT/CC, which actually brings the total number of CVEs to 141
Microsoft provides fixes for 121 flaws in August 2022
It’s pretty much safe to say that this wasn’t either the busiest or the lightest month for Redmond-based security experts. You might like to know that, out of the 121 new CVEs released, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Please keep in mind that two of these bugs are listed as publicly known, and one is listed as under active attack at the time of release. You should know that the month of August brings no less than 34 updates just for the Azure Site Recovery component. SPONSORED This brings the tally up to 66 updates for this component in July and August, which is a pretty big number even by Microsoft standards. For August 2022, there are two RCE bugs, one DoS, and 31 EoP vulnerabilities being fixed, just to clarify the situation. All of the above-mentioned bugs involve the VMWare-to-Azure scenario. That being said, if you use Azure Site Recovery, you will need to update to 9.50 to be protected. Also, there are nine other code execution bugs fixed through this month’s Patch Tuesday rollout, including another bug in MSDT that is not under active attack for the time being. We’re also looking at two bugs in the Windows Defender Credential Guard, both of which could allow an attacker to access Kerberos-protected data. Before we conclude, let’s also state the fact that seven different Denial-of-Service (DoS) vulnerabilities received fixes this month, including the above-mentioned Outlook and Azure Site Recovery bugs. You can track all of the CVEs addressed this month from the list above, and be aware of everything that is happening. Looking forward, the next Patch Tuesday security update rollout will be on the 13th of September, which is a bit sooner than some expected it. Have you found any other issues after installing this month’s security updates? Share your opinion in the comments section below.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ