{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2022-060.pdf"
    },
    "title": "Multiple Critical Vulnerabilities in Microsoft Products",
    "serial_number": "2022-060",
    "publish_date": "10-08-2022 12:20:00",
    "description": "On August 9, Microsoft released its August 2022 Patch Tuesday advisory including fixes for 2 zero-day vulnerabilities identified \"CVE-2022-34713\" and \"CVE-2022-30134\", which affect respectively Microsoft Windows Support Diagnostic Tool (MSDT) and Microsoft Exchange Server.<br>The patch also contains fixes for 17 critical vulnerabilities affecting Active Directory Domain Services, Azure Batch Node Agent, Microsoft Exchange Server, Remote Access Service Point-to-Point Tunneling Protocol, Windows Hyper-V and Windows Kernel (SMB Client and Server), Windows Point-to-Point Tunneling Protocol and Windows Secure Socket Tunneling Protocol (SSTP).<br>It is highly recommended patching affected devices",
    "url_title": "2022-060",
    "content_markdown": "---\ntitle: 'Multiple Critical Vulnerabilities in\u00a0Microsoft\u00a0Products' \nversion: '1.0' \nnumber: '2022-060'\noriginal_date: 'August 9, 2022'\ndate: 'August 10, 2022'\n---\n\n_History:_\n\n* _10/08/2022 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn August 9, Microsoft released its August 2022 Patch Tuesday advisory including fixes for 2 zero-day vulnerabilities identified `CVE-2022-34713` and `CVE-2022-30134`, which affect respectively Microsoft Windows Support Diagnostic Tool (MSDT) and Microsoft Exchange Server [1].\n\nThe patch also contains fixes for 17 critical vulnerabilities affecting Active Directory Domain Services, Azure Batch Node Agent, Microsoft Exchange Server, Remote Access Service Point-to-Point Tunneling Protocol, Windows Hyper-V and Windows Kernel (SMB Client and Server), Windows Point-to-Point Tunneling Protocol and Windows Secure Socket Tunneling Protocol (SSTP) [2].\n\nIt is highly recommended patching affected devices.\n\n# Technical Details\n\n## CVE-2022-34713 - MSDT Remote Code Execution Vulnerability\n\nThis vulnerability, with a CVSS score of 7.8 out of 10, affects the Microsoft Windows Support Diagnostic Tool and could allow an attacker to execute some code on a device relying on the user to open a specially crafted file, such as an email attachment or a file downloaded from a website, to trigger the exploit.\n\n## CVE-2022-30134 - Microsoft Exchange Information Disclosure Vulnerability\n\nThis vulnerability, with a CVSS score of 7.6, affects Microsoft Exchange Server and could allow an attacker to read targeted email messages.\n\n## Other Critical Vulnerabilities\n\n17 other **critical** vulnerabilities have also been patched. Even if they are not yet exploited, they are likely to be targeted soon based on reverse-engineering of the patches available. \n\n# Affected Products\n\nGlobal list of affected products by all the vulnerabilities in the August advisory\n\n- .NET 6.0\n- .NET Core 3.1\n- Azure Batch\n- Azure Real Time Operating System GUIX Studio\n- Azure Site Recovery VMWare to Azure\n- Azure Sphere\n- Microsoft 365 Apps for Enterprise\n- Microsoft Excel\n- Microsoft Exchange Server\n- Microsoft Office\n- Microsoft Outlook\n- Microsoft Visual Studio\n- Open Management Infrastructure\n- System Center Operations Manager (SCOM)\n- Windows 10\n- Windows 11\n- Windows 7 SP1\n- Windows 8.1\n- Windows RT 8.1\n- Windows Server 2008\n- Windows Server 2012\n- Windows Server 2016\n- Windows Server 2019\n- Windows Server 2022\n- Windows Server, version 20H2 (Server Core Installation)\n\n# Recommendations\n\nMicrosoft and CERT-EU strongly recommend installing security updates as soon as possible.\n\n# References\n\n[1] <https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/August-2022.html>\n\n[2] <https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2022-patch-tuesday-fixes-exploited-zero-day-121-flaws/>",
    "content_html": "<p><em>History:</em></p><ul><li><em>10/08/2022 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On August 9, Microsoft released its August 2022 Patch Tuesday advisory including fixes for 2 zero-day vulnerabilities identified <code>CVE-2022-34713</code> and <code>CVE-2022-30134</code>, which affect respectively Microsoft Windows Support Diagnostic Tool (MSDT) and Microsoft Exchange Server [1].</p><p>The patch also contains fixes for 17 critical vulnerabilities affecting Active Directory Domain Services, Azure Batch Node Agent, Microsoft Exchange Server, Remote Access Service Point-to-Point Tunneling Protocol, Windows Hyper-V and Windows Kernel (SMB Client and Server), Windows Point-to-Point Tunneling Protocol and Windows Secure Socket Tunneling Protocol (SSTP) [2].</p><p>It is highly recommended patching affected devices.</p><h2 id=\"technical-details\">Technical Details</h2><h3 id=\"cve-2022-34713-msdt-remote-code-execution-vulnerability\">CVE-2022-34713 - MSDT Remote Code Execution Vulnerability</h3><p>This vulnerability, with a CVSS score of 7.8 out of 10, affects the Microsoft Windows Support Diagnostic Tool and could allow an attacker to execute some code on a device relying on the user to open a specially crafted file, such as an email attachment or a file downloaded from a website, to trigger the exploit.</p><h3 id=\"cve-2022-30134-microsoft-exchange-information-disclosure-vulnerability\">CVE-2022-30134 - Microsoft Exchange Information Disclosure Vulnerability</h3><p>This vulnerability, with a CVSS score of 7.6, affects Microsoft Exchange Server and could allow an attacker to read targeted email messages.</p><h3 id=\"other-critical-vulnerabilities\">Other Critical Vulnerabilities</h3><p>17 other <strong>critical</strong> vulnerabilities have also been patched. Even if they are not yet exploited, they are likely to be targeted soon based on reverse-engineering of the patches available. </p><h2 id=\"affected-products\">Affected Products</h2><p>Global list of affected products by all the vulnerabilities in the August advisory</p><ul><li>.NET 6.0</li><li>.NET Core 3.1</li><li>Azure Batch</li><li>Azure Real Time Operating System GUIX Studio</li><li>Azure Site Recovery VMWare to Azure</li><li>Azure Sphere</li><li>Microsoft 365 Apps for Enterprise</li><li>Microsoft Excel</li><li>Microsoft Exchange Server</li><li>Microsoft Office</li><li>Microsoft Outlook</li><li>Microsoft Visual Studio</li><li>Open Management Infrastructure</li><li>System Center Operations Manager (SCOM)</li><li>Windows 10</li><li>Windows 11</li><li>Windows 7 SP1</li><li>Windows 8.1</li><li>Windows RT 8.1</li><li>Windows Server 2008</li><li>Windows Server 2012</li><li>Windows Server 2016</li><li>Windows Server 2019</li><li>Windows Server 2022</li><li>Windows Server, version 20H2 (Server Core Installation)</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>Microsoft and CERT-EU strongly recommend installing security updates as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/August-2022.html\">https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/August-2022.html</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2022-patch-tuesday-fixes-exploited-zero-day-121-flaws/\">https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2022-patch-tuesday-fixes-exploited-zero-day-121-flaws/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}