Microsoft fixes 141 bugs, including 2 zero-day vulnerabilities


San Francisco, Aug 11 (IANS): Tech giant Microsoft has released patches for 141 bugs in its August 2022 Patch update, including two previously undisclosed (zero-day) flaws, of which one is actively being exploited.

The total patch count for the August 2022 Patch update includes 20 flaws in Edge that Microsoft had previously released fixes for, leaving 121 flaws affecting Windows, Office, Azure, .NET Core, Visual Studio and Exchange Server, reports ZDNet.

The Zero Day Initiative noted that the volume of fixes released this month is "markedly higher" than expected in an August release.

"It is almost triple the size of last year's August release, and it's the second largest release this year," the bug hunting group was quoted as saying.

Microsoft addressed 17 critical flaws and 102 important flaws this month across.

The fixes address 64 elevations of privilege flaws and 32 remote code execution flaws, as well as security feature bypasses and information disclosure flaws.

Also, 34 of this month's fixes address bugs in Azure Site Recovery, Microsoft's disaster recovery toolset for the cloud.

The actively exploited bug is a remote code execution flaw affecting the Microsoft Windows Support Diagnostic Tool (MSDT), tracked as CVE-2022-34713.

According to Microsoft, it is related to a bug that some security researchers refer to as "Dogwalk".

Researchers reported the Dogwalk bug to Microsoft in early 2020 but Microsoft did not address it until May this year, when attackers began exploiting MSDT via malicious Word documents.

The company that month issued the identifier CVE-2022-30190 with mitigation steps, followed by a patch in mid-June and further defense-in-depth measures in July.

 

  

Top Stories


Leave a Comment

Title: Microsoft fixes 141 bugs, including 2 zero-day vulnerabilities



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.