With this August patch Tuesday, Microsoft fixed more than a hundred vulnerabilities. Some of the vulnerabilities require special attention from corporate cybersecurity personnel. Among them there are 17 critical ones, two of which are zero-days. At least one vulnerability has already been actively exploited in the wild, so it would be wise not to delay patch implementation. It’s no coincidence that the US Cybersecurity and Infrastructure security agency recommends paying attention to this update.
DogWalk (aka CVE-2022-34713) — RCE vulnerability in MSDT
The most dangerous of the newly closed vulnerabilities is CVE-2022-34713. Potentially, it allows remote execution of malicious code (belongs to the RCE type). CVE-2022-34713, dubbed DogWalk, is a vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT), like Follina, which made some hype in May of this year.
The problem lies in how the system handles Cabinet (.cab) archives. To exploit the vulnerability, an attacker needs to lure the user to open a malicious file that saves the .diagcab archive to the Windows Startup folder so that its contents are executed the next time the user restarts his computer and logs in.
Actually, DogWalk was discovered two years ago, but then the system developers for some reason didn’t pay enough attention to this problem. Now the vulnerability is fixed, but Microsoft has already detected its exploitation.
Other vulnerabilities to watch out for
The second zero-day vulnerability closed last Tuesday is CVE-2022-30134. It’s contained in Microsoft Exchange. Information about it was published before Microsoft was able to create the patch, but so far this vulnerability has not been exploited in the wild. Theoretically, if an attacker manages to use CVE-2022-30134, he will be able to read the victim’s email correspondence. This is not the only flaw in Exchange that was fixed by the new patch. It also closes the CVE-2022-24516, CVE-2022-21980 and CVE-2022-24477 vulnerabilities that allow attackers to elevate their privileges.
As for the CVSS rating, two related vulnerabilities are conditional champions: CVE-2022-30133 and CVE-2022-35744. Both are found in the Point-to-Point Protocol (PPP). Both allow attackers to send requests to the remote access server, which can lead to the execution of malicious code on the machine. And both have the same CVSS score: 9.8.
For those who for some reason cannot immediately install patches, Microsoft recommends closing port 1723 (vulnerabilities can only be exploited through it). However, be aware that this may disrupt the stability of communications on your network.
How to stay safe
We advise installing fresh the Microsoft updates as soon as possible, and don’t forget to check all the information in the FAQs, Mitigations, and Workarounds section on the update guide that’s relevant to your infrastructure.
In addition, it should be remembered that all computers in the company with internet access (whether they’re workstations or servers) must be equipped with a reliable cybersecurity solution, capable of protecting them against exploitation of yet undetected vulnerabilities.