One Article Review
| Source |  CISCO Talos |
|---|---|
| Identifiant | 6218102 |
| Date de publication | 2022-08-09 16:44:37 (vue: 2022-08-09 23:05:57) |
| Titre | Microsoft Patch Tuesday for August 2022 - Snort rules and prominent vulnerabilities |
| Texte |  By Jon Munshaw and Vanja Svajcer.Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months. This batch of updates also includes a fix for a new vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that's actively being exploited in the wild, according to Microsoft. MSDT was already the target of the so-called “Follina” zero-day vulnerability in June. In all, August's Patch Tuesday includes 15 critical vulnerabilities and a single low- and moderate-severity issue. The remainder is classified as “important.” Two of the important vulnerabilities CVE-2022-35743 and CVE-2022-34713 are remote code execution vulnerabilities in MSDT. However, only CVE-2022-34713 has been exploited in the wild and Microsoft considers it “more likely” to be exploited. Microsoft Exchange Server contains two critical elevation of privilege vulnerabilities, CVE-2022-21980 and CVE-2022-24477. An attacker could exploit this vulnerability by tricking a target into visiting a malicious, attacker-hosted server or website. In addition to applying the patch released today, potentially affected users should enable Extended Protection on vulnerable versions of the server. The Windows Point-to-Point Tunneling Protocol is also vulnerable to three critical vulnerabilities. Two of them, CVE-2022-35744 and CVE-2022-30133, could allow an attacker to execute remote code on an RAS server machine. The other, CVE-2022-35747, could lead to a denial-of-service condition. CVE-2022-35744 has a CVSS severity score of 9.8 out of 10, one of the highest-rated vulnerabilities this month. An attacker could exploit these vulnerabilities by communicating via Port 1723. Affected users can render these issues unexploitable by blocking that port, though it runs the risk of disrupting other legitimate communications. Another critical code execution vulnerability, CVE-2022-35804, affects the SMB Client and Server and the way the protocol handles specific requests. An attacker could exploit this on the SMB Client by config |
| Envoyé | Oui |
| Condensat | in microsoft this 60386 another in talos the 120 1723 2022 21980 24477 300239 30133 34699: 34713 35743 35744 35747 35748: 35750: 35751: 35755: 35756: 35761: 35793: 35804 445 60371 60384 60387 access according across actively addition additional affected affects against all allow already also applying are attacker attempts august available batch been being block blocking called can certain change cisco classified client code communicating communications complete condition configuring connecting considers contains could crafted critical current customers cve cvss date day denial detects diagnostic disclosed disclosing disclosures disrupting downloading eight elevation enable exchange execute execution exploit exploitation exploited exploited: cve extended firewall fix four future handles has highest highlight hosted however http hyper important included includes information issue issues its jon june kerberos kernel latest lead legitimate like likely” line link list low machine malicious many may microsoft moderate month monthly months more most msdt munshaw new note one only open org other out pack packets page patch pending phishing please point port potentially print privilege products prominent protect protection protocol purchase ras rated recommended release released releasing remainder remote render requests response risk rule rules rules 300233 ruleset runs score secure security sending server service set severity should single smb smbv3 snort software some source specially specific spooler sru stay subject subscriber support svajcer sys talos target than that them these though three through today tool tricking tuesday tunneling two unexploitable update updates updating use user users vanja versions visiting vulnerabilities vulnerability vulnerability a vulnerability cve vulnerable way website wild win32k windows would zero “follina” “important “more ” two |
| Tags | Guideline Tool Vulnerability |
| Stories | |
| Notes | ★★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.