Posts

Microsoft Security Bulletin Coverage for August 2022

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2022. A list of issues reported, along with SonicWall coverage information, is as follows:

CVE-2022-34699 Windows Win32k Elevation of Privilege Vulnerability
ASPY 346:Malformed-File exe.MP_263

CVE-2022-34713 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
IPS 3130:Suspicious HTTP Response 2
ASPY 348 :Malformed-File cab.MP_2

CVE-2022-35748 HTTP.sys Denial of Service Vulnerability
ASPY 3122:Microsoft IIS HTTP.sys DoS (CVE-2022-35748)

CVE-2022-35750 Win32k Elevation of Privilege Vulnerability
ASPY 347:Malformed-File exe.MP_264

CVE-2022-35751 Windows Hyper-V Elevation of Privilege Vulnerability
ASPY 353:Malformed-File exe.MP_269

CVE-2022-35755 Windows Print Spooler Elevation of Privilege Vulnerability
ASPY 352:Malformed-File exe.MP_268

CVE-2022-35756 Windows Kerberos Elevation of Privilege Vulnerability
ASPY 351:Malformed-File exe.MP_267

CVE-2022-35761 Windows Kernel Elevation of Privilege Vulnerability
ASPY 350:Malformed-File exe.MP_266

CVE-2022-35793 Windows Print Spooler Elevation of Privilege Vulnerability
ASPY 349:Malformed-File exe.MP_265

Adobe Coverage:
CVE-2022-35670 Adobe Reader Use After Free Vulnerability
ASPY 354:Malformed-File pdf.MP_557

CVE-2022-35671 Adobe Reader Out of Bounds Read Vulnerability
ASPY 355:Malformed-File pdf.MP_558

The following vulnerabilities do not have exploits in the wild :
CVE-2022-21979 Microsoft Exchange Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-21980 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24477 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24516 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-30133 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30134 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-30144 Windows Bluetooth Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30175 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30176 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30194 Windows WebBrowser Control Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30197 Windows Kernel Security Feature Bypass
There are no known exploits in the wild.
CVE-2022-33631 Microsoft Excel Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-33636 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-33640 System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33646 Azure Batch Node Agent Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33648 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-33649 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-33670 Windows Partition Management Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34301 CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass
There are no known exploits in the wild.
CVE-2022-34302 CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass
There are no known exploits in the wild.
CVE-2022-34303 CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass
There are no known exploits in the wild.
CVE-2022-34685 Azure RTOS GUIX Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34686 Azure RTOS GUIX Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34687 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34690 Windows Fax Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34691 Active Directory Domain Services Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34692 Microsoft Exchange Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34696 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34701 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-34702 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34703 Windows Partition Management Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34704 Windows Defender Credential Guard Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34705 Windows Defender Credential Guard Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34706 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34707 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34708 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34709 Windows Defender Credential Guard Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-34710 Windows Defender Credential Guard Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34712 Windows Defender Credential Guard Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34714 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34715 Windows Network File System Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34716 .NET Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2022-34717 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35742 Microsoft Outlook Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-35743 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35744 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35745 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35746 Windows Digital Media Receiver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35747 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-35749 Windows Digital Media Receiver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35752 RAS Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35753 RAS Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35754 Unified Write Filter Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35757 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35758 Windows Kernel Memory Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-35759 Windows Local Security Authority (LSA) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-35760 Microsoft ATA Port Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35762 Storage Spaces Direct Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35763 Storage Spaces Direct Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35764 Storage Spaces Direct Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35765 Storage Spaces Direct Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35766 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35767 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35768 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35769 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-35771 Windows Defender Credential Guard Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35772 Azure Site Recovery Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35773 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35774 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35775 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35776 Azure Site Recovery Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-35777 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35779 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35780 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35781 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35782 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35783 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35784 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35785 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35786 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35787 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35788 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35789 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35790 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35791 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35792 Storage Spaces Direct Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35794 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35795 Windows Error Reporting Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35796 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35797 Windows Hello Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-35799 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35800 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35801 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35802 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35804 SMB Client and Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35806 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35807 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35808 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35809 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35810 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35811 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35812 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35813 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35814 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35815 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35816 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35817 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35818 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35819 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35820 Windows Bluetooth Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35821 Azure Sphere Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-35824 Azure Site Recovery Remote Code Execution Vulnerability
There are no known exploits in the wild.