Microsoft Patch Tuesday, August 2022 Edition – Krebs on Security - Krebs on Security

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software.

Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows.

Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.

In June, Microsoft patched a vulnerability in MSDT dubbed “Follina” that had been used in active attacks for at least three months prior.

Microsoft also released fixes for three other Exchange flaws that rated a “critical” label, meaning they could be exploited remotely to compromise the system and with no help from users.

Microsoft says addressing some of the Exchange vulnerabilities fixed this month requires administrators to enable Windows Extended protection on Exchange Servers.

See Microsoft’s blog post on the Exchange Server updates for more details.

For attackers focused on Business Email Compromise this kind of vulnerability can be extremely damaging.”.

The other two critical Exchange bugs are tracked as CVE-2022-24516 and CVE-2022-21980.

It’s difficult to believe it’s only been a little more than a year since malicious hackers worldwide pounced in a bevy of zero-day Exchange vulnerabilities to remotely compromise the email systems for hundreds of thousands of organizations running Exchange Server locally for email.

That lingering catastrophe is reminder enough that critical Exchange bugs deserve immediate attention.

“Another critical vulnerability worth mentioning is an elevation of privilege affecting Active Directory Domain Services (CVE-2022-34691),” SANS wrote.

Wiseman said despite the record number of vulnerability fixes from Redmond this month, the numbers are slightly less dire.

Month after month Microsoft produce around 100 of these security fixes.

One would like to think that Windows 10 is somewhat more secure now than it was when released (?) Surely the attraction of the newer Windows 11, with its no doubt, thousands of yet to be discovered security vulnerabilities, is somewhat less than appealing?