Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2022.0182
Microsoft Patch Tuesday update for Windows 7 and Windows
Server 2008 (ESU) for August 2022
10 August 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Windows 7
Windows Server 2008
Operating System: Windows
Resolution: Patch/Upgrade
CVE Names: CVE-2022-35820 CVE-2022-35795 CVE-2022-35793
CVE-2022-35769 CVE-2022-35768 CVE-2022-35767
CVE-2022-35760 CVE-2022-35759 CVE-2022-35758
CVE-2022-35756 CVE-2022-35753 CVE-2022-35752
CVE-2022-35751 CVE-2022-35750 CVE-2022-35747
CVE-2022-35745 CVE-2022-35744 CVE-2022-35743
CVE-2022-34714 CVE-2022-34713 CVE-2022-34708
CVE-2022-34707 CVE-2022-34706 CVE-2022-34702
CVE-2022-34701 CVE-2022-34691 CVE-2022-34690
CVE-2022-30194 CVE-2022-30133
Comment: CVSS (Max): 9.8 CVE-2022-30133 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: Microsoft
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Microsoft reports the vulnerability CVE-2022-34713 is publicly disclosed and actively exploited
OVERVIEW
Microsoft has released its monthly security patch update for the
month of August 2022.
This update resolves 29 vulnerabilities across the following
product(s): [1]
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2022-30133 Remote Code Execution Critical
CVE-2022-30194 Remote Code Execution Important
CVE-2022-34690 Elevation of Privilege Important
CVE-2022-34691 Elevation of Privilege Critical
CVE-2022-34701 Denial of Service Important
CVE-2022-34702 Remote Code Execution Critical
CVE-2022-34706 Elevation of Privilege Important
CVE-2022-34707 Elevation of Privilege Important
CVE-2022-34708 Information Disclosure Important
CVE-2022-34713 Remote Code Execution Important
CVE-2022-34714 Remote Code Execution Critical
CVE-2022-35743 Remote Code Execution Important
CVE-2022-35744 Remote Code Execution Critical
CVE-2022-35745 Remote Code Execution Critical
CVE-2022-35747 Denial of Service Important
CVE-2022-35750 Elevation of Privilege Important
CVE-2022-35751 Elevation of Privilege Important
CVE-2022-35752 Remote Code Execution Critical
CVE-2022-35753 Remote Code Execution Critical
CVE-2022-35756 Elevation of Privilege Important
CVE-2022-35758 Information Disclosure Important
CVE-2022-35759 Denial of Service Important
CVE-2022-35760 Elevation of Privilege Important
CVE-2022-35767 Remote Code Execution Critical
CVE-2022-35768 Elevation of Privilege Important
CVE-2022-35769 Denial of Service Important
CVE-2022-35793 Elevation of Privilege Important
CVE-2022-35795 Elevation of Privilege Important
CVE-2022-35820 Elevation of Privilege Important
MITIGATION
Microsoft recommends updating the software with the version made
available on the Microsoft Update Catalogue for the following
Knowledge Base articles. [1].
KB5016669, KB5016676, KB5016679, KB5016686
REFERENCES
[1] Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYvLgzMkNZI30y1K9AQgvcA/7Be7u5CjcQT83zra60Qa/a9TB6TSVYMge
NbyALaHwIsl40c9zjwBiaXE6norm3NnbLgCDK0kjDgAwGdCJ0e2WPJa4iVotJVx6
lRHsZ3LMVZFBABxF0BrTP/tXjZTixsDElmnhFa0+Jq9tiff+1ICWWXV32r/HFQOP
Zg2orsw1Jx3a1fOGJbefSUcCb/4H97VDMteWxB7WlQ1JK12DtcCTGbuGsIeangH6
c6nNvq+JaXRox39PTlaHEFLYjSnlY8yS6nG4qH0mUktjgYw3q3QUFYttwk9pK2n3
/+u4QzVnxGyUl+cFUIXb+9ag3Rvqm6hg+Eh6JfpNdNCu3B8zxEgVo0hBnAKiF0yq
zKzFojVitDg7mxbwwkDC5ENAtgBAI4C2P0qvkv6b4yYDa6tZhmnDwgx7vHlHBRVX
ipCX7w/YEhwPSiz4hEQ+ocEXQdQidICnaoUkX0Az/UeKR2zP1+SASSyraHwQiHUH
suuYxiOZAxSyc2nN8MzGdHKDbuvhSK1KwgPcuovTOzH9zPj1hisMx/J3nyKzenXM
A9SY3QRs5rtQRC+CsQ005oMUhK4dId2qOJ4eW/84FKZHFmHnOSF8NempWmuBIp30
R1vytcaIEkxewjzjZ/0DYyvLbFStlOy26vPbdQCXYEUM0UQL5v8TZAvS0yc0MeyU
JjOXstxQXNU=
=bvqo
-----END PGP SIGNATURE-----