Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0182 Microsoft Patch Tuesday update for Windows 7 and Windows Server 2008 (ESU) for August 2022 10 August 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows 7 Windows Server 2008 Operating System: Windows Resolution: Patch/Upgrade CVE Names: CVE-2022-35820 CVE-2022-35795 CVE-2022-35793 CVE-2022-35769 CVE-2022-35768 CVE-2022-35767 CVE-2022-35760 CVE-2022-35759 CVE-2022-35758 CVE-2022-35756 CVE-2022-35753 CVE-2022-35752 CVE-2022-35751 CVE-2022-35750 CVE-2022-35747 CVE-2022-35745 CVE-2022-35744 CVE-2022-35743 CVE-2022-34714 CVE-2022-34713 CVE-2022-34708 CVE-2022-34707 CVE-2022-34706 CVE-2022-34702 CVE-2022-34701 CVE-2022-34691 CVE-2022-34690 CVE-2022-30194 CVE-2022-30133 Comment: CVSS (Max): 9.8 CVE-2022-30133 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Microsoft Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Microsoft reports the vulnerability CVE-2022-34713 is publicly disclosed and actively exploited OVERVIEW Microsoft has released its monthly security patch update for the month of August 2022. This update resolves 29 vulnerabilities across the following product(s): [1] Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2022-30133 Remote Code Execution Critical CVE-2022-30194 Remote Code Execution Important CVE-2022-34690 Elevation of Privilege Important CVE-2022-34691 Elevation of Privilege Critical CVE-2022-34701 Denial of Service Important CVE-2022-34702 Remote Code Execution Critical CVE-2022-34706 Elevation of Privilege Important CVE-2022-34707 Elevation of Privilege Important CVE-2022-34708 Information Disclosure Important CVE-2022-34713 Remote Code Execution Important CVE-2022-34714 Remote Code Execution Critical CVE-2022-35743 Remote Code Execution Important CVE-2022-35744 Remote Code Execution Critical CVE-2022-35745 Remote Code Execution Critical CVE-2022-35747 Denial of Service Important CVE-2022-35750 Elevation of Privilege Important CVE-2022-35751 Elevation of Privilege Important CVE-2022-35752 Remote Code Execution Critical CVE-2022-35753 Remote Code Execution Critical CVE-2022-35756 Elevation of Privilege Important CVE-2022-35758 Information Disclosure Important CVE-2022-35759 Denial of Service Important CVE-2022-35760 Elevation of Privilege Important CVE-2022-35767 Remote Code Execution Critical CVE-2022-35768 Elevation of Privilege Important CVE-2022-35769 Denial of Service Important CVE-2022-35793 Elevation of Privilege Important CVE-2022-35795 Elevation of Privilege Important CVE-2022-35820 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5016669, KB5016676, KB5016679, KB5016686 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYvLgzMkNZI30y1K9AQgvcA/7Be7u5CjcQT83zra60Qa/a9TB6TSVYMge NbyALaHwIsl40c9zjwBiaXE6norm3NnbLgCDK0kjDgAwGdCJ0e2WPJa4iVotJVx6 lRHsZ3LMVZFBABxF0BrTP/tXjZTixsDElmnhFa0+Jq9tiff+1ICWWXV32r/HFQOP Zg2orsw1Jx3a1fOGJbefSUcCb/4H97VDMteWxB7WlQ1JK12DtcCTGbuGsIeangH6 c6nNvq+JaXRox39PTlaHEFLYjSnlY8yS6nG4qH0mUktjgYw3q3QUFYttwk9pK2n3 /+u4QzVnxGyUl+cFUIXb+9ag3Rvqm6hg+Eh6JfpNdNCu3B8zxEgVo0hBnAKiF0yq zKzFojVitDg7mxbwwkDC5ENAtgBAI4C2P0qvkv6b4yYDa6tZhmnDwgx7vHlHBRVX ipCX7w/YEhwPSiz4hEQ+ocEXQdQidICnaoUkX0Az/UeKR2zP1+SASSyraHwQiHUH suuYxiOZAxSyc2nN8MzGdHKDbuvhSK1KwgPcuovTOzH9zPj1hisMx/J3nyKzenXM A9SY3QRs5rtQRC+CsQ005oMUhK4dId2qOJ4eW/84FKZHFmHnOSF8NempWmuBIp30 R1vytcaIEkxewjzjZ/0DYyvLbFStlOy26vPbdQCXYEUM0UQL5v8TZAvS0yc0MeyU JjOXstxQXNU= =bvqo -----END PGP SIGNATURE-----