[German]On August 9, 2022, Microsoft released security updates for Windows clients and servers, for Office, etc. – as well as for other products – were released. The security updates also eliminate 118 vulnerabilities, 17 of which are critical and two 0-day vulnerabilities. Below is a compact overview of these updates released on patchday.
A list of the updates can be found on this Microsoft page. Details about the update packages for Windows, Office, etc. are available in separate blog posts.
Notes on the updates
Windows 10 version 20H2 to 21H2 use a common core and have an identical set of system files. Therefore, the same security update will be delivered for these Windows 10 versions. Information on enabling the features of Windows 10, which is done through an Enablement Package update, can be found in this Techcommunity post. Windows 10 20H2 and Windows Server 20H2 will receive updates for the last time.
All Windows 10 updates are cumulative. The monthly patchday update contains all security fixes for Windows 10 and all non-security fixes until patchday. In addition to vulnerability security patches, the updates include security improvement measures. Microsoft is integrating the Servicing Stack Updates (SSUs) into the Latest Cumulative Updates (LCUs) for newer versions of Windows 10. A list of the latest SSUs can be found at ADV990001 (although the list is not always up to date).
Windows 7 SP1 is no longer supported as of January 2020. Only customers with a 3rd year ESU license (or bypass measures) will still receive updates. With the current ESU bypass lets install the update. Updates can also be downloaded from the Microsoft Update Catalog. Updates for Windows RT 8.1 and Microsoft Office RT are only available through Windows Update.
Fixed vulnerabilities
he August 2022 security updates fix 118 vulnerabilities, 17 of which are critical and two of which are 0-day vulnerabilities. A list of all the CVEs covered can be found on this Microsoft page. There is also this post at Tenable and this post from Qualys with an overview of the fixed vulnerabilities at Tenable.
Microsoft has fixed three vulnerabilities in a third-party driver that affect Windows Secure Boot: VE-2022-34301, CVE-2022-34302 and CVE-2022-34303. Here are some critical fixes:
- CVE-2022-34713: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVSSv3.1 Score 7.8/10)
- CVE-2022-30134: Microsoft Exchange Information Disclosure Vulnerability (CVSSv3.1 Score 7.6/10)
- CVE-2022-35794, CVE-2022-35794: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability (CVSSv3.1 Score 8.1/10)
- CVE-2022-30133, CVE-2022-35744: Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVSSv3.1 Score 9.8/10)
- CVE-2022-34691: Active Directory Domain Services Elevation of Privilege Vulnerability (CVSSv3.1 Score 8.8/10)
- CVE-2022-33646: Azure Batch Node Agent Elevation of Privilege Vulnerability (CVSSv3.1 Score 7.0/10)
Below is the list of critical and important security updates – details of which will be reported in separate blog posts.
- NET Core
- Active Directory Domain Services
- Azure Batch Node Agent
- Azure Real Time Operating System
- Azure Site Recovery
- Azure Sphere
- Microsoft ATA Port Driver
- Microsoft Bluetooth Driver
- Microsoft Edge (Chromium-based)
- Microsoft Exchange Server
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Windows Support Diagnostic Tool (MSDT)
- Remote Access Service Point-to-Point Tunneling Protocol
- Role: Windows Fax Service
- Role: Windows Hyper-V
- System Center Operations Manager
- Visual Studio
- Windows Bluetooth Service
- Windows Canonical Display Driver
- Windows Cloud Files Mini Filter Driver
- Windows Defender Credential Guard
- Windows Digital Media
- Windows Error Reporting
- Windows Hello
- Windows Internet Information Services
- Windows Kerberos
- Windows Kernel
- Windows Local Security Authority (LSA)
- Windows Network File System
- Windows Partition Management Driver
- Windows Point-to-Point Tunneling Protocol
- Windows Print Spooler Components
- Windows Secure Boot
- Windows Secure Socket Tunneling Protocol (SSTP)
- Windows Storage Spaces Direct
- Windows Unified Write Filter
- Windows WebBrowser Control
- Windows Win32K
Similar article:
Microsoft Security Update Summary (August 9, 2022)
Patchday: Windows 10-Updates (August 9, 2022)
Patchday: Windows 11/Server 2022-Updates (August 9, 2022)
Windows 7/Server 2008R2; Windows 8.1/Server 2012R2: Updates (August 9, 2022)
Patchday: Microsoft Office Updates (August 9, 2022)