Description:

Microsoft has released security updates to address several vulnerabilities in the following products:

• .NET Core
• Active Directory Domain Services
• Azure Batch Node Agent
• Azure Real Time Operating System
• Azure Site Recovery
• Azure Sphere
• Microsoft ATA Port Driver
• Microsoft Bluetooth Driver
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office Outlook
• Microsoft Windows Support Diagnostic Tool (MSDT)
• Remote Access Service Point-to-Point Tunneling Protocol
• Role: Windows Fax Service
• Role: Windows Hyper-V
• System Center Operations Manager
• Visual Studio
• Windows Bluetooth Service
• Windows Canonical Display Driver
• Windows Cloud Files Mini Filter Driver
• Windows Defender Credential Guard
• Windows Digital Media
• Windows Error Reporting
• Windows Hello
• Windows Internet Information Services
• Windows Kerberos
• Windows Kernel
• Windows Local Security Authority (LSA)
• Windows Network File System
• Windows Partition Management Driver
• Windows Point-to-Point Tunneling Protocol
• Windows Print Spooler Components
• Windows Secure Boot
• Windows Secure Socket Tunneling Protocol (SSTP)
• Windows Storage Spaces Direct
• Windows Unified Write Filter
• Windows WebBrowser Control
• Windows Win32K

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Remote Code Execution
• Unauthorized disclosure of information
• Escalation of privilege
• Buffer overflow
• Bypass of a protection mechanism

Best practice and Recommendations:

The CERT team encourages users to review Microsoft security advisory and apply the necessary updates:

• https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug