Microsoft yesterday released its August 2022 Patch Tuesday cumulative update for Windows and other services. This time around, the company has launched patches for 141 bugs in total, including two zero-day vulnerabilities. Microsoft says one of those previously undisclosed flaws already has an active exploit in the wild.
In terms of which services are receiving patches this month, 20 bugs in Microsoft Edge were fixed, while 121 vulnerabilities were found across Windows Azure, Office, Exchange Server, Visual Studio, and .NET Core.
According to bug hunting group The Zero Day Initiative, the number of patches is higher than normal and significantly more than usual August Patch Tuesday rollouts. “It's almost triple the size of last year's August release, and it's the second largest release this year,” the group points out.
Breaking down the fixes, Microsoft took care of 17 critical flaws in August 2022 Patch Tuesday, alongside 102 important flaws. Amongst these were 64 elevation of privilege vulnerabilities and 32 remote execution vulnerabilities.
As for the zero-day Microsoft says is being exploited, it is a remote execution vulnerability found in Microsoft Support Diagnostic Tool (MSDT). This flaw is tracking as CVE-2022-34713 and comes from a bug that is known as “Dogwalk” in the cybersecurity community.
Microsoft has the new Windows Autopatch that handles security updates for enterprise users. Ahead of the release of the service in June, the company confirmed Autopatch will not be replacing Patch Tuesday:
“Monthly security and quality updates for supported versions of the Windows and Windows Server operating systems will continue to be delivered on the second Tuesday of the month (commonly referred to Patch Tuesday or Update Tuesday) as they have been to date.”
Tip of the day: If you need to Create, Delete or Resize Partitions, Windows has everything you thanks to the built-in Disk Management-tool.