Patch Tuesday Review – August 2022

Patch Tuesday Image blog

Welcome to our summary of this month’s Patch Tuesday (August 2022). We have tabulated the vulnerabilities that the latest patches from Microsoft and Adobe fix, so that you can easily export them for use in your vulnerability management program.

Microsoft Patch Tuesday August 2022

121 vulnerabilities have been fixed in Microsoft’s August 2022 update.

17 were marked as Critical vulnerabilities as they allow Elevation of Privilege (EoP) and Remote Code Execution (RCE).

The new patches address CVEs in Microsoft Windows and Windows Components; Azure Batch Node Agent, Real Time Operating System, Site Recovery, and Sphere; Microsoft Dynamics; Microsoft Edge (Chromium-based); Exchange Server; Office and Office Components; PPTP, SSTP, and Remote Access Service PPTP; Hyper-V; System Center Operations Manager; Windows Internet Information Services; Print Spooler Components; and Windows Defender Credential Guard.

This is in addition to the 17 CVEs patched in Microsoft Edge (Chromium-based) and 3 patches related to secure boot from CERT/CC, bringing the total number of MS CVEs to 141.

Generated by wpDataTables

Adobe Patch Tuesday 2022

Adobe’s August update addresses 25 CVEs in five patches for Adobe Acrobat and Reader, Commerce, Illustrator, FrameMaker, and Adobe Premier Elements.

The updates for Acrobat and Reader address three Critical and four Important bugs. These critical vulnerabilities could allow code execution if an attacker could convince a user to open a specially crafted file.

There are also seven total fixes for Commerce, including four Critical bugs. Two of these could allow code execution and two could lead to a privilege escalation. The XML injection bug fixed by this has the highest CVSS of Adobe’s Patch Tuesday release at 9.1.

The patch for Illustrator contains two Critical and two Important fixes. The most severe could lead to code execution when opening a specially crafted file. Five of the six FrameMaker could lead to code execution.

Finally, there’s a single Critical-rated CVE in the Premier Elements patch resulting from an uncontrolled search path element.

Generated by wpDataTables


source https://www.rootshellsecurity.net/patch-tuesday-review-august-2022/

Comments