Full Report
August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.
Analysis Summary
# Vulnerability: Microsoft Dogwalk Zero-Day and Critical Patch Tuesday Updates
## CVE Details
- CVE ID: CVE-2022-34713 (Dogwalk variant)
- CVSS Score: Important (Specific score not explicitly provided in text, but Microsoft rated the related Dogwalk flaw as Important)
- CWE: N/A
## Affected Systems
- Products: Microsoft Windows Support Diagnostic Tool (MSDT)
- Versions: Affects Windows systems where MSDT can be called via the URL protocol (e.g., from Microsoft Word). Specific vulnerable versions are not detailed beyond being affected by the August 2022 updates.
- Configurations: Requires an attacker to convince a user to click a link or open a document that triggers MSDT execution via the URL protocol.
## Vulnerability Description
CVE-2022-34713 is an actively exploited zero-day vulnerability, described as a variant of "Dogwalk." It resides in the Microsoft Windows Support Diagnostic Tool (MSDT). The flaw allows a remote attacker, after social engineering a user into opening a malicious document or link, to execute arbitrary code on the vulnerable system. Exploitation occurs when MSDT is invoked via the URL protocol from a calling application, such as Microsoft Word. Microsoft initially cited a dependency on physical access, but researchers suggest a remote attack vector is possible via user interaction.
## Exploitation
- Status: Actively being exploited in the wild (Zero-Day)
- Complexity: Low
- Attack Vector: Network (Social engineering leading to local execution)
## Impact
Impact details for CVE-2022-34713 are implied:
- Confidentiality: Potential High (due to RCE)
- Integrity: Potential High (due to RCE)
- Availability: Potential High (due to RCE)
## Remediation
### Patches
Specific patches for CVE-2022-34713 are included in the August 2022 Patch Tuesday release. Users are urged to apply all relevant August security updates for Windows.
### Workarounds
No specific workarounds for CVE-2022-34713 are detailed in the text, other than noting the path requires convincing a user to interact with malicious content.
---
**Note on other Critical Flaws Patched (August 2022):**
1. **Exchange Server Privilege Escalation (3 Flaws):** Require authentication and user interaction (phishing to an Exchange server).
2. **CVE-2022-35804 (Windows 11 SMB Client/Server):** Severity 8.8 (Critical likely). Potential for wormability between Windows 11 systems if the SMB server is enabled.
* **Workaround:** Disabling SMBv3 compression is suggested as a workaround until patching.
3. **CVE-2022-34715 (Windows NFS RCE):** Rated Important by Microsoft, but researchers warn it should be treated as Critical (Severity 8.5–9.8). Allows remote, unauthenticated attacker to achieve code execution with elevated privileges via a specially crafted call to an affected NFS server.
---
## Detection
- **Indicators of compromise (IOCs):** Not detailed for CVE-2022-34713, but look for abnormal execution paths involving MSDT triggered by user documents (Word/links).
- **Detection methods and tools:** Users should ensure security monitoring tools are attuned to newly released patch information and prioritize updates for systems running vulnerable Windows components, especially Exchange and SMBv3 servers.
## References
- MSRC advisory for CVE-2022-34713: [msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34713]
- MSRC advisory for CVE-2022-30190 (Follina context): [msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190]
- MSRC advisory for CVE-2022-35804: [msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35804]
- MSRC advisory for CVE-2022-34715: [msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34715]
- Microsoft Exchange Server Update Alert: [techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862]
- Adobe Security Updates: [helpx.adobe.com/security.html]