Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 10/08/2022 – Microsoft Patch Tuesday – Fix released for a Zero-Day flaw under active exploitation

Black Arrow Cyber Advisory 10/08/2022 – Microsoft Patch Tuesday – Fix released for a Zero-Day flaw under active exploitation

Executive Summary

Microsoft’s August Patch Tuesday provides updates to address security issues across its product range, including several critical patches. The standout patch in this release is for a Zero-Day flaw, affecting both client and server version of Windows, that is being actively exploited in the wild. This flaw is present within the Microsoft Windows Support Diagnostic Tool (MSDT), which is the same windows component that previously made headlines with the Follina zero day (CVE-2022-30190).

Security updates have also been released for other Microsoft products to tackle different issues, including privilege escalation flaws within Microsoft Exchange servers.

What’s the risk to me or my business?

Security updates are available for all supported versions of Windows. As some of these updates address vulnerabilities that are known to be actively exploited, the updates should be applied as soon as possible, particularly as this release contains a patch for an actively exploited Zero-day.

What can I do?

Apply the available updates from Microsoft as soon as possible, while taking into consideration any potential downtime that these updates may cause.

Technical Summary

The Zero-Day exploit, CVE-2022-34713, requires an end user to either open a crafted file sent as an email attachment, or through a link clicked on a website. This then in turn exploits the vulnerability within the Windows component, granting access to the malicious attacker to execute remote code on the victims computer. Microsoft reinforces the message that further awareness is required to upskill employees to be wary of these types of attacks, since malicious documents and links are a common attack vector which are still being used by attackers to great effect. Further information on this particular vulnerability is available here: CVE-2022-34713 - Security Update Guide - Microsoft - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Further details on other specific updates within this Patch Tuesday can be found here: Microsoft Windows Security Updates August 2022 overview - gHacks Tech News

Need help understanding your gaps, or just want some advice? Get in touch with us.

Read More