Elain Brown Tech 08.09.2022 23:Aug PM EDT

Microsoft August 2022 Patch Tuesday: Is a Fix for the 'DogWalk' Zero-Day Vulnerability Included?

Microsoft's latest patch Tuesday deployed improvements and addressed numerous vulnerabilities detected in the system.

Today is the August 2022 edition of Microsoft's Patch Tuesday, and with it comes updates for a total of 121 vulnerabilities, including the actively exploited zero-day vulnerability named DogWalk.

Numerous vulnerabilities that were detected and categorized as critical were fixed in this update. These vulnerabilities permit remote code execution or elevation of privileges.

According to BleepingComputer, the latest patch addressed 121 vulnerabilities which includes:

64 Elevation of Privilege Vulnerabilities
31 Remote Code Execution Vulnerabilities
20 vulnerabilities fixed in Microsoft Edge
12 Information Disclosure Vulnerabilities
7 Denial of Service Vulnerabilities
6 Security Feature Bypass Vulnerabilities
1 Spoofing Vulnerability

Microsoft's Patched Vulnerability

Microsoft's latest patch Tuesday also addresses the problems with the two zero-day vulnerabilities, with one of them being actively exploited in the wild.

That one vulnerability that has been exploited in attacks is tagged as "DogWalk" and Microsoft tracks it as CVE-2022-34713, a remote code execution vulnerability.

In this attack, an actor would persuade potential victims to click on a link provided by them.The actors would entice a potential victim in a message through email or instant message to open the file or link they sent.

According to Microsoft, "In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file."

On the other hand, "In a web-based attack scenario, an attacker could host a website containing a specially crafted file designed to exploit the vulnerability."

Imre Rad was the security researcher who first detected this vulnerability in January 20202, but back then, Microsoft made the decision not to fix it because it did not pose a security risk.

However, after Microsoft Office MSDT detected the threat recently, security researchers pushed once more for the DogWalk vulnerability to be fixed and it is now included in the recent patch release.

Furthermore, the other zero-day vulnerability is tracked by Microsoft as CVE-2022-30134, which allows actors to read email messages from targeted victims.

The company notes that the vulnerability CVE-2022-30134 has been made public but has not been found to have been exploited in attacks.

Microsoft's Windows 10 KB5016616 and KB5016623 updates

Microsoft has also released this update to address issues with Windows 10. Cumulative updates for Windows 10 version 21H2, version 21H1, version 20H2, and version 1809 have been issued by Microsoft.

These upgrades, known as KB5016616 and KB5016623, address security vulnerabilities as well as bugs and performance problems.

The update gives you the option to receive important notifications when focus assist is on. Focus Assist is like a do not disturb mode that hides notifications.

According to Microsoft, the update for KB5016616 resolves numerous noticeable problems that users encounter.

Some of the highlights of this update include resolving a known problem that could prevent the Language Bar and Input Indicator from displaying in the notification area. This issue manifests itself on machines that have software loaded in more than one language.

Second, it solves a problem that could arise during the printing process if users submit certain files to a printer.

The third specifically addresses concerns regarding the safety of your Windows operating system.

Furthermore, Microsoft users can choose to manually update their operating system by heading to Settings, then selecting Windows Update, and then clicking Check for Updates.