Microsoft Patch Tuesday – August

Published On: August 14, 2022Categories: Cyber Briefs

In today’s SensCy Cyber Brief, your SensCy team is reviewing Microsoft’s latest series of patches. Today’s Patch Tuesday comes with fixes for an actively exploited zero-day vulnerability, one non-exploited zero-day vulnerability, and a total of 121 flaws.

What is Patch Tuesday?

Patch Tuesday is Microsoft’s initiative to release new security fixes for the Windows operating system and any other Microsoft software on a Monthly basis. Your SensCy team will monitor such releases and provide you with our observations and recommendations.

Why is it important?

This month’s patch Tuesday is particularly important because it fixes Zero-day Vulnerabilities (a vulnerability in a system or device that has been disclosed but not previously patched). The SensCy team urges Microsoft users to immediately install these patches.

One of the zero-day vulnerabilities was actively exploited by a hacker and is called “DogWalk.” It was discovered by security researcher Imre Rad in January 2020 but Microsoft decided to wait to release a fix because it wasn’t yet a security issue. Now Microsoft has added a fix for this zero-day on their August Patch Tuesday.

In addition to the zero-day fix, Microsoft is also fixing 121 vulnerabilities, with seventeen classified as “Critical” as they allow remote code executions or elevation of privilege.

Here is a breakdown of each vulnerability category

  • 64 Elevation of Privilege Vulnerabilities
  • 6 Security Feature Bypass Vulnerabilities
  • 31 Remote Code Execution Vulnerabilities
  • 12 Information Disclosure Vulnerabilities
  • 7 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability

For more information on each vulnerability and the system that it affects, please refer to the full report from Microsoft here.

If you have any questions or concerns regarding patch Tuesday and are unsure of the implication of the new updates on your company, please reach out to your SensCy Client Advocate. If you’re currently not a client of SensCy, email us at info@senscy.com for more information.

Related Posts

  • November 29, 2022

    Categories: Cyber Briefs

    In today’s SensCy Cyber Brief, your SensCy team is investigating Business Email Compromise (BEC) fraud and methods used by threat actors that could leave your [...]

  • November 4, 2022

    Categories: Cyber Briefs

    In today’s SensCy Cyber Brief, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version immediately. The new update was released [...]

  • October 24, 2022

    Categories: Cyber Briefs

    On Wednesday, October 19, Microsoft confirmed that it accidentally exposed information about thousands of customers following a misconfiguration that left an endpoint publicly accessible without [...]