{"uuid": "de6a3f97-7e0e-40be-9f3b-b7855476aade", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34713", "type": "published-proof-of-concept", "source": "https://t.me/avleonovrus/79", "content": "Hello everyone! In this episode, let\u2019s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August Patch Tuesdays.\n\nThere were 147 vulnerabilities. Urgent: 1, Critical: 0, High: 36, Medium: 108, Low: 2.\n\nThere was a lot of great stuff this Patch Tuesday. There was a critical exploited in the wild MSDT DogWalk vulnerability, 3 critical Exchange vulnerabilities that could be easily missed in prioritization, 13 potentially dangerous vulnerabilities, 2 funny vulnerabilities and 3 mysterious ones. Let\u2019s take a closer look.\n\n01:02 MSDT RCE DogWalk CVE-2022-34713\n02:38 3 Microsoft Exchange EOPs  (CVE-2022-21980, CVE-2022-24516, CVE-2022-24477)\n04:23 13 potentially dangerous vulnerabilities (PPP, SSTP, SMB,  Visual Studio, AD, NFS, Print Spooler) \n11:06 2 funny vulnerabilities (Edge CVE-2022-2623, Outlook CVE-2022-35742)\n12:46 3 mysterious vulnerabilities (CryptoPro, Eurosoft, New Horizon Data Systems)\n\nVideo:  https://youtu.be/gSC8ExHUtt8\nVideo2 (for Russia): https://vk.com/video-149273431_456239098\nBlogpost: https://avleonov.com/2022/08/23/microsoft-patch-tuesday-august-2022-dogwalk-exchange-eops-13-potentially-dangerous-2-funny-3-mysterious-vulnerabilities/\nFull report: https://avleonov.com/vulristics_reports/ms_patch_tuesday_august2022_report_with_comments_ext_img.html\n\n#microsoft #patchtuesday\n\n@avleonovcom", "creation_timestamp": "2022-08-29T20:46:30.000000Z"}