Share this article

Improve this guide

121 CVEs addressed through the August 2022 Patch Tuesday rollout

10 min. read

Published onAugust 10, 2022

published onAugust 10, 2022

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

If you are feeling a tad uncomfortable, it’s because we’re already in August and the temperatures are starting to slowly build up in our offices.

Windows users, however, are looking towards Microsoft in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve already provided thedirect download linksfor the cumulative updates released today for Windows 10 and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again.

This month, the Redmond tech giant released 121 new patches, which is a lot more than some people were expecting right after Easter.

These software updates address CVEs in:

All of this is beside the 17 CVEs patched in Edge (Chromium-based) and three patches related to secure boot from CERT/CC, which actually brings the total number of CVEs to 141

Microsoft provides fixes for 121 flaws in August 2022

Microsoft provides fixes for 121 flaws in August 2022

It’s pretty much safe to say that this wasn’t either the busiest or the lightest month for Redmond-based security experts.

You might like to know that, out of the 121 new CVEs released, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity.

Please keep in mind that two of these bugs are listed as publicly known, and one is listed as under active attack at the time of release.

You should know that the month of August brings no less than 34 updates just for the Azure Site Recovery component.

This brings the tally up to 66 updates for this component in July and August, which is a pretty big number even by Microsoft standards.

For August 2022, there are two RCE bugs, one DoS, and 31 EoP vulnerabilities being fixed, just to clarify the situation.

All of the above-mentioned bugs involve the VMWare-to-Azure scenario. That being said, if you use Azure Site Recovery, you will need to update to9.50to be protected.

Also, there are nine other code execution bugs fixed through this month’s Patch Tuesday rollout, including another bug in MSDT that is not under active attack for the time being.

We’re also looking at two bugs in the Windows Defender Credential Guard, both of which could allow an attacker to access Kerberos-protected data.

Before we conclude, let’s also state the fact that seven different Denial-of-Service (DoS) vulnerabilities received fixes this month, including the above-mentioned Outlook and Azure Site Recovery bugs.

You can track all of the CVEs addressed this month from the list above, and be aware of everything that is happening.

Looking forward, the next Patch Tuesday security update rollout will be on the 13th of September, which is a bit sooner than some expected it.

Have you found any other issues after installing this month’s security updates? Share your opinion in the comments section below.

More about the topics:patch tuesday

Alexandru Poloboc

Tech Journalist

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio entertainment show host.

A certified gadget freak, he always feels the need to surround himself with next-generation electronics.

When he is not working, he splits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Alexandru Poloboc

Tech Journalist

With a desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter.