Microsoft Security Bulletin Coverage for August 2022

By

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2022. A list of issues reported, along with SonicWall coverage information, is as follows:

CVE-2022-34699 Windows Win32k Elevation of Privilege Vulnerability
ASPY 346:Malformed-File exe.MP_263

CVE-2022-34713 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
IPS 3130:Suspicious HTTP Response 2
ASPY 348 :Malformed-File cab.MP_2

CVE-2022-35748 HTTP.sys Denial of Service Vulnerability
ASPY 3122:Microsoft IIS HTTP.sys DoS (CVE-2022-35748)

CVE-2022-35750 Win32k Elevation of Privilege Vulnerability
ASPY 347:Malformed-File exe.MP_264

CVE-2022-35751 Windows Hyper-V Elevation of Privilege Vulnerability
ASPY 353:Malformed-File exe.MP_269

CVE-2022-35755 Windows Print Spooler Elevation of Privilege Vulnerability
ASPY 352:Malformed-File exe.MP_268

CVE-2022-35756 Windows Kerberos Elevation of Privilege Vulnerability
ASPY 351:Malformed-File exe.MP_267

CVE-2022-35761 Windows Kernel Elevation of Privilege Vulnerability
ASPY 350:Malformed-File exe.MP_266

CVE-2022-35793 Windows Print Spooler Elevation of Privilege Vulnerability
ASPY 349:Malformed-File exe.MP_265

Adobe Coverage:
CVE-2022-35670 Adobe Reader Use After Free Vulnerability
ASPY 354:Malformed-File pdf.MP_557

CVE-2022-35671 Adobe Reader Out of Bounds Read Vulnerability
ASPY 355:Malformed-File pdf.MP_558

The following vulnerabilities do not have exploits in the wild :
CVE-2022-21979 Microsoft Exchange Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-21980 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24477 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24516 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-30133 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30134 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-30144 Windows Bluetooth Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30175 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30176 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30194 Windows WebBrowser Control Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-30197 Windows Kernel Security Feature Bypass
There are no known exploits in the wild.
CVE-2022-33631 Microsoft Excel Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-33636 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-33640 System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33646 Azure Batch Node Agent Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-33648 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-33649 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-33670 Windows Partition Management Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34301 CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass
There are no known exploits in the wild.
CVE-2022-34302 CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass
There are no known exploits in the wild.
CVE-2022-34303 CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass
There are no known exploits in the wild.
CVE-2022-34685 Azure RTOS GUIX Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34686 Azure RTOS GUIX Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34687 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34690 Windows Fax Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34691 Active Directory Domain Services Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34692 Microsoft Exchange Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34696 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34701 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-34702 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34703 Windows Partition Management Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34704 Windows Defender Credential Guard Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34705 Windows Defender Credential Guard Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34706 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34707 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-34708 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34709 Windows Defender Credential Guard Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-34710 Windows Defender Credential Guard Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34712 Windows Defender Credential Guard Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-34714 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34715 Windows Network File System Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-34716 .NET Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2022-34717 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35742 Microsoft Outlook Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-35743 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35744 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35745 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35746 Windows Digital Media Receiver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35747 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-35749 Windows Digital Media Receiver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35752 RAS Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35753 RAS Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35754 Unified Write Filter Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35757 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35758 Windows Kernel Memory Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-35759 Windows Local Security Authority (LSA) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-35760 Microsoft ATA Port Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35762 Storage Spaces Direct Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35763 Storage Spaces Direct Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35764 Storage Spaces Direct Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35765 Storage Spaces Direct Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35766 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35767 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35768 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35769 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-35771 Windows Defender Credential Guard Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35772 Azure Site Recovery Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35773 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35774 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35775 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35776 Azure Site Recovery Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-35777 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35779 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35780 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35781 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35782 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35783 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35784 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35785 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35786 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35787 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35788 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35789 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35790 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35791 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35792 Storage Spaces Direct Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35794 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35795 Windows Error Reporting Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35796 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35797 Windows Hello Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-35799 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35800 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35801 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35802 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35804 SMB Client and Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35806 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-35807 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35808 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35809 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35810 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35811 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35812 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35813 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35814 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35815 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35816 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35817 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35818 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35819 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35820 Windows Bluetooth Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-35821 Azure Sphere Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-35824 Azure Site Recovery Remote Code Execution Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.