Microsoft phát hành bản vá lỗ hổng bảo mật tháng 8
Bản vá lỗ hổng bảo mật tháng 8 là bản vá lớn thứ hai trong năm nay của Microsoft. Các lỗ hổng hổng được vá bao gồm: tấn công từ chối dịch vụ (Denial of Service - DoS), leo thang đặc quyền (Elevation of Privilege - EoP), tiết lộ thông tin, thực thi mã từ xa (Remote Code Execution - RCE), vượt qua tính năng bảo mật (Security Feature Bypass) và giả mạo (Spoofing).
Thống kê phân loại lỗ hổng bảo mật tháng 8
Người dùng và quản trị viên cần lưu ý một số lỗ hổng bảo mật có mức ảnh hưởng lớn mà Microsoft đã khắc phục trong tháng này:
- CVE-2022-34713: Lỗ hổng RCE nằm trong công cụ chẩn đoán hỗ trợ của Microsoft Windows (Microsoft Windows Support Diagnostic Tool - MSDT) đã bị tiết lộ công khai và đang được tin tặc khai thác trong thực tế. Việc khai thác lỗ hổng yêu cầu người dùng phải mở một tệp được chế tạo đặc biệt.
- CVE-2022-30134: Lỗ hổng Microsoft Exchange Server Elevation of Privilege đã được tiết lộ công khai, may mắn chưa ghi nhận việc lỗ hổng bị khai thác thành công. Theo Microsoft, người dùng nên bật cơ chế Extended Protection để ngăn chặn cuộc tấn công khai thác lỗ hổng này.
- CVE-2022-30133: Lỗ hổng RCE trong giao thức kết nối đầu cuối (Windows Point-to-Point Protocol - PPP) của Windows, vượt qua cơ chế xác thực bằng cách gửi yêu cầu kết nối được chế tạo đặc biệt tới máy chủ RAS. Microsoft lưu ý rằng lỗ hổng này chỉ có thể bị khai thác qua cổng 1723.
- CVE-2022-35744: Đây là một lỗ hổng RCE khác trong giao thức PPP. Lỗ hổng này cũng có thể bị khai thác mà không cần xác thực giống CVE-2022-30133.
- CVE-2022-34691: Đây là lỗ hổng leo thang đặc quyền của dịch vụ quản lý miền Active Directory. Nó có thể bị khai thác bởi kẻ tấn công đã xác thực có được chứng chỉ từ Dịch vụ chứng chỉ Active Directory (Active Directory Certificate Services) cho phép nâng cao đặc quyền cho hệ thống.
- CVE-2022-35804: Lỗ hổng SMB Client và Server RCE có thể cho phép kẻ tấn công thực thi mã trên hệ thống mục tiêu.
Để đảm bảo cho hệ thống an toàn, người dùng nên cập nhật bản vá bảo mật sớm nhất có thể, sao lưu dữ liệu quan trọng và thực hiện snapshot hệ thống trước khi thực hiện cập nhật để đảm bảo an toàn.
Dưới đây là danh sách các lỗ hổng được vá trong bản cập nhật bảo mật tháng 8 của Microsoft.
Nhãn |
Định danh |
Tên lỗ hổng |
Mức độ nghiêm trọng |
.NET Core |
CVE-2022-34716 |
.NET Spoofing Vulnerability |
Quan trọng |
Active Directory Domain Services |
CVE-2022-34691 |
Active Directory Domain Services Elevation of Privilege Vulnerability |
Nghiêm trọng |
Azure Batch Node Agent |
CVE-2022-33646 |
Azure Batch Node Agent Elevation of Privilege Vulnerability |
Nghiêm trọng |
Azure Real Time Operating System |
CVE-2022-34685 |
Azure RTOS GUIX Studio Information Disclosure Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-34686 |
Azure RTOS GUIX Studio Information Disclosure Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-35773 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-35779 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-35806 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-34687 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-30176 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-30175 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35791 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35818 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35809 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35789 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35815 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35817 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35816 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35814 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35785 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35812 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35811 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35784 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35810 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35813 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35788 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35783 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35786 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35787 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35819 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35781 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35775 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35790 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35780 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35799 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35772 |
Azure Site Recovery Remote Code Execution Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35800 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35774 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35802 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35782 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35824 |
Azure Site Recovery Remote Code Execution Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35801 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35808 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35776 |
Azure Site Recovery Denial of Service Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35807 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Sphere |
CVE-2022-35821 |
Azure Sphere Information Disclosure Vulnerability |
Quan trọng |
Microsoft ATA Port Driver |
CVE-2022-35760 |
Microsoft ATA Port Driver Elevation of Privilege Vulnerability |
Quan trọng |
Microsoft Bluetooth Driver |
CVE-2022-35820 |
Windows Bluetooth Driver Elevation of Privilege Vulnerability |
Quan trọng |
Microsoft Edge (Chromium-based) |
CVE-2022-35796 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
Thấp |
Microsoft Edge (Chromium-based) |
CVE-2022-33649 |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
Quan trọng |
Microsoft Edge (Chromium-based) |
CVE-2022-2618 |
Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2616 |
Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2617 |
Chromium: CVE-2022-2617 Use after free in Extensions API |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2619 |
Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2622 |
Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2623 |
Chromium: CVE-2022-2623 Use after free in Offline |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-33636 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
Trung bình |
Microsoft Edge (Chromium-based) |
CVE-2022-2621 |
Chromium: CVE-2022-2621 Use after free in Extensions |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2615 |
Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2604 |
Chromium: CVE-2022-2604 Use after free in Safe Browsing |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2605 |
Chromium: CVE-2022-2605 Out of bounds read in Dawn |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2624 |
Chromium: CVE-2022-2624 Heap buffer overfThấp in PDF |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2603 |
Chromium: CVE-2022-2603 Use after free in Omnibox |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2606 |
Chromium: CVE-2022-2606 Use after free in Managed devices API |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2612 |
Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2614 |
Chromium: CVE-2022-2614 Use after free in Sign-In FThấp |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2610 |
Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2611 |
Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API |
Chưa rõ |
Microsoft Exchange Server |
CVE-2022-34692 |
Microsoft Exchange Information Disclosure Vulnerability |
Quan trọng |
Microsoft Exchange Server |
CVE-2022-21980 |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
Nghiêm trọng |
Microsoft Exchange Server |
CVE-2022-21979 |
Microsoft Exchange Information Disclosure Vulnerability |
Quan trọng |
Microsoft Exchange Server |
CVE-2022-24516 |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
Nghiêm trọng |
Microsoft Exchange Server |
CVE-2022-30134 |
Microsoft Exchange Information Disclosure Vulnerability |
Quan trọng |
Microsoft Exchange Server |
CVE-2022-24477 |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
Nghiêm trọng |
Microsoft Office |
CVE-2022-34717 |
Microsoft Office Remote Code Execution Vulnerability |
Quan trọng |
Microsoft Office Excel |
CVE-2022-33648 |
Microsoft Excel Remote Code Execution Vulnerability |
Quan trọng |
Microsoft Office Excel |
CVE-2022-33631 |
Microsoft Excel Security Feature Bypass Vulnerability |
Quan trọng |
Microsoft Office Outlook |
CVE-2022-35742 |
Microsoft Outlook Denial of Service Vulnerability |
Quan trọng |
Microsoft Windows Support Diagnostic Tool (MSDT) |
CVE-2022-34713 |
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability |
Quan trọng |
Microsoft Windows Support Diagnostic Tool (MSDT) |
CVE-2022-35743 |
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability |
Quan trọng |
Remote Access Service Point-to-Point Tunneling Protocol |
CVE-2022-35752 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Remote Access Service Point-to-Point Tunneling Protocol |
CVE-2022-35753 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Remote Access Service Point-to-Point Tunneling Protocol |
CVE-2022-35769 |
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability |
Quan trọng |
Role: Windows Fax Service |
CVE-2022-34690 |
Windows Fax Service Elevation of Privilege Vulnerability |
Quan trọng |
Role: Windows Hyper-V |
CVE-2022-34696 |
Windows Hyper-V Remote Code Execution Vulnerability |
Nghiêm trọng |
Role: Windows Hyper-V |
CVE-2022-35751 |
Windows Hyper-V Elevation of Privilege Vulnerability |
Quan trọng |
System Center Operations Manager |
CVE-2022-33640 |
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
Quan trọng |
Visual Studio |
CVE-2022-35827 |
Visual Studio Remote Code Execution Vulnerability |
Quan trọng |
Visual Studio |
CVE-2022-35777 |
Visual Studio Remote Code Execution Vulnerability |
Quan trọng |
Visual Studio |
CVE-2022-35825 |
Visual Studio Remote Code Execution Vulnerability |
Quan trọng |
Visual Studio |
CVE-2022-35826 |
Visual Studio Remote Code Execution Vulnerability |
Quan trọng |
Windows Bluetooth Service |
CVE-2022-30144 |
Windows Bluetooth Service Remote Code Execution Vulnerability |
Quan trọng |
Windows Canonical Display Driver |
CVE-2022-35750 |
Win32k Elevation of Privilege Vulnerability |
Quan trọng |
Windows Cloud Files Mini Filter Driver |
CVE-2022-35757 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Quan trọng |
Windows Defender Credential Guard |
CVE-2022-35771 |
Windows Defender Credential Guard Elevation of Privilege Vulnerability |
Quan trọng |
Windows Defender Credential Guard |
CVE-2022-34705 |
Windows Defender Credential Guard Elevation of Privilege Vulnerability |
Quan trọng |
Windows Defender Credential Guard |
CVE-2022-34710 |
Windows Defender Credential Guard Information Disclosure Vulnerability |
Quan trọng |
Windows Defender Credential Guard |
CVE-2022-34709 |
Windows Defender Credential Guard Security Feature Bypass Vulnerability |
Quan trọng |
Windows Defender Credential Guard |
CVE-2022-34704 |
Windows Defender Credential Guard Information Disclosure Vulnerability |
Quan trọng |
Windows Defender Credential Guard |
CVE-2022-34712 |
Windows Defender Credential Guard Information Disclosure Vulnerability |
Quan trọng |
Windows Digital Media |
CVE-2022-35746 |
Windows Digital Media Receiver Elevation of Privilege Vulnerability |
Quan trọng |
Windows Digital Media |
CVE-2022-35749 |
Windows Digital Media Receiver Elevation of Privilege Vulnerability |
Quan trọng |
Windows Error Reporting |
CVE-2022-35795 |
Windows Error Reporting Service Elevation of Privilege Vulnerability |
Quan trọng |
Windows Hello |
CVE-2022-35797 |
Windows Hello Security Feature Bypass Vulnerability |
Quan trọng |
Windows Internet Information Services |
CVE-2022-35748 |
HTTP.sys Denial of Service Vulnerability |
Quan trọng |
Windows Kerberos |
CVE-2022-35756 |
Windows Kerberos Elevation of Privilege Vulnerability |
Quan trọng |
Windows Kernel |
CVE-2022-35761 |
Windows Kernel Elevation of Privilege Vulnerability |
Quan trọng |
Windows Kernel |
CVE-2022-35768 |
Windows Kernel Elevation of Privilege Vulnerability |
Quan trọng |
Windows Kernel |
CVE-2022-34708 |
Windows Kernel Information Disclosure Vulnerability |
Quan trọng |
Windows Kernel |
CVE-2022-34707 |
Windows Kernel Elevation of Privilege Vulnerability |
Quan trọng |
Windows Kernel |
CVE-2022-35804 |
SMB Client and Server Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Kernel |
CVE-2022-30197 |
Windows Kernel Information Disclosure Vulnerability |
Quan trọng |
Windows Kernel |
CVE-2022-35758 |
Windows Kernel Memory Information Disclosure Vulnerability |
Quan trọng |
Windows Local Security Authority (LSA) |
CVE-2022-34706 |
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability |
Quan trọng |
Windows Local Security Authority (LSA) |
CVE-2022-35759 |
Windows Local Security Authority (LSA) Denial of Service Vulnerability |
Quan trọng |
Windows Network File System |
CVE-2022-34715 |
Windows Network File System Remote Code Execution Vulnerability |
Quan trọng |
Windows Partition Management Driver |
CVE-2022-33670 |
Windows Partition Management Driver Elevation of Privilege Vulnerability |
Quan trọng |
Windows Partition Management Driver |
CVE-2022-34703 |
Windows Partition Management Driver Elevation of Privilege Vulnerability |
Quan trọng |
Windows Point-to-Point Tunneling Protocol |
CVE-2022-30133 |
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Point-to-Point Tunneling Protocol |
CVE-2022-35747 |
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability |
Quan trọng |
Windows Point-to-Point Tunneling Protocol |
CVE-2022-35744 |
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Print Spooler Components |
CVE-2022-35793 |
Windows Print Spooler Elevation of Privilege Vulnerability |
Quan trọng |
Windows Print Spooler Components |
CVE-2022-35755 |
Windows Print Spooler Elevation of Privilege Vulnerability |
Quan trọng |
Windows Secure Boot |
CVE-2022-34301 |
CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass |
Quan trọng |
Windows Secure Boot |
CVE-2022-34302 |
CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass |
Quan trọng |
Windows Secure Boot |
CVE-2022-34303 |
CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass |
Quan trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-35745 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-35766 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-35794 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-34701 |
Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability |
Quan trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-34714 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-34702 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-35767 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Storage Spaces Direct |
CVE-2022-35762 |
Storage Spaces Direct Elevation of Privilege Vulnerability |
Quan trọng |
Windows Storage Spaces Direct |
CVE-2022-35765 |
Storage Spaces Direct Elevation of Privilege Vulnerability |
Quan trọng |
Windows Storage Spaces Direct |
CVE-2022-35792 |
Storage Spaces Direct Elevation of Privilege Vulnerability |
Quan trọng |
Windows Storage Spaces Direct |
CVE-2022-35763 |
Storage Spaces Direct Elevation of Privilege Vulnerability |
Quan trọng |
Windows Storage Spaces Direct |
CVE-2022-35764 |
Storage Spaces Direct Elevation of Privilege Vulnerability |
Quan trọng |
Windows Unified Write Filter |
CVE-2022-35754 |
Unified Write Filter Elevation of Privilege Vulnerability |
Quan trọng |
Windows WebBrowser Control |
CVE-2022-30194 |
Windows WebBrowser Control Remote Code Execution Vulnerability |
Quan trọng |
Windows Win32K |
CVE-2022-34699 |
Windows Win32k Elevation of Privilege Vulnerability |
Quan trọng |
Đăng Thứ