Microsoft phát hành bản vá lỗ hổng bảo mật tháng 8

10:00 | 22/08/2022 | TIN TỨC SẢN PHẨM
Trung tuần tháng 8, Microsoft đã phát hành bản vá cho 121 lỗ hổng bảo mật. Trong đó có 17 lỗ hổng nghiêm trọng cho phép leo thang đặc quyền và thực thi mã từ xa. Đáng chú ý, một lỗ hổng zero-day đã bị khai thác trong thực tế có định danh CVE-2022-34713.

Bản vá lỗ hổng bảo mật tháng 8 là bản vá lớn thứ hai trong năm nay của Microsoft. Các lỗ hổng hổng được vá bao gồm: tấn công từ chối dịch vụ (Denial of Service - DoS), leo thang đặc quyền (Elevation of Privilege - EoP), tiết lộ thông tin, thực thi mã từ xa (Remote Code Execution - RCE), vượt qua tính năng bảo mật (Security Feature Bypass) và giả mạo (Spoofing).

Thống kê phân loại lỗ hổng bảo mật tháng 8

Người dùng và quản trị viên cần lưu ý một số lỗ hổng bảo mật có mức ảnh hưởng lớn mà Microsoft đã khắc phục trong tháng này:

  • CVE-2022-34713: Lỗ hổng RCE nằm trong công cụ chẩn đoán hỗ trợ của Microsoft Windows (Microsoft Windows Support Diagnostic Tool - MSDT) đã bị tiết lộ công khai và đang được tin tặc khai thác trong thực tế. Việc khai thác lỗ hổng yêu cầu người dùng phải mở một tệp được chế tạo đặc biệt.
  • CVE-2022-30134: Lỗ hổng Microsoft Exchange Server Elevation of Privilege đã được tiết lộ công khai, may mắn chưa ghi nhận việc lỗ hổng bị khai thác thành công. Theo Microsoft, người dùng nên bật cơ chế Extended Protection để ngăn chặn cuộc tấn công khai thác lỗ hổng này.
  • CVE-2022-30133: Lỗ hổng RCE trong giao thức kết nối đầu cuối (Windows Point-to-Point Protocol - PPP) của Windows, vượt qua cơ chế xác thực bằng cách gửi yêu cầu kết nối được chế tạo đặc biệt tới máy chủ RAS. Microsoft lưu ý rằng lỗ hổng này chỉ có thể bị khai thác qua cổng 1723.
  • CVE-2022-35744: Đây là một lỗ hổng RCE khác trong giao thức PPP. Lỗ hổng này cũng có thể bị khai thác mà không cần xác thực giống CVE-2022-30133.
  • CVE-2022-34691: Đây là lỗ hổng leo thang đặc quyền của dịch vụ quản lý miền Active Directory. Nó có thể bị khai thác bởi kẻ tấn công đã xác thực có được chứng chỉ từ Dịch vụ chứng chỉ Active Directory (Active Directory Certificate Services) cho phép nâng cao đặc quyền cho hệ thống.
  • CVE-2022-35804: Lỗ hổng SMB Client và Server RCE có thể cho phép kẻ tấn công thực thi mã trên hệ thống mục tiêu.

Để đảm bảo cho hệ thống an toàn, người dùng nên cập nhật bản vá bảo mật sớm nhất có thể, sao lưu dữ liệu quan trọng và thực hiện snapshot hệ thống trước khi thực hiện cập nhật để đảm bảo an toàn.

Dưới đây là danh sách các lỗ hổng được vá trong bản cập nhật bảo mật tháng 8 của Microsoft.

Nhãn

Định danh

Tên lỗ hổng

Mức độ nghiêm trọng

.NET Core

CVE-2022-34716

.NET Spoofing Vulnerability

Quan trọng

Active Directory Domain Services

CVE-2022-34691

Active Directory Domain Services Elevation of Privilege Vulnerability

Nghiêm trọng

Azure Batch Node Agent

CVE-2022-33646

Azure Batch Node Agent Elevation of Privilege Vulnerability

Nghiêm trọng

Azure Real Time Operating System

CVE-2022-34685

Azure RTOS GUIX Studio Information Disclosure Vulnerability

Quan trọng

Azure Real Time Operating System

CVE-2022-34686

Azure RTOS GUIX Studio Information Disclosure Vulnerability

Quan trọng

Azure Real Time Operating System

CVE-2022-35773

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Quan trọng

Azure Real Time Operating System

CVE-2022-35779

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Quan trọng

Azure Real Time Operating System

CVE-2022-35806

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Quan trọng

Azure Real Time Operating System

CVE-2022-34687

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Quan trọng

Azure Real Time Operating System

CVE-2022-30176

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Quan trọng

Azure Real Time Operating System

CVE-2022-30175

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35791

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35818

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35809

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35789

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35815

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35817

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35816

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35814

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35785

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35812

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35811

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35784

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35810

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35813

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35788

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35783

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35786

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35787

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35819

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35781

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35775

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35790

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35780

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35799

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35772

Azure Site Recovery Remote Code Execution Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35800

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35774

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35802

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35782

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35824

Azure Site Recovery Remote Code Execution Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35801

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35808

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35776

Azure Site Recovery Denial of Service Vulnerability

Quan trọng

Azure Site Recovery

CVE-2022-35807

Azure Site Recovery Elevation of Privilege Vulnerability

Quan trọng

Azure Sphere

CVE-2022-35821

Azure Sphere Information Disclosure Vulnerability

Quan trọng

Microsoft ATA Port Driver

CVE-2022-35760

Microsoft ATA Port Driver Elevation of Privilege Vulnerability

Quan trọng

Microsoft Bluetooth Driver

CVE-2022-35820

Windows Bluetooth Driver Elevation of Privilege Vulnerability

Quan trọng

Microsoft Edge (Chromium-based)

CVE-2022-35796

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Thấp

Microsoft Edge (Chromium-based)

CVE-2022-33649

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Quan trọng

Microsoft Edge (Chromium-based)

CVE-2022-2618

Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2616

Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2617

Chromium: CVE-2022-2617 Use after free in Extensions API

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2619

Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2622

Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2623

Chromium: CVE-2022-2623 Use after free in Offline

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-33636

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Trung bình

Microsoft Edge (Chromium-based)

CVE-2022-2621

Chromium: CVE-2022-2621 Use after free in Extensions

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2615

Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2604

Chromium: CVE-2022-2604 Use after free in Safe Browsing

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2605

Chromium: CVE-2022-2605 Out of bounds read in Dawn

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2624

Chromium: CVE-2022-2624 Heap buffer overfThấp in PDF

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2603

Chromium: CVE-2022-2603 Use after free in Omnibox

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2606

Chromium: CVE-2022-2606 Use after free in Managed devices API

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2612

Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2614

Chromium: CVE-2022-2614 Use after free in Sign-In FThấp

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2610

Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch

Chưa rõ

Microsoft Edge (Chromium-based)

CVE-2022-2611

Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API

Chưa rõ

Microsoft Exchange Server

CVE-2022-34692

Microsoft Exchange Information Disclosure Vulnerability

Quan trọng

Microsoft Exchange Server

CVE-2022-21980

Microsoft Exchange Server Elevation of Privilege Vulnerability

Nghiêm trọng

Microsoft Exchange Server

CVE-2022-21979

Microsoft Exchange Information Disclosure Vulnerability

Quan trọng

Microsoft Exchange Server

CVE-2022-24516

Microsoft Exchange Server Elevation of Privilege Vulnerability

Nghiêm trọng

Microsoft Exchange Server

CVE-2022-30134

Microsoft Exchange Information Disclosure Vulnerability

Quan trọng

Microsoft Exchange Server

CVE-2022-24477

Microsoft Exchange Server Elevation of Privilege Vulnerability

Nghiêm trọng

Microsoft Office

CVE-2022-34717

Microsoft Office Remote Code Execution Vulnerability

Quan trọng

Microsoft Office Excel

CVE-2022-33648

Microsoft Excel Remote Code Execution Vulnerability

Quan trọng

Microsoft Office Excel

CVE-2022-33631

Microsoft Excel Security Feature Bypass Vulnerability

Quan trọng

Microsoft Office Outlook

CVE-2022-35742

Microsoft Outlook Denial of Service Vulnerability

Quan trọng

Microsoft Windows Support Diagnostic Tool (MSDT)

CVE-2022-34713

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Quan trọng

Microsoft Windows Support Diagnostic Tool (MSDT)

CVE-2022-35743

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Quan trọng

Remote Access Service Point-to-Point Tunneling Protocol

CVE-2022-35752

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Nghiêm trọng

Remote Access Service Point-to-Point Tunneling Protocol

CVE-2022-35753

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Nghiêm trọng

Remote Access Service Point-to-Point Tunneling Protocol

CVE-2022-35769

Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability

Quan trọng

Role: Windows Fax Service

CVE-2022-34690

Windows Fax Service Elevation of Privilege Vulnerability

Quan trọng

Role: Windows Hyper-V

CVE-2022-34696

Windows Hyper-V Remote Code Execution Vulnerability

Nghiêm trọng

Role: Windows Hyper-V

CVE-2022-35751

Windows Hyper-V Elevation of Privilege Vulnerability

Quan trọng

System Center Operations Manager

CVE-2022-33640

System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Quan trọng

Visual Studio

CVE-2022-35827

Visual Studio Remote Code Execution Vulnerability

Quan trọng

Visual Studio

CVE-2022-35777

Visual Studio Remote Code Execution Vulnerability

Quan trọng

Visual Studio

CVE-2022-35825

Visual Studio Remote Code Execution Vulnerability

Quan trọng

Visual Studio

CVE-2022-35826

Visual Studio Remote Code Execution Vulnerability

Quan trọng

Windows Bluetooth Service

CVE-2022-30144

Windows Bluetooth Service Remote Code Execution Vulnerability

Quan trọng

Windows Canonical Display Driver

CVE-2022-35750

Win32k Elevation of Privilege Vulnerability

Quan trọng

Windows Cloud Files Mini Filter Driver

CVE-2022-35757

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Quan trọng

Windows Defender Credential Guard

CVE-2022-35771

Windows Defender Credential Guard Elevation of Privilege Vulnerability

Quan trọng

Windows Defender Credential Guard

CVE-2022-34705

Windows Defender Credential Guard Elevation of Privilege Vulnerability

Quan trọng

Windows Defender Credential Guard

CVE-2022-34710

Windows Defender Credential Guard Information Disclosure Vulnerability

Quan trọng

Windows Defender Credential Guard

CVE-2022-34709

Windows Defender Credential Guard Security Feature Bypass Vulnerability

Quan trọng

Windows Defender Credential Guard

CVE-2022-34704

Windows Defender Credential Guard Information Disclosure Vulnerability

Quan trọng

Windows Defender Credential Guard

CVE-2022-34712

Windows Defender Credential Guard Information Disclosure Vulnerability

Quan trọng

Windows Digital Media

CVE-2022-35746

Windows Digital Media Receiver Elevation of Privilege Vulnerability

Quan trọng

Windows Digital Media

CVE-2022-35749

Windows Digital Media Receiver Elevation of Privilege Vulnerability

Quan trọng

Windows Error Reporting

CVE-2022-35795

Windows Error Reporting Service Elevation of Privilege Vulnerability

Quan trọng

Windows Hello

CVE-2022-35797

Windows Hello Security Feature Bypass Vulnerability

Quan trọng

Windows Internet Information Services

CVE-2022-35748

HTTP.sys Denial of Service Vulnerability

Quan trọng

Windows Kerberos

CVE-2022-35756

Windows Kerberos Elevation of Privilege Vulnerability

Quan trọng

Windows Kernel

CVE-2022-35761

Windows Kernel Elevation of Privilege Vulnerability

Quan trọng

Windows Kernel

CVE-2022-35768

Windows Kernel Elevation of Privilege Vulnerability

Quan trọng

Windows Kernel

CVE-2022-34708

Windows Kernel Information Disclosure Vulnerability

Quan trọng

Windows Kernel

CVE-2022-34707

Windows Kernel Elevation of Privilege Vulnerability

Quan trọng

Windows Kernel

CVE-2022-35804

SMB Client and Server Remote Code Execution Vulnerability

Nghiêm trọng

Windows Kernel

CVE-2022-30197

Windows Kernel Information Disclosure Vulnerability

Quan trọng

Windows Kernel

CVE-2022-35758

Windows Kernel Memory Information Disclosure Vulnerability

Quan trọng

Windows Local Security Authority (LSA)

CVE-2022-34706

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

Quan trọng

Windows Local Security Authority (LSA)

CVE-2022-35759

Windows Local Security Authority (LSA) Denial of Service Vulnerability

Quan trọng

Windows Network File System

CVE-2022-34715

Windows Network File System Remote Code Execution Vulnerability

Quan trọng

Windows Partition Management Driver

CVE-2022-33670

Windows Partition Management Driver Elevation of Privilege Vulnerability

Quan trọng

Windows Partition Management Driver

CVE-2022-34703

Windows Partition Management Driver Elevation of Privilege Vulnerability

Quan trọng

Windows Point-to-Point Tunneling Protocol

CVE-2022-30133

Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

Nghiêm trọng

Windows Point-to-Point Tunneling Protocol

CVE-2022-35747

Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability

Quan trọng

Windows Point-to-Point Tunneling Protocol

CVE-2022-35744

Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

Nghiêm trọng

Windows Print Spooler Components

CVE-2022-35793

Windows Print Spooler Elevation of Privilege Vulnerability

Quan trọng

Windows Print Spooler Components

CVE-2022-35755

Windows Print Spooler Elevation of Privilege Vulnerability

Quan trọng

Windows Secure Boot

CVE-2022-34301

CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass

Quan trọng

Windows Secure Boot

CVE-2022-34302

CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass

Quan trọng

Windows Secure Boot

CVE-2022-34303

CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass

Quan trọng

Windows Secure Socket Tunneling Protocol (SSTP)

CVE-2022-35745

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Nghiêm trọng

Windows Secure Socket Tunneling Protocol (SSTP)

CVE-2022-35766

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Nghiêm trọng

Windows Secure Socket Tunneling Protocol (SSTP)

CVE-2022-35794

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Nghiêm trọng

Windows Secure Socket Tunneling Protocol (SSTP)

CVE-2022-34701

Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability

Quan trọng

Windows Secure Socket Tunneling Protocol (SSTP)

CVE-2022-34714

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Nghiêm trọng

Windows Secure Socket Tunneling Protocol (SSTP)

CVE-2022-34702

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Nghiêm trọng

Windows Secure Socket Tunneling Protocol (SSTP)

CVE-2022-35767

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Nghiêm trọng

Windows Storage Spaces Direct

CVE-2022-35762

Storage Spaces Direct Elevation of Privilege Vulnerability

Quan trọng

Windows Storage Spaces Direct

CVE-2022-35765

Storage Spaces Direct Elevation of Privilege Vulnerability

Quan trọng

Windows Storage Spaces Direct

CVE-2022-35792

Storage Spaces Direct Elevation of Privilege Vulnerability

Quan trọng

Windows Storage Spaces Direct

CVE-2022-35763

Storage Spaces Direct Elevation of Privilege Vulnerability

Quan trọng

Windows Storage Spaces Direct

CVE-2022-35764

Storage Spaces Direct Elevation of Privilege Vulnerability

Quan trọng

Windows Unified Write Filter

CVE-2022-35754

Unified Write Filter Elevation of Privilege Vulnerability

Quan trọng

Windows WebBrowser Control

CVE-2022-30194

Windows WebBrowser Control Remote Code Execution Vulnerability

Quan trọng

Windows Win32K

CVE-2022-34699

Windows Win32k Elevation of Privilege Vulnerability

Quan trọng

Đăng Thứ

Tin cùng chuyên mục

Tin mới