Microsoft release patches for 141 bugs

Tech giant Microsoft has released patches for 141 bugs in its August 2022 Patch update, including two previously undisclosed (zero-day) flaws.

The total patch count includes 20 flaws in Edge that Microsoft had previously released fixes for, leaving 121 flaws affecting Windows, Office, Azure, .NET Core, Visual Studio and Exchange Server.

Microsoft addressed 17 critical flaws and 102 important flaws this month across. The fixes address 64 elevations of privilege flaws and 32 remote code execution flaws, as well as security feature bypasses and information disclosure flaws.

34 of this month’s fixes address bugs in Azure Site Recovery, Microsoft’s disaster recovery toolset for the cloud. The actively exploited bug is a remote code execution flaw affecting the Microsoft Windows Support Diagnostic Tool (MSDT). According to Microsoft, it is related to a bug that some security researchers refer to as “Dogwalk”.

Researchers reported the Dogwalk bug to Microsoft in early 2020 but Microsoft did not address it until May this year, when attackers began exploiting MSDT via malicious Word documents. The company that month issued the identifier with mitigation steps, followed by a patch in mid-June and further defense-in-depth measures in July.