Hello, welcome to the Wednesday, August 10th, 2022 edition of the Sands and the Internet Storm Center's Stormcast.

My name is Johannes Ulrich, and then I am again recording from Jacksonville, Florida.

Top of the news today, no surprise, Microsoft's patch Tuesday, we got patches for a total of 141 vulnerabilities,

which does include the chromium patches for Microsoft Edge, which were released earlier.

17 of these vulnerabilities are critical and two have already been disclosed.

Now, there's also one vulnerability CVE 22-34-713

that has already been exploited. This vulnerability is actually affecting sort of an good old friend.

It's a patch for a path traversal vulnerability in Microsoft Windows Support Diagnostic tool or MSDT,

which has caused a lot of problems, of course, over the last two years or so, and this new

variant of the patch traversal issue has been in some form around for two years, has been

sort of rediscovered back in June, and also now has a nice kind of name, the Dog Walk vulnerability.

This vulnerability, as well as a second MSDT vulnerability, are both rated as important, not critical, exploitation would

require some user interaction, which causes the lower rating.

But for Microsoft Exchange Server, we do have three vulnerabilities that are privileged

escalation vulnerabilities, but still rated critical.

They're affecting Exchange Server 2013, 16 and 19,

but to mitigate these issues, just applying the patch is not sufficient.

In addition, you need to enable Windows extended protection on your exchange server. Microsoft released a blog post

about it with detail. Extended protection is mainly meant to prevent machine in the middle

attacks. Microsoft made a script available to make it easier to enable extended protection

on your servers.

But as the blog warns, please read up first and make sure nothing breaks as you enable it.

...