Bản vá lỗ hổng bảo mật tháng 8 là bản vá lớn thứ hai trong năm nay của Microsoft. Các lỗ hổng hổng được vá bao gồm: tấn công từ chối dịch vụ (Denial of Service - DoS), leo thang đặc quyền (Elevation of Privilege - EoP), tiết lộ thông tin, thực thi mã từ xa (Remote Code Execution - RCE), vượt qua tính năng bảo mật (Security Feature Bypass) và giả mạo (Spoofing).
Thống kê phân loại lỗ hổng bảo mật tháng 8
Người dùng và quản trị viên cần lưu ý một số lỗ hổng bảo mật có mức ảnh hưởng lớn mà Microsoft đã khắc phục trong tháng này:
Để đảm bảo cho hệ thống an toàn, người dùng nên cập nhật bản vá bảo mật sớm nhất có thể, sao lưu dữ liệu quan trọng và thực hiện snapshot hệ thống trước khi thực hiện cập nhật để đảm bảo an toàn.
Dưới đây là danh sách các lỗ hổng được vá trong bản cập nhật bảo mật tháng 8 của Microsoft.
Nhãn |
Định danh |
Tên lỗ hổng |
Mức độ nghiêm trọng |
.NET Core |
CVE-2022-34716 |
.NET Spoofing Vulnerability |
Quan trọng |
Active Directory Domain Services |
CVE-2022-34691 |
Active Directory Domain Services Elevation of Privilege Vulnerability |
Nghiêm trọng |
Azure Batch Node Agent |
CVE-2022-33646 |
Azure Batch Node Agent Elevation of Privilege Vulnerability |
Nghiêm trọng |
Azure Real Time Operating System |
CVE-2022-34685 |
Azure RTOS GUIX Studio Information Disclosure Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-34686 |
Azure RTOS GUIX Studio Information Disclosure Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-35773 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-35779 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-35806 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-34687 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-30176 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
Quan trọng |
Azure Real Time Operating System |
CVE-2022-30175 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35791 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35818 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35809 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35789 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35815 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35817 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35816 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35814 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35785 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35812 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35811 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35784 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35810 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35813 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35788 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35783 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35786 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35787 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35819 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35781 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35775 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35790 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35780 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35799 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35772 |
Azure Site Recovery Remote Code Execution Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35800 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35774 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35802 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35782 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35824 |
Azure Site Recovery Remote Code Execution Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35801 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35808 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35776 |
Azure Site Recovery Denial of Service Vulnerability |
Quan trọng |
Azure Site Recovery |
CVE-2022-35807 |
Azure Site Recovery Elevation of Privilege Vulnerability |
Quan trọng |
Azure Sphere |
CVE-2022-35821 |
Azure Sphere Information Disclosure Vulnerability |
Quan trọng |
Microsoft ATA Port Driver |
CVE-2022-35760 |
Microsoft ATA Port Driver Elevation of Privilege Vulnerability |
Quan trọng |
Microsoft Bluetooth Driver |
CVE-2022-35820 |
Windows Bluetooth Driver Elevation of Privilege Vulnerability |
Quan trọng |
Microsoft Edge (Chromium-based) |
CVE-2022-35796 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
Thấp |
Microsoft Edge (Chromium-based) |
CVE-2022-33649 |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
Quan trọng |
Microsoft Edge (Chromium-based) |
CVE-2022-2618 |
Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2616 |
Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2617 |
Chromium: CVE-2022-2617 Use after free in Extensions API |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2619 |
Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2622 |
Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2623 |
Chromium: CVE-2022-2623 Use after free in Offline |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-33636 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
Trung bình |
Microsoft Edge (Chromium-based) |
CVE-2022-2621 |
Chromium: CVE-2022-2621 Use after free in Extensions |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2615 |
Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2604 |
Chromium: CVE-2022-2604 Use after free in Safe Browsing |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2605 |
Chromium: CVE-2022-2605 Out of bounds read in Dawn |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2624 |
Chromium: CVE-2022-2624 Heap buffer overfThấp in PDF |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2603 |
Chromium: CVE-2022-2603 Use after free in Omnibox |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2606 |
Chromium: CVE-2022-2606 Use after free in Managed devices API |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2612 |
Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2614 |
Chromium: CVE-2022-2614 Use after free in Sign-In FThấp |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2610 |
Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch |
Chưa rõ |
Microsoft Edge (Chromium-based) |
CVE-2022-2611 |
Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API |
Chưa rõ |
Microsoft Exchange Server |
CVE-2022-34692 |
Microsoft Exchange Information Disclosure Vulnerability |
Quan trọng |
Microsoft Exchange Server |
CVE-2022-21980 |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
Nghiêm trọng |
Microsoft Exchange Server |
CVE-2022-21979 |
Microsoft Exchange Information Disclosure Vulnerability |
Quan trọng |
Microsoft Exchange Server |
CVE-2022-24516 |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
Nghiêm trọng |
Microsoft Exchange Server |
CVE-2022-30134 |
Microsoft Exchange Information Disclosure Vulnerability |
Quan trọng |
Microsoft Exchange Server |
CVE-2022-24477 |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
Nghiêm trọng |
Microsoft Office |
CVE-2022-34717 |
Microsoft Office Remote Code Execution Vulnerability |
Quan trọng |
Microsoft Office Excel |
CVE-2022-33648 |
Microsoft Excel Remote Code Execution Vulnerability |
Quan trọng |
Microsoft Office Excel |
CVE-2022-33631 |
Microsoft Excel Security Feature Bypass Vulnerability |
Quan trọng |
Microsoft Office Outlook |
CVE-2022-35742 |
Microsoft Outlook Denial of Service Vulnerability |
Quan trọng |
Microsoft Windows Support Diagnostic Tool (MSDT) |
CVE-2022-34713 |
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability |
Quan trọng |
Microsoft Windows Support Diagnostic Tool (MSDT) |
CVE-2022-35743 |
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability |
Quan trọng |
Remote Access Service Point-to-Point Tunneling Protocol |
CVE-2022-35752 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Remote Access Service Point-to-Point Tunneling Protocol |
CVE-2022-35753 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Remote Access Service Point-to-Point Tunneling Protocol |
CVE-2022-35769 |
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability |
Quan trọng |
Role: Windows Fax Service |
CVE-2022-34690 |
Windows Fax Service Elevation of Privilege Vulnerability |
Quan trọng |
Role: Windows Hyper-V |
CVE-2022-34696 |
Windows Hyper-V Remote Code Execution Vulnerability |
Nghiêm trọng |
Role: Windows Hyper-V |
CVE-2022-35751 |
Windows Hyper-V Elevation of Privilege Vulnerability |
Quan trọng |
System Center Operations Manager |
CVE-2022-33640 |
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
Quan trọng |
Visual Studio |
CVE-2022-35827 |
Visual Studio Remote Code Execution Vulnerability |
Quan trọng |
Visual Studio |
CVE-2022-35777 |
Visual Studio Remote Code Execution Vulnerability |
Quan trọng |
Visual Studio |
CVE-2022-35825 |
Visual Studio Remote Code Execution Vulnerability |
Quan trọng |
Visual Studio |
CVE-2022-35826 |
Visual Studio Remote Code Execution Vulnerability |
Quan trọng |
Windows Bluetooth Service |
CVE-2022-30144 |
Windows Bluetooth Service Remote Code Execution Vulnerability |
Quan trọng |
Windows Canonical Display Driver |
CVE-2022-35750 |
Win32k Elevation of Privilege Vulnerability |
Quan trọng |
Windows Cloud Files Mini Filter Driver |
CVE-2022-35757 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Quan trọng |
Windows Defender Credential Guard |
CVE-2022-35771 |
Windows Defender Credential Guard Elevation of Privilege Vulnerability |
Quan trọng |
Windows Defender Credential Guard |
CVE-2022-34705 |
Windows Defender Credential Guard Elevation of Privilege Vulnerability |
Quan trọng |
Windows Defender Credential Guard |
CVE-2022-34710 |
Windows Defender Credential Guard Information Disclosure Vulnerability |
Quan trọng |
Windows Defender Credential Guard |
CVE-2022-34709 |
Windows Defender Credential Guard Security Feature Bypass Vulnerability |
Quan trọng |
Windows Defender Credential Guard |
CVE-2022-34704 |
Windows Defender Credential Guard Information Disclosure Vulnerability |
Quan trọng |
Windows Defender Credential Guard |
CVE-2022-34712 |
Windows Defender Credential Guard Information Disclosure Vulnerability |
Quan trọng |
Windows Digital Media |
CVE-2022-35746 |
Windows Digital Media Receiver Elevation of Privilege Vulnerability |
Quan trọng |
Windows Digital Media |
CVE-2022-35749 |
Windows Digital Media Receiver Elevation of Privilege Vulnerability |
Quan trọng |
Windows Error Reporting |
CVE-2022-35795 |
Windows Error Reporting Service Elevation of Privilege Vulnerability |
Quan trọng |
Windows Hello |
CVE-2022-35797 |
Windows Hello Security Feature Bypass Vulnerability |
Quan trọng |
Windows Internet Information Services |
CVE-2022-35748 |
HTTP.sys Denial of Service Vulnerability |
Quan trọng |
Windows Kerberos |
CVE-2022-35756 |
Windows Kerberos Elevation of Privilege Vulnerability |
Quan trọng |
Windows Kernel |
CVE-2022-35761 |
Windows Kernel Elevation of Privilege Vulnerability |
Quan trọng |
Windows Kernel |
CVE-2022-35768 |
Windows Kernel Elevation of Privilege Vulnerability |
Quan trọng |
Windows Kernel |
CVE-2022-34708 |
Windows Kernel Information Disclosure Vulnerability |
Quan trọng |
Windows Kernel |
CVE-2022-34707 |
Windows Kernel Elevation of Privilege Vulnerability |
Quan trọng |
Windows Kernel |
CVE-2022-35804 |
SMB Client and Server Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Kernel |
CVE-2022-30197 |
Windows Kernel Information Disclosure Vulnerability |
Quan trọng |
Windows Kernel |
CVE-2022-35758 |
Windows Kernel Memory Information Disclosure Vulnerability |
Quan trọng |
Windows Local Security Authority (LSA) |
CVE-2022-34706 |
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability |
Quan trọng |
Windows Local Security Authority (LSA) |
CVE-2022-35759 |
Windows Local Security Authority (LSA) Denial of Service Vulnerability |
Quan trọng |
Windows Network File System |
CVE-2022-34715 |
Windows Network File System Remote Code Execution Vulnerability |
Quan trọng |
Windows Partition Management Driver |
CVE-2022-33670 |
Windows Partition Management Driver Elevation of Privilege Vulnerability |
Quan trọng |
Windows Partition Management Driver |
CVE-2022-34703 |
Windows Partition Management Driver Elevation of Privilege Vulnerability |
Quan trọng |
Windows Point-to-Point Tunneling Protocol |
CVE-2022-30133 |
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Point-to-Point Tunneling Protocol |
CVE-2022-35747 |
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability |
Quan trọng |
Windows Point-to-Point Tunneling Protocol |
CVE-2022-35744 |
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Print Spooler Components |
CVE-2022-35793 |
Windows Print Spooler Elevation of Privilege Vulnerability |
Quan trọng |
Windows Print Spooler Components |
CVE-2022-35755 |
Windows Print Spooler Elevation of Privilege Vulnerability |
Quan trọng |
Windows Secure Boot |
CVE-2022-34301 |
CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass |
Quan trọng |
Windows Secure Boot |
CVE-2022-34302 |
CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass |
Quan trọng |
Windows Secure Boot |
CVE-2022-34303 |
CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass |
Quan trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-35745 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-35766 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-35794 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-34701 |
Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability |
Quan trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-34714 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-34702 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2022-35767 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Nghiêm trọng |
Windows Storage Spaces Direct |
CVE-2022-35762 |
Storage Spaces Direct Elevation of Privilege Vulnerability |
Quan trọng |
Windows Storage Spaces Direct |
CVE-2022-35765 |
Storage Spaces Direct Elevation of Privilege Vulnerability |
Quan trọng |
Windows Storage Spaces Direct |
CVE-2022-35792 |
Storage Spaces Direct Elevation of Privilege Vulnerability |
Quan trọng |
Windows Storage Spaces Direct |
CVE-2022-35763 |
Storage Spaces Direct Elevation of Privilege Vulnerability |
Quan trọng |
Windows Storage Spaces Direct |
CVE-2022-35764 |
Storage Spaces Direct Elevation of Privilege Vulnerability |
Quan trọng |
Windows Unified Write Filter |
CVE-2022-35754 |
Unified Write Filter Elevation of Privilege Vulnerability |
Quan trọng |
Windows WebBrowser Control |
CVE-2022-30194 |
Windows WebBrowser Control Remote Code Execution Vulnerability |
Quan trọng |
Windows Win32K |
CVE-2022-34699 |
Windows Win32k Elevation of Privilege Vulnerability |
Quan trọng |
Đăng Thứ
12:00 | 12/08/2022
13:00 | 26/08/2022
12:00 | 05/08/2022
13:00 | 20/07/2022
07:00 | 07/11/2024
Cisco đã vá một lỗ hổng bị khai thác trong phần mềm Adaptive Security Appliance (ASA) và Firepower Threat Defense (FTD) mà kẻ tấn công sử dụng để tấn công từ chối dịch vụ (DoS).
07:00 | 23/10/2024
Công ty môi giới dữ liệu National Public Data (Mỹ) từng thông báo lộ, lọt 300 triệu số an sinh xã hội và các thông tin nhận dạng cá nhân khác, đã nộp đơn xin bảo hộ phá sản do làn sóng kiện tụng.
14:00 | 11/10/2024
Apple đã phát hành bản cập nhật iOS và iPadOS để giải quyết hai lỗ hổng bảo mật, một trong số đó để khắc phục lỗ hổng VoiceOver có thể làm lộ mật khẩu đã lưu của người dùng.
10:00 | 02/10/2024
Trong tháng 9, Microsoft, Adobe và SAP đã phát hành bản vá cho các sản phẩm của mình. Người dùng cần khẩn trương cài đặt bản vá để phòng tránh rủi ro mất an toàn thông tin.
Ngày 21/11, Bộ Thông tin và Truyền thông phối hợp với Hiệp hội An toàn thông tin Việt Nam (VNISA) và Cục An toàn thông tin tổ chức thành công Hội thảo - Triển lãm “Ngày An toàn thông tin Việt Nam 2024”. Công ty Mi2 đã đồng hành cùng chương trình với cương vị là Nhà tài trợ Bạc cùng Trellix mang đến những giải pháp bảo mật hệ thống thông tin trước tình hình tấn công có chủ đích APT cho các tổ chức, doanh nghiệp tại Việt Nam.
16:00 | 29/11/2024