{"id":47910,"date":"2022-08-09T21:51:15","date_gmt":"2022-08-09T21:51:15","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/"},"modified":"2022-08-09T21:51:15","modified_gmt":"2022-08-09T21:51:15","slug":"patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/","title":{"rendered":"Patch Tuesday: Yet another Microsoft RCE bug under active exploit"},"content":{"rendered":"<p>August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it&#8217;s basically a code cracker&#8217;s holiday too.&nbsp;<\/p>\n<p>Let&#8217;s start off with Microsoft&#8217;s 121 security holes, which are the most interesting of the ever-growing, second-Tuesday patch party. Plus, they include one that Redmond lists as under active attack and a second that it says is also publicly known.<\/p>\n<p>Of the 121 Microsoft bugs, 17 are considered critical. Both of the bugs listed as publicly known are ranked as &#8220;important&#8221; holes to fix. But since they pose the greatest risk to orgs, which are now basically in a race to patch versus cybercriminals, we suggest starting with these two.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>First, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-34713\" rel=\"nofollow\">CVE-2022-34713<\/a>, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) that&#8217;s under active attack. It received a 7.8 CVSS severity score and it has a low attack complexity, so it&#8217;s safe to assume other miscreants will find and exploit this hole in the near future.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>To exploit this bug, an attacker would need to trick a victim into opening a specially crafted file, likely either via a phishing email or malicious website that contains a file designed to exploit the vulnerability.<\/p>\n<p>&#8220;An attacker would have no way to force users to visit the website,&#8221; Microsoft explained. &#8220;Instead, an attacker would have to convince users to click a link.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>However, as we&#8217;ve witnessed with the recent <a href=\"https:\/\/www.theregister.com\/2022\/08\/08\/twilio_phishing_attack\/\">Twilio breach<\/a> and others, this doesn&#8217;t normally require a whole lot of convincing on the part of these wily criminals.<\/p>\n<p>After convincing users to click a malicious file, such as a Word document, the application calls MSDT using the URL protocol, and can then run arbitrary code on the victim&#8217;s machine with the&nbsp; privileges of the calling application.&nbsp;<\/p>\n<p>&#8220;The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user&#8217;s rights,&#8221; Microsoft <a href=\"https:\/\/msrc-blog.microsoft.com\/2022\/05\/30\/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability\/\" rel=\"nofollow\">noted<\/a> in a blog about an earlier MSDT flaw.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>And yes, this issue of MSDT bugs under active exploit has been an <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-30190\" rel=\"nofollow\">ongoing issue<\/a> for the software giant.<\/p>\n<p>&#8220;It&#8217;s not clear if this vulnerability is the result of a failed patch or something new,&#8221; the Zero Day Initiative&#8217;s Dustin Childs <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.zerodayinitiative.com\/blog\/2022\/8\/9\/the-august-2022-security-update-review\">noted<\/a>. &#8220;Either way, test and deploy this fix quickly.&#8221;<\/p>\n<p>The second Microsoft vulnerability listed as publicly known, tracked as <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-30134\" rel=\"nofollow\">CVE-2022-30134<\/a>, is an information disclosure bug in Microsoft Exchange. It received a 7.6 CVSS score.&nbsp;<\/p>\n<p>An exploit would require convincing a user with an affected version of Exchange Server to access a malicious server, which would then allow the attacker to read targeted email messages.<\/p>\n<p>According to Redmond, turning on Extended Protection for Exchange Server prevents this attack.<\/p>\n<p>Meanwhile two critical bugs in this month&#8217;s roundup, both remote code execution flaws in Windows Point-to-Point Protocol, received near-perfect 9.8 out of 10 severity scores. However, both <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-30133\" rel=\"nofollow\">CVE-2022-30133<\/a> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-35744\" rel=\"nofollow\">CVE-2022-35744<\/a> can only be exploited by communicating via Port 1723, according to Microsoft.<\/p>\n<p>This means blocking traffic through this port works as a temporary workaround. However,&nbsp; &#8220;disabling Port 1723 could affect communications over your network,&#8221; Redmond warned.<\/p>\n<p>There&#8217;s also a trio of critical Exchange Server escalation of privilege bugs, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21980\" rel=\"nofollow\">CVE-2022-21980<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-24516\" rel=\"nofollow\">CVE-2022-24516<\/a> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-24477\" rel=\"nofollow\">CVE-2022-24477<\/a>, that, according to Immersive Labs&#8217; Director of Cyber Threat Research Kev Breen &#8220;warrant an urgent patch&#8221; if your company runs local exchange servers.<\/p>\n<p>All three received an 8.0 CVSS score and could allow unauthenticated users to take over all of the mailboxes on the server.<\/p>\n<p>&#8220;Exchanges can be treasure troves of information, making them valuable targets for attackers,&#8221; Breen told <em>The Register<\/em>.&nbsp;<\/p>\n<p>&#8220;With CVE-2022-24477, for example, an attacker can gain initial access to a user&#8217;s host and could take over the mailboxes for all exchange users, sending and reading emails and documents,&#8221; he explained. &#8220;For attackers focused on business email compromise this kind of vulnerability can be extremely damaging.&#8221;<\/p>\n<p>Enabling Extended Protection also <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-august-2022-exchange-server-security-updates\/ba-p\/3593862\" rel=\"nofollow\">protects<\/a> against these flaws.<\/p>\n<h3 class=\"crosshead\"> <span>Adobe issues five fixes for 25 bugs<\/span><br \/>\n<\/h3>\n<p>Adobe issued five fixes for 25 vulnerabilities today that affect both Windows and macOS users.<\/p>\n<p>We&#8217;d suggest starting with the security update that address three critical and four important bugs in <a href=\"https:\/\/helpx.adobe.com\/security\/products\/acrobat\/apsb22-39.html\" rel=\"nofollow\">Acrobat and Reader<\/a>. &#8220;Successful exploitation could lead to\u202farbitrary code execution and memory leak,&#8221; the software provider warned.<\/p>\n<p>Additionally, <a href=\"https:\/\/helpx.adobe.com\/security\/products\/illustrator\/apsb22-41.html\" rel=\"nofollow\">Illustrator&#8217;s<\/a> four critical and important vulnerabilities and <a href=\"https:\/\/helpx.adobe.com\/security\/products\/framemaker\/apsb22-42.html\" rel=\"nofollow\">FrameMaker&#8217;s<\/a> six critical and important bugs could lead to arbitrary code execution and memory leak if left unpatched.<\/p>\n<p>One critical bug in <a href=\"https:\/\/helpx.adobe.com\/security\/products\/premiere_elements\/apsb22-43.html\" rel=\"nofollow\">Premiere Elements<\/a> could allow an unauthorized user to escalate privileges.<\/p>\n<p>And finally, the vendor released patches for \u202f<a href=\"https:\/\/helpx.adobe.com\/security\/products\/magento\/apsb22-38.html\" rel=\"nofollow\">Commerce and\u202fMagento Open Source<\/a> that fix seven critical, important and moderate vulnerabilities.\u202fMiscreants could use these bugs to execute arbitrary code on victims&#8217; machines, escalate privileges and bypass security features.<\/p>\n<p>According to Adobe, none of these flaws have been exploited in the wild.<\/p>\n<h3 class=\"crosshead\"> <span>Intel fixes secret-spilling CPU bug<\/span><br \/>\n<\/h3>\n<p>Intel, a more recent entrant to the second-tuesday patchapalooza, today <a href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/security-center\/default.html\" rel=\"nofollow\">released<\/a> 27 advisories to fix 59 vulnerabilities.<\/p>\n<p>One of these addresses an <a href=\"https:\/\/www.theregister.com\/2022\/08\/09\/intel_sunny_cove\/\">architectural error<\/a> in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys.&nbsp;<\/p>\n<p>Dubbed &#8220;\u00c6PIC Leak&#8221; by the six researchers who found the hardware bug, <a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-21233\" rel=\"nofollow\">CVE-2022-21233<\/a> affects the memory-mapped registers of the local Advanced Programmable Interrupt Controller (APIC), which helps the CPU handle interrupt requests from various sources to facilitate multiprocessing.<\/p>\n<p>Intel recommends that anyone using a <a href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/topic-technology\/software-security-guidance\/processors-affected-consolidated-product-cpu-model.html\" rel=\"nofollow\">buggy processor<\/a> update to the latest version firmware, and said it will soon release SGX software development kit updates, too.&nbsp;<\/p>\n<p>Additionally, chipzilla released <a href=\"https:\/\/github.com\/intel\/Intel-Linux-Processor-Microcode-Data-Files\" rel=\"nofollow\">microcode updates<\/a> for affected CPUs supported on the public github repository.<\/p>\n<h3 class=\"crosshead\"> <span>SAP updates a &#8216;hot-news&#8217; Chromium hole<\/span><br \/>\n<\/h3>\n<p>For its Security Patch Day today, SAP <a href=\"https:\/\/dam.sap.com\/mac\/app\/e\/pdf\/preview\/embed\/ucQrx6G?ltr=a&amp;rc=10\" rel=\"nofollow\">released<\/a> five new security notes and two updates to previously issued alerts.<\/p>\n<p>This includes one &#8220;hot-news&#8221; priority bug, which received a 10 out of 10 CVSS score, along with one high priority and five medium-priority fixes.<\/p>\n<p>The most pressing hot-news item is an update to an April SAP Security Note that addressed 52 Chromium fixes for SAP Business Client customers.<\/p>\n<p>Additionally, a high-priority information disclosure vulnerability tracked as <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-32245\" rel=\"nofollow\">CVE-2022-32245<\/a> in the vendor&#8217;s Business Objects Business Intelligence Platform deserves prompt patching.<\/p>\n<p>It received a CVSS score of 8.2, and relates to the Open Document web app within the BI platform. If left unpatched, it could allow an unauthenticated user to exfiltrate sensitive information in plain text over the network, according to the SAP security researchers at Onapsis.<\/p>\n<p>&#8220;This includes any data available for business users,&#8221; they <a href=\"https:\/\/onapsis.com\/blog\/sap-security-patch-day-august-2022-sap-businessobjects-focus\" rel=\"nofollow\">added<\/a>. &#8220;The vulnerability could also be exploited to put load on the application, by an automated attack, so data is transferred permanently over the network.&#8221;<\/p>\n<h3 class=\"crosshead\"> <span>Hopefully you patched this VMware bug last week<\/span><br \/>\n<\/h3>\n<p>VMware, meanwhile, <a href=\"https:\/\/www.vmware.com\/security\/advisories.html\" rel=\"nofollow\">issued<\/a> three new security updates today and <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0021.html#:~:text=2022%2D08%2D09%3A%20VMSA%2D2022%2D0021.1\" rel=\"nofollow\">warned<\/a> that a <a href=\"https:\/\/www.theregister.com\/2022\/08\/03\/vmware_critical_authentication_bypass\/\">critical authentication bypass bug<\/a> disclosed last week has since been exploited in the wild.<\/p>\n<p>As for the virtualization giant&#8217;s new updates: one addresses four &#8220;important&#8221; bugs in <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0022.html\" rel=\"nofollow\">vRealize Operations<\/a>. The most serious of these, CVE-2022-31672, which received a 7.2 CVSS score would allow a user with administrative network access to escalate privileges to root.<\/p>\n<p>Two others, CVE-2022-31674 and CVE-2022-31673, are information disclosure vulnerabilities. The fourth, CVE-2022-31675, is an authentication bypass bug.<\/p>\n<h3 class=\"crosshead\"> <span>Google fixed RCE over Bluetooth<\/span><br \/>\n<\/h3>\n<p>Finally, rounding out the August patch party, Google <a href=\"https:\/\/source.android.com\/security\/bulletin\/2022-08-01?hl=en\" rel=\"nofollow\">patched<\/a> 37 vulnerabilities affecting Android devices.<\/p>\n<p>&#8220;The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution over Bluetooth with no additional execution privileges needed,&#8221; according to the security bulletin. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2022\/08\/09\/august_patch_tuesday_microsoft\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it&#8217;s basically a code cracker&#8217;s holiday too.\u00a0\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-47910","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Patch Tuesday: Yet another Microsoft RCE bug under active exploit 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Patch Tuesday: Yet another Microsoft RCE bug under active exploit 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-09T21:51:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Patch Tuesday: Yet another Microsoft RCE bug under active exploit\",\"datePublished\":\"2022-08-09T21:51:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\\\/\"},\"wordCount\":1266,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\\\/\",\"name\":\"Patch Tuesday: Yet another Microsoft RCE bug under active exploit 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2022-08-09T21:51:15+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Patch Tuesday: Yet another Microsoft RCE bug under active exploit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Patch Tuesday: Yet another Microsoft RCE bug under active exploit 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/","og_locale":"en_US","og_type":"article","og_title":"Patch Tuesday: Yet another Microsoft RCE bug under active exploit 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-08-09T21:51:15+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Patch Tuesday: Yet another Microsoft RCE bug under active exploit","datePublished":"2022-08-09T21:51:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/"},"wordCount":1266,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/","url":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/","name":"Patch Tuesday: Yet another Microsoft RCE bug under active exploit 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2022-08-09T21:51:15+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YvN9plwmO560sTlUVDf5nQAAAIs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/patch-tuesday-yet-another-microsoft-rce-bug-under-active-exploit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Patch Tuesday: Yet another Microsoft RCE bug under active exploit"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47910","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=47910"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47910\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=47910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=47910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=47910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}