Microsoft has released June 2022 Patch Tuesday security updates, addressing 55 vulnerabilities. Three are classified as critical, and 52 as important. Additionally, the products covered in the May security update include Windows Hyper-V, Windows LDAP, Windows Network File System, Visual Studio, Azure OMI, Azure Real-Time Operating System, Azure Service Fabric Container, Intel, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Windows ALPC, Microsoft Windows Codecs Library, Remote Volume Shadow Copy Service (RVSS), etc. This can be done efficiently by using a good Patch Management Software.
Additionally, the Microsoft Windows Support Diagnostic Tool (CVE-2022-30190) vulnerability has been exploited in the wild as a zero-day.
Zero-day Vulnerability Fixed in Microsoft June 2022 Patch Tuesday
CVE-2022-30190 – Microsoft Windows Support Diagnostic Tool Remote Code Execution Vulnerability. This flaw exists when MSDT uses the URL protocol from a calling application such as Word. However successful exploitation will allow an attacker to run arbitrary code with the privileges of the calling application. However, after exploitation, the attacker can install programs, view, change, delete data, or create new accounts in the context of the user’s rights. To prevent such exploitations, a sound patch management tool can be of great help.
Critical Vulnerabilities Fixed
In the Microsoft June 2022 Patch Tuesday update these critical vulnerabilities were fixed:
CVE-2022-30136 – Windows Network File System Remote Code Execution Vulnerability. An unauthenticated attacker can exploit this flaw by using a specially crafted call to an NFS service. However, This flaw has received a CVSSv3 score of 9.8. Moreover, The NFS versions 2.0 and 3.0 are not affected by this flaw. In fact, to mitigate the flaw, administrators can disable NFS version 4.1. Microsoft warns you should not disable NFSv4.1 unless you have installed the May 2022 Windows security updates. Disabling it could have adverse impacts, so organizations should carefully consider this step before adopting it.
CVE-2022-30139 – Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This flaw exists only if the LDAP policy “MaxReceiveBuffer” is configured to a maximum number of threads LDAP requests can contain per processor than the default value. Therefore, systems which are having the default value for the policy are not affected.
Microsoft June 2022 Security Bulletin Summary
- .NET and Visual Studio
- Azure OMI
- Azure Real-Time Operating System
- Azure Service Fabric Container
- Intel
- Microsoft Edge (Chromium-based)
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Windows ALPC
- Microsoft Windows Codecs Library
- Remote Volume Shadow Copy Service (RVSS)
- Role: Windows Hyper-V
- SQL Server
- Windows Ancillary Function Driver for WinSock
- Windows App Store
- Windows Autopilot
- Windows Container Isolation FS Filter Driver
- Windows Container Manager Service
- Windows Defender
- Windows Encrypting File System (EFS)
- Windows File History Service
- Windows Installer
- Windows iSCSI
- Windows Kerberos
- Windows Kernel
- Windows LDAP – Lightweight Directory Access Protocol
- Windows Local Security Authority Subsystem Service
- Windows Media
- Windows Network Address Translation (NAT)
- Windows Network File System
- Windows PowerShell
- Windows SMB
1.Product: Microsoft Windows
CVEs/Advisory: CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166, CVE-2022-22018, CVE-2022-29111, CVE-2022-29119, CVE-2022-30131, CVE-2022-30132, CVE-2022-30135, CVE-2022-30136, CVE-2022-30139, CVE-2022-30140, CVE-2022-30141, CVE-2022-30142, CVE-2022-30143, CVE-2022-30145, CVE-2022-30146, CVE-2022-30147, CVE-2022-30148, CVE-2022-30149, CVE-2022-30150, CVE-2022-30151, CVE-2022-30152, CVE-2022-30153, CVE-2022-30154, CVE-2022-30155, CVE-2022-30160, CVE-2022-30161, CVE-2022-30162, CVE-2022-30163, CVE-2022-30164, CVE-2022-30165, CVE-2022-30166, CVE-2022-30167, CVE-2022-30188, CVE-2022-30189, CVE-2022-30193, CVE-2022-32230
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass and then Spoofing
KBs: 5013941, 5013942, 5013943, 5013945, 5014677, 5014678, 5014692, 5014697, 5014699, 5014702, 5014710, 5014738, 5014741, 5014746, 5014747
2.Product: Microsoft Edge (Chromium-based)
CVEs/Advisory: CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-2022-2011, CVE-2022-22021
Impact: Remote Code Execution
3.Product: Microsoft Office
CVEs/Advisory: CVE-2022-30157, CVE-2022-30158, CVE-2022-30159, CVE-2022-30171, CVE-2022-30172, CVE-2022-30173, CVE-2022-30174
Impact: Information Disclosure and then Remote Code Execution
KBs: 5002062, 5002167, 5002208, 5002210, 5002212, 5002214, 5002218, 5002219, 5002220, 5002222, 5002224
4.Product: Microsoft SQL Server
CVEs/Advisory: CVE-2022-29143
Impact: Remote Code Execution
KBs: 5014164, 5014165, 5014351, 5014353, 5014354, 5014355, 5014356, 5014365, 5014553, 5015371
5.Product: Microsoft Visual Studio
CVEs/Advisory: CVE-2022-30184
Impact: Information Disclosure
6.Product: Microsoft Azure OMI
CVEs/Advisory: CVE-2022-29149
Impact: Elevation of Privilege
However, SanerNow VM and SanerNow PM detect and automatically fix these vulnerabilities by applying security updates. Furthermore, use SanerNow and keep your systems updated and secure.