Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Microsoft June 2022 Patch Tuesday Fixes 1 zero-day, 55 Flaws

Microsoft June 2022 Patch Tuesday Fixes 1 zero-day, 55 Flaws

Today is Microsoft’s June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT ‘Follina’ zero-day vulnerability and new Intel MMIO flaws.

Of the 55 vulnerabilities fixed in today’s update, three are classified as ‘Critical’ as they allow remote code execution, with the rest classified as Important. This does not include 5 Microsoft Edge Chromium updates that were released earlier this week.

Also Read: Digging deep: The Cybersecurity Act of Singapore

The number of bugs in each vulnerability category is listed below:

  • 12 Elevation of Privilege Vulnerabilities
  • 1 Security Feature Bypass Vulnerabilities
  • 27 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 3 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability

For information about the non-security Windows updates, you can read about today’s Windows 10 KB5013942 and KB5013945 updates and the Windows 11 KB5014697 update.

Follina zero-day fixed

Microsoft has fixed the widely-exploited Windows Follina MSDT zero-day vulnerability tracked as CVE-2022-30190 in the June 2022 Updates.

Last month, a new Windows zero-day vulnerability was discovered in attacks that executed malicious PowerShell commands via the Windows Microsoft Diagnostic Tool (MSDT).

At the time, this vulnerability bypassed all security protections, including Microsoft Office’s Protected View, and executed the PowerShell scripts just by opening a Word document.

Soon after, threat actors began utilizing it in widespread phishing attacks that distributed QBot, targeted US government agencies, and targeted Ukrainian media organizations.

While Microsoft released mitigations for the vulnerability, they would not say if they would patch it.

Today, Microsoft released a security update for the Windows MSDT vulnerability, and it is included in the June 2022 cumulative updates or in a standalone security update for Windows Server.

Also Read: December 2021 PDPC Incidents and Undertaking: Lessons from the Cases

Recent updates from other companies

Other vendors who released updates in June 2022 include:

The June 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the June 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2022-30184.NET and Visual Studio Information Disclosure VulnerabilityImportant
Azure OMICVE-2022-29149Azure Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-30179Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-30178Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-30180Azure RTOS GUIX Studio Information Disclosure VulnerabilityImportant
Azure Real Time Operating SystemCVE-2022-30177Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure Service Fabric ContainerCVE-2022-30137Azure Service Fabric Container Elevation of Privilege VulnerabilityImportant
IntelCVE-2022-21127Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update)Important
IntelADV220002Microsoft Guidance on Intel Processor MMIO Stale Data VulnerabilitiesUnknown
IntelCVE-2022-21123Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR)Important
IntelCVE-2022-21125Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS)Important
IntelCVE-2022-21166Intel: CVE-2022-21166 Device Register Partial Write (DRPW)Important
Microsoft Edge (Chromium-based)CVE-2022-2011Chromium: CVE-2022-2011 Use after free in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2022-2010Chromium: CVE-2022-2010 Out of bounds read in compositingUnknown
Microsoft Edge (Chromium-based)CVE-2022-2008Chromium: CVE-2022-2008 Out of bounds memory access in WebGLUnknown
Microsoft Edge (Chromium-based)CVE-2022-2007Chromium: CVE-2022-2007 Use after free in WebGPUUnknown
Microsoft Edge (Chromium-based)CVE-2022-22021Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate
Microsoft OfficeCVE-2022-30159Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-30171Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-30172Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-30174Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2022-30173Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-30158Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-30157Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Windows ALPCCVE-2022-30160Windows Advanced Local Procedure Call Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-29119HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-30188HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-30167AV1 Video Extension Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-30193AV1 Video Extension Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-29111HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-22018HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Remote Volume Shadow Copy Service (RVSS)CVE-2022-30154Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-30163Windows Hyper-V Remote Code Execution VulnerabilityCritical
SQL ServerCVE-2022-29143Microsoft SQL Server Remote Code Execution VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2022-30151Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows App StoreCVE-2022-30168Microsoft Photos App Remote Code Execution VulnerabilityImportant
Windows AutopilotCVE-2022-30189Windows Autopilot Device Management and Enrollment Client Spoofing VulnerabilityImportant
Windows Container Isolation FS Filter DriverCVE-2022-30131Windows Container Isolation FS Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Container Manager ServiceCVE-2022-30132Windows Container Manager Service Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2022-30150Windows Defender Remote Credential Guard Elevation of Privilege VulnerabilityImportant
Windows Encrypting File System (EFS)CVE-2022-30145Windows Encrypting File System (EFS) Remote Code Execution VulnerabilityImportant
Windows File History ServiceCVE-2022-30142Windows File History Remote Code Execution VulnerabilityImportant
Windows InstallerCVE-2022-30147Windows Installer Elevation of Privilege VulnerabilityImportant
Windows iSCSICVE-2022-30140Windows iSCSI Discovery Service Remote Code Execution VulnerabilityImportant
Windows KerberosCVE-2022-30164Kerberos AppContainer Security Feature Bypass VulnerabilityImportant
Windows KerberosCVE-2022-30165Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-30162Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2022-30155Windows Kernel Denial of Service VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30143Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30161Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30141Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30153Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30139Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30149Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30146Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
Windows Local Security Authority Subsystem ServiceCVE-2022-30166Local Security Authority Subsystem Service Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2022-30135Windows Media Center Elevation of Privilege VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2022-30152Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows Network File SystemCVE-2022-30136Windows Network File System Remote Code Execution VulnerabilityCritical
Windows PowerShellCVE-2022-30148Windows Desired State Configuration (DSC) Information Disclosure VulnerabilityImportant
Windows SMBCVE-2022-32230Windows SMB Denial of Service VulnerabilityImportant

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us