Today is Microsoft’s June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT ‘Follina’ zero-day vulnerability and new Intel MMIO flaws.
Of the 55 vulnerabilities fixed in today’s update, three are classified as ‘Critical’ as they allow remote code execution, with the rest classified as Important. This does not include 5 Microsoft Edge Chromium updates that were released earlier this week.
Also Read: Digging deep: The Cybersecurity Act of Singapore
The number of bugs in each vulnerability category is listed below:
For information about the non-security Windows updates, you can read about today’s Windows 10 KB5013942 and KB5013945 updates and the Windows 11 KB5014697 update.
Microsoft has fixed the widely-exploited Windows Follina MSDT zero-day vulnerability tracked as CVE-2022-30190 in the June 2022 Updates.
Last month, a new Windows zero-day vulnerability was discovered in attacks that executed malicious PowerShell commands via the Windows Microsoft Diagnostic Tool (MSDT).
At the time, this vulnerability bypassed all security protections, including Microsoft Office’s Protected View, and executed the PowerShell scripts just by opening a Word document.
Soon after, threat actors began utilizing it in widespread phishing attacks that distributed QBot, targeted US government agencies, and targeted Ukrainian media organizations.
While Microsoft released mitigations for the vulnerability, they would not say if they would patch it.
Today, Microsoft released a security update for the Windows MSDT vulnerability, and it is included in the June 2022 cumulative updates or in a standalone security update for Windows Server.
Also Read: December 2021 PDPC Incidents and Undertaking: Lessons from the Cases
Other vendors who released updates in June 2022 include:
Below is the complete list of resolved vulnerabilities and released advisories in the June 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visual Studio | CVE-2022-30184 | .NET and Visual Studio Information Disclosure Vulnerability | Important |
| Azure OMI | CVE-2022-29149 | Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-30179 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-30178 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-30180 | Azure RTOS GUIX Studio Information Disclosure Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-30177 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
| Azure Service Fabric Container | CVE-2022-30137 | Azure Service Fabric Container Elevation of Privilege Vulnerability | Important |
| Intel | CVE-2022-21127 | Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) | Important |
| Intel | ADV220002 | Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities | Unknown |
| Intel | CVE-2022-21123 | Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) | Important |
| Intel | CVE-2022-21125 | Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) | Important |
| Intel | CVE-2022-21166 | Intel: CVE-2022-21166 Device Register Partial Write (DRPW) | Important |
| Microsoft Edge (Chromium-based) | CVE-2022-2011 | Chromium: CVE-2022-2011 Use after free in ANGLE | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2010 | Chromium: CVE-2022-2010 Out of bounds read in compositing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2008 | Chromium: CVE-2022-2008 Out of bounds memory access in WebGL | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2007 | Chromium: CVE-2022-2007 Use after free in WebGPU | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-22021 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Moderate |
| Microsoft Office | CVE-2022-30159 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2022-30171 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2022-30172 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2022-30174 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2022-30173 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2022-30158 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2022-30157 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows ALPC | CVE-2022-30160 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-29119 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-30188 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-30167 | AV1 Video Extension Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-30193 | AV1 Video Extension Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-29111 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-22018 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Remote Volume Shadow Copy Service (RVSS) | CVE-2022-30154 | Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2022-30163 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| SQL Server | CVE-2022-29143 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2022-30151 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows App Store | CVE-2022-30168 | Microsoft Photos App Remote Code Execution Vulnerability | Important |
| Windows Autopilot | CVE-2022-30189 | Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability | Important |
| Windows Container Isolation FS Filter Driver | CVE-2022-30131 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Container Manager Service | CVE-2022-30132 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
| Windows Defender | CVE-2022-30150 | Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability | Important |
| Windows Encrypting File System (EFS) | CVE-2022-30145 | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | Important |
| Windows File History Service | CVE-2022-30142 | Windows File History Remote Code Execution Vulnerability | Important |
| Windows Installer | CVE-2022-30147 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows iSCSI | CVE-2022-30140 | Windows iSCSI Discovery Service Remote Code Execution Vulnerability | Important |
| Windows Kerberos | CVE-2022-30164 | Kerberos AppContainer Security Feature Bypass Vulnerability | Important |
| Windows Kerberos | CVE-2022-30165 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-30162 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2022-30155 | Windows Kernel Denial of Service Vulnerability | Important |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-30143 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-30161 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-30141 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-30153 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-30139 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-30149 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-30146 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows Local Security Authority Subsystem Service | CVE-2022-30166 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2022-30135 | Windows Media Center Elevation of Privilege Vulnerability | Important |
| Windows Network Address Translation (NAT) | CVE-2022-30152 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
| Windows Network File System | CVE-2022-30136 | Windows Network File System Remote Code Execution Vulnerability | Critical |
| Windows PowerShell | CVE-2022-30148 | Windows Desired State Configuration (DSC) Information Disclosure Vulnerability | Important |
| Windows SMB | CVE-2022-32230 | Windows SMB Denial of Service Vulnerability | Important |
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.
