Microsoft has released June 2022 Patch Tuesday security updates, addressing 55 vulnerabilities. Three are classified as critical, 52 as important. The products covered in the May security update include Windows Hyper-V, Windows LDAP, Windows Network File System, Visual Studio, Azure OMI, Azure Real-Time Operating System, Azure Service Fabric Container, Intel, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Windows ALPC, Microsoft Windows Codecs Library, Remote Volume Shadow Copy Service (RVSS), etc.
The Microsoft Windows Support Diagnostic Tool (CVE-2022-30190) vulnerability has been exploited in the wild as a zero-day.
Zero-day Vulnerability Fixed
CVE-2022-30190 – Microsoft Windows Support Diagnostic Tool Remote Code Execution Vulnerability. This flaw exists when MSDT is called using the URL protocol from a calling application such as Word. Successful exploitation will allow an attacker to run arbitrary code with the privileges of the calling application. After exploitation, the attacker can install programs, view, change, delete data, or create new accounts in the context of the user’s rights.
Critical Vulnerabilities Fixed
In the June 2022 Patch Tuesday update these critical vulnerabilities were fixed:
CVE-2022-30136 – Windows Network File System Remote Code Execution Vulnerability. An unauthenticated attacker can exploit this flaw by using a specially crafted call to an NFS service. This flaw has received a CVSSv3 score of 9.8. The NFS versions 2.0 and 3.0 are not affected by this flaw. To mitigate the flaw, administrators can disable NFS version 4.1. Microsoft warns that you should not disable NFSv4.1 unless you have installed the May 2022 Windows security updates. Disabling it could have adverse impacts, so organizations should carefully consider this step before adopting it.
CVE-2022-30139 – Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This flaw exists only if the LDAP policy “MaxReceiveBuffer” is configured to a maximum number of threads LDAP requests can contain per processor than the default value. Systems which are having the default value for the policy are not affected.
Microsoft Security Bulletin Summary for June 2022
- .NET and Visual Studio
- Azure OMI
- Azure Real-Time Operating System
- Azure Service Fabric Container
- Intel
- Microsoft Edge (Chromium-based)
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Windows ALPC
- Microsoft Windows Codecs Library
- Remote Volume Shadow Copy Service (RVSS)
- Role: Windows Hyper-V
- SQL Server
- Windows Ancillary Function Driver for WinSock
- Windows App Store
- Windows Autopilot
- Windows Container Isolation FS Filter Driver
- Windows Container Manager Service
- Windows Defender
- Windows Encrypting File System (EFS)
- Windows File History Service
- Windows Installer
- Windows iSCSI
- Windows Kerberos
- Windows Kernel
- Windows LDAP – Lightweight Directory Access Protocol
- Windows Local Security Authority Subsystem Service
- Windows Media
- Windows Network Address Translation (NAT)
- Windows Network File System
- Windows PowerShell
- Windows SMB
Product: Microsoft Windows
CVEs/Advisory: CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166, CVE-2022-22018, CVE-2022-29111, CVE-2022-29119, CVE-2022-30131, CVE-2022-30132, CVE-2022-30135, CVE-2022-30136, CVE-2022-30139, CVE-2022-30140, CVE-2022-30141, CVE-2022-30142, CVE-2022-30143, CVE-2022-30145, CVE-2022-30146, CVE-2022-30147, CVE-2022-30148, CVE-2022-30149, CVE-2022-30150, CVE-2022-30151, CVE-2022-30152, CVE-2022-30153, CVE-2022-30154, CVE-2022-30155, CVE-2022-30160, CVE-2022-30161, CVE-2022-30162, CVE-2022-30163, CVE-2022-30164, CVE-2022-30165, CVE-2022-30166, CVE-2022-30167, CVE-2022-30188, CVE-2022-30189, CVE-2022-30193, CVE-2022-32230
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
KBs: 5013941, 5013942, 5013943, 5013945, 5014677, 5014678, 5014692, 5014697, 5014699, 5014702, 5014710, 5014738, 5014741, 5014746, 5014747
Product: Microsoft Edge (Chromium-based)
CVEs/Advisory: CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-2022-2011, CVE-2022-22021
Impact: Remote Code Execution
Product: Microsoft Office
CVEs/Advisory: CVE-2022-30157, CVE-2022-30158, CVE-2022-30159, CVE-2022-30171, CVE-2022-30172, CVE-2022-30173, CVE-2022-30174
Impact: Information Disclosure, Remote Code Execution
KBs: 5002062, 5002167, 5002208, 5002210, 5002212, 5002214, 5002218, 5002219, 5002220, 5002222, 5002224
Product: Microsoft SQL Server
CVEs/Advisory: CVE-2022-29143
Impact: Remote Code Execution
KBs: 5014164, 5014165, 5014351, 5014353, 5014354, 5014355, 5014356, 5014365, 5014553, 5015371
Product: Microsoft Visual Studio
CVEs/Advisory: CVE-2022-30184
Impact: Information Disclosure
Product: Microsoft Azure OMI
CVEs/Advisory: CVE-2022-29149
Impact: Elevation of Privilege
SanerNow VM and SanerNow PM detect and automatically fix these vulnerabilities by applying security updates. Use SanerNow and keep your systems updated and secure.