Coming Soon...

Q-CERT website is currently under maintenance. We should be back shortly. Thank you for yor patience.

Microsoft Patch Tuesday-June 2022

Issued: Wednesday, 15 June, 2022	Last Revision: Wednesday, 15 June, 2022
Vendor: Microsoft	Product: Multiple products
	Severity Level: High

Summary:

Microsoft has released patches for 55 vulnerabilities with three classified as critical, one moderate, and rest are classified as important. In this updates, Microsoft addressed the widely exploited Windows Follina MSDT zero-day vulnerability (CVE-2022-30190) made public in May 22. Other than this, there is no known exploit.

In June 2022 Microsoft has fixed problems of Privilege Elevation, Security Feature Bypass, Remote Code Execution, Information Disclosure, Denial of Service, Out-of-bounds memory access and Spoofing Vulnerability.

Products patched in this month security update includes- Windows operating system, Microsoft Office, Hyper-V Server, Azure, and Windows.

CVE/Vulnerability	Description	CVSS3.0 Score
CVE-2022-30136	Windows Network File System Remote Code Execution Vulnerability	9.8
CVE-2022-30139	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	7.5
CVE-2022-30141	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.1
CVE-2022-30143	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	7.5
CVE-2022-30146	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	7.5
CVE-2022-30149	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	7.5
CVE-2022-30153	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.8
CVE-2022-30157	Microsoft SharePoint Server Remote Code Execution Vulnerability	8.8
CVE-2022-30161	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	8.8
CVE-2022-30163	Windows Hyper-V Remote Code Execution Vulnerability	8.5
CVE-2022-30164	Kerberos AppContainer Security Feature Bypass Vulnerability	8.4
CVE-2022-30165	Windows Kerberos Elevation of Privilege Vulnerability	8.8
CVE-2022-30190	Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability	7.8

Table 1: Vulnerability details

Update Types

Affected Product(s)

Security Updates

.NET and Visual Studio

Azure OMI

Azure Real Time Operating System

Azure Service Fabric Container

Intel

Microsoft Edge (Chromium-based)

Microsoft Office

Microsoft Office Excel

Microsoft Office SharePoint

Microsoft Windows ALPC

Microsoft Windows Codecs Library

Remote Volume Shadow Copy Service (RVSS)

Role: Windows Hyper-V

SQL Server

Windows Ancillary Function Driver for WinSock

Windows App Store

Windows Autopilot

Windows Container Isolation FS Filter Driver

Windows Container Manager Service

Windows Defender

Windows Encrypting File System (EFS)

Windows File History Service

Windows Installer

Windows iSCSI

Windows Kerberos

Windows Kernel

Windows LDAP - Lightweight Directory Access Protocol

Windows Local Security Authority Subsystem Service

Windows Media

Windows Network Address Translation (NAT)

Windows Network File System

Windows PowerShell

Windows SMB

Table 2: Vulnerable versions

Recommendation:

Microsoft has released patches to address these vulnerabilities, organizations are encouraged to apply patches as soon as possible.

Please refer to "REFRENCES" to explore more about vulnerabilities included in “Table 1: Vulnerability details”.

References:

Security Update Guide

Windows Network File System Remote Code Execution Vulnerability CVE-2022-30136

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability CVE-2022-30139

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability CVE-2022-30141

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability CVE-2022-30143

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability CVE-2022-30146

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability CVE-2022-30149

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability CVE-2022-30153

Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2022-30157

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability CVE-2022-30161

Windows Hyper-V Remote Code Execution Vulnerability CVE-2022-30163

Kerberos AppContainer Security Feature Bypass Vulnerability CVE-2022-30164

Windows Kerberos Elevation of Privilege Vulnerability CVE-2022-30165

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability CVE-2022-30190

Microsoft June 2022 Patch Tuesday: 55 fixes, remote code execution in abundance