www.belgium.be Logo of the federal government

Warning: Microsoft Patch Tuesday June 2022 patches 55 vulnerabilities (3 critical, 52 important)

Referentie: 
Advisory #2022-018
Versie: 
1.0
Geïmpacteerde software: 
.NET and Visual Studio
Windows LDAP - Lightweight Directory Access Protocol
Azure Real Time Operating System
Azure Service Fabric Container
Windows Hyper-V hypervisor
Intel
Microsoft Office (Excel, SharePoint)
Microsoft Windows ALPC
Remote Volume Shadow Copy Service (RVSS)
SQL Server
Windows Defender
Azure OMI
Windows PowerShell
Windows Network File System
For more exhaustive information consult the release notes on: https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun
Type: 
Several types, ranging from spoofing to privilege escalation and remote code execution.
CVE/CVSS: 

Microsoft patched 55 CVEs in its June 2022 Patch Tuesday release, 3 rated as critical and 52 rated as important.

Number of CVE's per type

  • Remote Code Execution: 27
  • Elevation of Privileges: 12
  • Denial of Service: 3
  • Spoofing: 1
  • Information Disclosure: 11
  • Security Feature Bypass: 1

Remark: MS Patch Tuesday contains a patch for CVE-2022-30190 (A.K.A) Follina. Threat actors are actively exploiting Follina.

Datum: 
15/06/2022

Bronnen

https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun

Risico’s

This month’s Patch Tuesday includes 3 critical and 53 important vulnerabilities for a wide range of Microsoft products, impacting Microsoft Server and Workstations.

Remark: The Patch tuesday contains a patch for CVE-2022-30190 (A.K.A) Follina. Threat actors are actively exploiting Follina.

The CCB recommends installing the updates to be fully protected from the vulnerability.

Beschrijving

CVE-2022-30190 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution

This vulnerability would allow a remote unauthenticated attacker to execute arbitrary code with the privileges of the current user. An attacker can chain other exploits to gain higher privileges. The attack can be successful without opening the malicious file. Previewing the file is sufficient.

This vulnerability is actively exploited in the wild with malware varying from Ransomware, Banking Trojans and Backdoors.

The CCB recommends to prioritise testing and to deploy this fix with high priority to be fully protected from the vulnerability.

CVE-2022-30136 - Windows Network File System Remote Code Execution Vulnerability


This vulnerability could allow a remote attacker to execute privileged code on affected systems running NFS. Organisations running NFS should prioritize testing and deploying this fix.

CVE-2022-24436 - Hertzbleed

Hertzbleed is a type of side-channel attack that takes advantage of dynamic frequency scaling affecting a variety of CPU's including Intel CPU's and AMD's desktop, mobile and server chips.

A successful attack can allow an attacker to extract cryptographic keys from remote servers.

CVE-2022-30147 - Windows Installer elevation of privilege vulnerability

Microsoft marked this bug as more likely to be exploited. This type of vulnerability is often leveraged during a cyber attack.

CVE-2022-30148 - Windows Desired State Configuration (DSC) Information Disclosure

An attacker could use this to recover plaintext passwords and usernames from log files. Attackers can leverage this vulnerability to move laterally within a network.

Organisations using DSC, should prioritize testing and deploying this fix.

Aanbevolen acties

The CCB recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Referenties

https://www.zerodayinitiative.com/blog/2022/6/14/the-june-2022-security-update-review
https://www.theregister.com/2022/06/15/microsoft_patch_tuesday/