Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Microsoft June 2022 Patch Tuesday - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft June 2022 Patch Tuesday

This month we got patches for 60 vulnerabilities. Of these, 3 are critical, none previously disclosed, and none being exploited according to Microsoft.

The highest CVSS this month (9.8) is associated with a Remote Code Execution (RCE) vulnerability affecting Windows Network File System (CVE-2022-30136). This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. According to the advisory, disabling NFSV4.1 mitigates the vulnerability. The exploitability for this vulnerability is ‘More Likely’. Interestingly, last month (May/2022) we had a similar CVE affecting NFS (CVE-2022-26937) which, on the contrary, affected versions NFSV2.0 and NFSV3.0 and not NFSV4.1.

A second critical vulnerability worth mentioning is an RCE on Windows Hyper-V (CVE-2022-30163). According to the advisory, “to exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code”. The attack complexity is high. The CVSS score for this vulnerability is 8.5.

Although Follina's vulnerability CVE is not listed in June 2022 Patch Tuesday, the vulnerability advisory (CVE-2022-30190recommends installing the June updates as soon as possible to fix the 0-day. Official Microsoft Guidance on CVE-2022-30190 is available at Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability – Microsoft Security Response Center.

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com.

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET and Visual Studio Information Disclosure Vulnerability
CVE-2022-30184 No No Less Likely Less Likely Important 5.5 5.0
AV1 Video Extension Remote Code Execution Vulnerability
CVE-2022-30167 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-30193 No No Less Likely Less Likely Important 7.8 6.8
Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2022-29149 No No Less Likely Less Likely Important 7.8 7.0
Azure RTOS GUIX Studio Information Disclosure Vulnerability
CVE-2022-30180 No No Less Likely Less Likely Important 7.8 7.0
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CVE-2022-30177 No No Less Likely Less Likely Important 7.8 7.0
CVE-2022-30178 No No Less Likely Less Likely Important 7.8 7.0
CVE-2022-30179 No No Less Likely Less Likely Important 7.8 7.0
Azure Service Fabric Container Elevation of Privilege Vulnerability
CVE-2022-30137 No No Less Likely Less Likely Important 6.7 6.0
Chromium: CVE-2022-2007 Use after free in WebGPU
CVE-2022-2007 No No - - -    
Chromium: CVE-2022-2008 Out of bounds memory access in WebGL
CVE-2022-2008 No No - - -    
Chromium: CVE-2022-2010 Out of bounds read in compositing
CVE-2022-2010 No No - - -    
Chromium: CVE-2022-2011 Use after free in ANGLE
CVE-2022-2011 No No - - -    
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2022-29111 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-22018 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-30188 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-29119 No No Less Likely Less Likely Important 7.8 6.8
Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR)
CVE-2022-21123 No No Less Likely Less Likely Important    
Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS)
CVE-2022-21125 No No Less Likely Less Likely Important    
Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update)
CVE-2022-21127 No No Less Likely Less Likely Important    
Intel: CVE-2022-21166 Device Register Partial Write (DRPW)
CVE-2022-21166 No No Less Likely Less Likely Important    
Kerberos AppContainer Security Feature Bypass Vulnerability
CVE-2022-30164 No No Less Likely Less Likely Important 8.4 7.3
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2022-30166 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2022-22021 No No Less Likely Less Likely Moderate 8.3 7.2
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-30173 No No Unlikely Unlikely Important 7.8 6.8
Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability
CVE-2022-30154 No No Less Likely Less Likely Important 5.3 4.6
Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities
ADV220002 No No Less Likely Less Likely      
Microsoft Office Information Disclosure Vulnerability
CVE-2022-30159 No No Less Likely Less Likely Important 5.5 4.8
CVE-2022-30171 No No Less Likely Less Likely Important 5.5 4.8
CVE-2022-30172 No No Less Likely Less Likely Important 5.5 4.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2022-30174 No No Less Likely Less Likely Important 7.4 6.4
Microsoft Photos App Remote Code Execution Vulnerability
CVE-2022-30168 No No Less Likely Less Likely Important 7.8 6.8
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2022-29143 No No Less Likely Less Likely Important 7.5 6.5
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-30157 No No Less Likely Less Likely Important 8.8 7.7
CVE-2022-30158 No No Unlikely Unlikely Important 8.8 7.7
Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
CVE-2022-30160 No No More Likely More Likely Important 7.8 6.8
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2022-30151 No No Less Likely Less Likely Important 7.0 6.1
Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability
CVE-2022-30189 No No Less Likely Less Likely Important 6.5 5.9
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
CVE-2022-30131 No No Less Likely Less Likely Important 7.8 6.8
Windows Container Manager Service Elevation of Privilege Vulnerability
CVE-2022-30132 No No Less Likely Less Likely Important 7.8 6.8
Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability
CVE-2022-30150 No No Less Likely Less Likely Important 7.5 6.5
Windows Desired State Configuration (DSC) Information Disclosure Vulnerability
CVE-2022-30148 No No Less Likely Less Likely Important 5.5 4.8
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
CVE-2022-30145 No No Less Likely Less Likely Important 7.5 6.5
Windows File History Remote Code Execution Vulnerability
CVE-2022-30142 No No Less Likely Less Likely Important 7.1 6.2
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-30163 No No Less Likely Less Likely Critical 8.5 7.4
Windows Installer Elevation of Privilege Vulnerability
CVE-2022-30147 No No More Likely More Likely Important 7.8 6.8
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-30165 No No Less Likely Less Likely Important 8.8 7.7
Windows Kernel Denial of Service Vulnerability
CVE-2022-30155 No No Less Likely Less Likely Important 5.5 4.8
Windows Kernel Information Disclosure Vulnerability
CVE-2022-30162 No No Less Likely Less Likely Important 5.5 4.8
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2022-30141 No No Less Likely Less Likely Important 8.1 7.1
CVE-2022-30143 No No Less Likely Less Likely Important 7.5 6.5
CVE-2022-30149 No No Less Likely Less Likely Important 7.5 6.5
CVE-2022-30153 No No Less Likely Less Likely Important 8.8 7.7
CVE-2022-30161 No No Less Likely Less Likely Important 8.8 7.7
CVE-2022-30139 No No Less Likely Less Likely Critical 7.5 6.5
CVE-2022-30146 No No Less Likely Less Likely Important 7.5 6.5
Windows Media Center Elevation of Privilege Vulnerability
CVE-2022-30135 No No Less Likely Less Likely Important 7.8 6.9
Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2022-30152 No No Less Likely Less Likely Important 7.5 6.5
Windows Network File System Remote Code Execution Vulnerability
CVE-2022-30136 No No More Likely More Likely Critical 9.8 8.5
Windows SMB Denial of Service Vulnerability
CVE-2022-32230 No No Less Likely Less Likely Important    
Windows iSCSI Discovery Service Remote Code Execution Vulnerability
CVE-2022-30140 No No Less Likely Less Likely Important 7.1 6.2

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Renato

84 Posts
ISC Handler
Jun 14th 2022
Looks like Microsoft did get it in the rollup today. Thanks for all the hard work you do. Cheers! https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
Anonymous

Sign Up for Free or Log In to start participating in the conversation!