Today is Microsoft's June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT 'Follina' zero-day vulnerability and new Intel MMIO flaws.
Of the 55 vulnerabilities fixed in today's update, three are classified as 'Critical' as they allow remote code execution, with the rest classified as Important. This does not include 5 Microsoft Edge Chromium updates that were released earlier this week.
The number of bugs in each vulnerability category is listed below:
- 12 Elevation of Privilege Vulnerabilities
- 1 Security Feature Bypass Vulnerabilities
- 27 Remote Code Execution Vulnerabilities
- 11 Information Disclosure Vulnerabilities
- 3 Denial of Service Vulnerabilities
- 1 Spoofing Vulnerability
For information about the non-security Windows updates, you can read about today's Windows 10 KB5013942 and KB5013945 updates and the Windows 11 KB5014697 update.
Follina zero-day fixed
Microsoft has fixed the widely-exploited Windows Follina MSDT zero-day vulnerability tracked as CVE-2022-30190 in the June 2022 Updates.
Last month, a new Windows zero-day vulnerability was discovered in attacks that executed malicious PowerShell commands via the Windows Microsoft Diagnostic Tool (MSDT).
At the time, this vulnerability bypassed all security protections, including Microsoft Office's Protected View, and executed the PowerShell scripts just by opening a Word document.
Soon after, threat actors began utilizing it in widespread phishing attacks that distributed QBot, targeted US government agencies, and targeted Ukrainian media organizations.
While Microsoft released mitigations for the vulnerability, they would not say if they would patch it.
Today, Microsoft released a security update for the Windows MSDT vulnerability, and it is included in the June 2022 cumulative updates or in a standalone security update for Windows Server.
Recent updates from other companies
Other vendors who released updates in June 2022 include:
- Atlassian released a patch for the widely exploited Confluence RCE vulnerability tracked as CVE-2022-26134.
- GitLab released a security update for the CVE-2022-1680 vulnerability.
- Google released Android's June security updates, as well as updates for Chrome.
- Cisco released security updates for numerous products this month.
The June 2022 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities and released advisories in the June 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visual Studio | CVE-2022-30184 | .NET and Visual Studio Information Disclosure Vulnerability | Important |
| Azure OMI | CVE-2022-29149 | Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-30179 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-30178 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-30180 | Azure RTOS GUIX Studio Information Disclosure Vulnerability | Important |
| Azure Real Time Operating System | CVE-2022-30177 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
| Azure Service Fabric Container | CVE-2022-30137 | Azure Service Fabric Container Elevation of Privilege Vulnerability | Important |
| Intel | CVE-2022-21127 | Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) | Important |
| Intel | ADV220002 | Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities | Unknown |
| Intel | CVE-2022-21123 | Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) | Important |
| Intel | CVE-2022-21125 | Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) | Important |
| Intel | CVE-2022-21166 | Intel: CVE-2022-21166 Device Register Partial Write (DRPW) | Important |
| Microsoft Edge (Chromium-based) | CVE-2022-2011 | Chromium: CVE-2022-2011 Use after free in ANGLE | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2010 | Chromium: CVE-2022-2010 Out of bounds read in compositing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2008 | Chromium: CVE-2022-2008 Out of bounds memory access in WebGL | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-2007 | Chromium: CVE-2022-2007 Use after free in WebGPU | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-22021 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Moderate |
| Microsoft Office | CVE-2022-30159 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2022-30171 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2022-30172 | Microsoft Office Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2022-30174 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2022-30173 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2022-30158 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2022-30157 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows ALPC | CVE-2022-30160 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-29119 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-30188 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-30167 | AV1 Video Extension Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-30193 | AV1 Video Extension Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-29111 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-22018 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Remote Volume Shadow Copy Service (RVSS) | CVE-2022-30154 | Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2022-30163 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| SQL Server | CVE-2022-29143 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2022-30151 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows App Store | CVE-2022-30168 | Microsoft Photos App Remote Code Execution Vulnerability | Important |
| Windows Autopilot | CVE-2022-30189 | Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability | Important |
| Windows Container Isolation FS Filter Driver | CVE-2022-30131 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Container Manager Service | CVE-2022-30132 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
| Windows Defender | CVE-2022-30150 | Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability | Important |
| Windows Encrypting File System (EFS) | CVE-2022-30145 | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | Important |
| Windows File History Service | CVE-2022-30142 | Windows File History Remote Code Execution Vulnerability | Important |
| Windows Installer | CVE-2022-30147 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows iSCSI | CVE-2022-30140 | Windows iSCSI Discovery Service Remote Code Execution Vulnerability | Important |
| Windows Kerberos | CVE-2022-30164 | Kerberos AppContainer Security Feature Bypass Vulnerability | Important |
| Windows Kerberos | CVE-2022-30165 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-30162 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2022-30155 | Windows Kernel Denial of Service Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-30143 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-30161 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-30141 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-30153 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-30139 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-30149 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-30146 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows Local Security Authority Subsystem Service | CVE-2022-30166 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2022-30135 | Windows Media Center Elevation of Privilege Vulnerability | Important |
| Windows Network Address Translation (NAT) | CVE-2022-30152 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
| Windows Network File System | CVE-2022-30136 | Windows Network File System Remote Code Execution Vulnerability | Critical |
| Windows PowerShell | CVE-2022-30148 | Windows Desired State Configuration (DSC) Information Disclosure Vulnerability | Important |
| Windows SMB | CVE-2022-32230 | Windows SMB Denial of Service Vulnerability | Important |
Comments
NoneRain - 1 year ago
Looks like this update is "safe" guys. No problems around here.
lgkwang - 1 year ago
I noticed that 2 different Windows servers with RRAS enabled (possibly related to using NAT mode) both experienced serious connectivity problems after installing the June update. Could not RDP to them after the update installed. Checked with Wireshark and the 3-way TCP handshake never completes, but I can still ping the servers. Uninstalling the update fixes the problems. There's not much written about this online, except another user on another website posted that they had problems when Internet Connection Sharing was turned on. Sounds potentially related...
elmernet - 1 year ago
Yes, I also had this problem on 7 Windows Server 2012 R2 and had to uninstall KB5014738 , and on 1 Windows Server 2019 and on that one I had to remove KB5014692 .
All are Domain Controllers, with RRAS - Routing and Remote Access.
The symptoms were:
1. Lost remote access over RDP.
2. Lost navigation with any browser.
3. Lost access even by AnyDesk.
4. Stations lost access to shared folders.
I even noticed that the Server when restarted, with the process not yet finished - everything works normally. As services go up, the 4 items above will occur.
And here was the first article I found mentioning the fact.
wdwinslow - 1 year ago
We are also seeing this same issue on (4) Windows 2019 RRAS servers this morning. Our servers also do NAT. Post update un-install and reboot, we are able to RDP in and RRAS works again.
elmernet - 1 year ago
I'm "happy" that it wasn't my configuration error, seeing more people with the same problem kkk.
I don't understand why until now, hardly anyone talks about this issue in Patch Thuesday June 2022 where KB5014738 needs to be uninstalled/removed on Windows Server 2012 R2 and KB5014692 needs to be uninstalled/removed on Windows Server 2019 , when servers use RRAS (in my case with VPN too). Let's wait a few more days for Microsoft to point out a solution....
lgkwang - 1 year ago
I'm pretty confident this issue is related to the "Wi-Fi Hotspot" issue posted in a later article on this site... Probably the same module that is used for NAT routing in RRAS and the Hosted Network feature with Wi-Fi... So now we just wait for a fix from Microsoft....
Wi-Fi article: https://www.bleepingcomputer.com/news/microsoft/microsoft-june-windows-updates-may-break-wi-fi-hotspots/
SiegfriedB - 1 year ago
I have the same issue as described above on two RRAS servers (one is Server 2012 R2 and one is Server 2016). As soon as the June update is installed, basically nothing works anymore except for ping. Severe connectivity issues. The only solution seems to be to uninstall the update. Anybody who has more information, please let us know! For Server 2012 R2, the update in question is KB5014746
rosshbc2354 - 1 year ago
My Server 2019 has the same issues. I have Hyper-v, IIS and RRAS running. All those services, and RDP are affected. In my case, it seems OK for the first 5 mins, and then it all stops. I was able to use wireshark (via iDrac console) to capture the fault in action: The server sets up the initial SynAck, and then one more packet outbound, and then it ignores all incoming responses for that connection.
lgkwang - 1 year ago
Microsoft released a fix for the RRAS/VPN problems today in the form of the 2022-06 Cumulative Update Preview. I've tested it and it appears to fix the issues that were happening. But, there's a catch.... It appears that they only released the preview update for Windows 11 and Windows Server 2022 & 2019 operating systems - sooooo that's not ideal for those using Server 2016 or 2012 R2
Windows Server 2022: KB5014665
Windows Server 2019: KB5014669
Addresses a known issue that might prevent you from using the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the internet after a client device connects.