Post Syndicated from Greg Wiseman original https://blog.rapid7.com/2022/06/14/patch-tuesday-june-2022/

July’s Patch Tuesday sees Microsoft releasing fixes for over 60 CVEs. Top of mind for many administrators this month is CVE-2022-30190, also known as Follina, which was observed being exploited in the wild at the end of May. Microsoft provided mitigation instructions (disabling the MSDT URL protocol via the registry), but actual patches were not available until today’s cumulative Windows Updates. Even if the mitigation was previously applied, installing the updates is highly recommended.

None of the other CVEs being addressed this month have been previously disclosed or seen exploited yet. However, it won’t be long before attackers start looking at CVE-2022-30136, a critical remote code execution (RCE) vulnerability affecting the Windows Network File System (NFS). Last month, Microsoft fixed a similar vulnerability (CVE-2022-26937) affecting NFS v2.0 and v3.0. CVE-2022-30136, on the other hand, is only exploitable in NFS v4.1. Microsoft has provided mitigation guidance to disable NFS v4.1, which should only be done if the May updates fixing previous NFS versions have been applied. Again, even if the mitigation has been put into place, best to patch sooner rather than later.

Also reminiscent of last month is CVE-2022-30139, a critical RCE in LDAP carrying a CVSSv3 base score of 7.1, which again is only exploitable if the MaxReceiveBuffer LDAP policy value is set higher than the default. Rounding out the critical RCEs for July is CVE-2022-30163, which could allow a malicious application running on a Hyper-V guest to execute code on the host OS.

The other big news this month is the end of support for Internet Explorer 11 (IE11) on Windows 10 Semi-Annual Channels and Windows 10 IoT Semi-Annual Channels, as Microsoft encourages users to adopt the Chromium-based Edge browser (which saw fixes for 5 CVEs this month). Internet Explorer 11 on other versions of Windows should continue receiving security updates and technical support based on the OS support lifecycle, so this is only the beginning of the end for the legacy browser.

Summary charts

Summary tables

Apps vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-30168	Microsoft Photos App Remote Code Execution Vulnerability	No	No	7.8	Yes

Azure vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-30137	Azure Service Fabric Container Elevation of Privilege Vulnerability	No	No	6.7	Yes
CVE-2022-30177	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-30178	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-30179	Azure RTOS GUIX Studio Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-30180	Azure RTOS GUIX Studio Information Disclosure Vulnerability	No	No	7.8	Yes

Azure System Center vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-29149	Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability	No	No	7.8	Yes

Browser vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-22021	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	No	No	8.3	Yes
CVE-2022-2011	Chromium: CVE-2022-2011 Use after free in ANGLE	No	No	N/A	Yes
CVE-2022-2010	Chromium: CVE-2022-2010 Out of bounds read in compositing	No	No	N/A	Yes
CVE-2022-2008	Chromium: CVE-2022-2008 Out of bounds memory access in WebGL	No	No	N/A	Yes
CVE-2022-2007	Chromium: CVE-2022-2007 Use after free in WebGPU	No	No	N/A	Yes

Developer Tools vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-30184	.NET and Visual Studio Information Disclosure Vulnerability	No	No	5.5	Yes

ESU Windows vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-30140	Windows iSCSI Discovery Service Remote Code Execution Vulnerability	No	No	7.1	Yes
CVE-2022-30152	Windows Network Address Translation (NAT) Denial of Service Vulnerability	No	No	7.5	No
CVE-2022-30135	Windows Media Center Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2022-30153	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-30161	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-30141	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	No	No	8.1	Yes
CVE-2022-30143	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	No	No	7.5	Yes
CVE-2022-30149	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	No	No	7.5	Yes
CVE-2022-30146	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	No	No	7.5	Yes
CVE-2022-30155	Windows Kernel Denial of Service Vulnerability	No	No	5.5	Yes
CVE-2022-30147	Windows Installer Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2022-30163	Windows Hyper-V Remote Code Execution Vulnerability	No	No	8.5	Yes
CVE-2022-30142	Windows File History Remote Code Execution Vulnerability	No	No	7.1	Yes
CVE-2022-30151	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	No	No	7	Yes
CVE-2022-30160	Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2022-30166	Local Security Authority Subsystem Service Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2022-21166	Intel: CVE-2022-21166 Device Register Partial Write (DRPW)	No	No	N/A	Yes
CVE-2022-21127	Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update)	No	No	N/A	Yes
CVE-2022-21125	Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS)	No	No	N/A	Yes
CVE-2022-21123	Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR)	No	No	N/A	Yes

Microsoft Office vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-30157	Microsoft SharePoint Server Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-30158	Microsoft SharePoint Server Remote Code Execution Vulnerability	No	No	8.8	Yes
CVE-2022-30174	Microsoft Office Remote Code Execution Vulnerability	No	No	7.4	Yes
CVE-2022-30159	Microsoft Office Information Disclosure Vulnerability	No	No	5.5	Yes
CVE-2022-30171	Microsoft Office Information Disclosure Vulnerability	No	No	5.5	Yes
CVE-2022-30172	Microsoft Office Information Disclosure Vulnerability	No	No	5.5	Yes
CVE-2022-30173	Microsoft Excel Remote Code Execution Vulnerability	No	No	7.8	Yes

SQL Server vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-29143	Microsoft SQL Server Remote Code Execution Vulnerability	No	No	7.5	Yes

Windows vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score	Has FAQ?
CVE-2022-32230	Windows SMB Denial of Service Vulnerability	No	No	N/A	Yes
CVE-2022-30136	Windows Network File System Remote Code Execution Vulnerability	No	No	9.8	Yes
CVE-2022-30139	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	No	No	7.5	Yes
CVE-2022-30162	Windows Kernel Information Disclosure Vulnerability	No	No	5.5	Yes
CVE-2022-30165	Windows Kerberos Elevation of Privilege Vulnerability	No	No	8.8	Yes
CVE-2022-30145	Windows Encrypting File System (EFS) Remote Code Execution Vulnerability	No	No	7.5	Yes
CVE-2022-30148	Windows Desired State Configuration (DSC) Information Disclosure Vulnerability	No	No	5.5	Yes
CVE-2022-30150	Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability	No	No	7.5	Yes
CVE-2022-30132	Windows Container Manager Service Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2022-30131	Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability	No	No	7.8	No
CVE-2022-30189	Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability	No	No	6.5	Yes
CVE-2022-30154	Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability	No	No	5.3	Yes
CVE-2022-30164	Kerberos AppContainer Security Feature Bypass Vulnerability	No	No	8.4	Yes
CVE-2022-29111	HEVC Video Extensions Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-22018	HEVC Video Extensions Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-30188	HEVC Video Extensions Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-29119	HEVC Video Extensions Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-30167	AV1 Video Extension Remote Code Execution Vulnerability	No	No	7.8	Yes
CVE-2022-30193	AV1 Video Extension Remote Code Execution Vulnerability	No	No	7.8	Yes

​

Additional reading:

• The Hidden Harm of Silent Patches
• Maximize Your VM Investment: Fix Vulnerabilities Faster With Automox + Rapid7
• How to Strategically Scale Vendor Management and Supply Chain Security
• Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report