Webinar Library
Welcome to my June Patch Tuesday newsletter. Let's get right to it. The big patch this month is CVE-2022-30190. As you have surely heard in the news this Follina zero-day is currently being exploited. This exploit was easily executed simply by opening a targeted Word document. Thankfully Microsoft has released a patch that you will want to apply ASAP. You will also want to give attention to the three yellow highlighted CVE's in the chart below. Microsoft has given these an exploitability assessment of "Exploitation More Likely". In addition to these, there are also three CVE's with a severity rating of Critical this month; CVE-2022-30136, CVE-2022-30139 and CVE-2022-30163. Of the 55 CVE's this month being addressed these 6 should be your top priority.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 7, 8.1, RT 8.1, 10, 11
Server 2008 SP2, 2008R2, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations
2022 including Azure Edition Core Hotpatch
AV1 & HEVC Video Extension
Critical
CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-22018 CVE-2022-29111 CVE-2022-29119 CVE-2022-30131 CVE-2022-30132 CVE-2022-30135 CVE-2022-30136 CVE-2022-30138 CVE-2022-30139 CVE-2022-30140 CVE-2022-30141 CVE-2022-30142 CVE-2022-30143 CVE-2022-30145 CVE-2022-30146 CVE-2022-30147 CVE-2022-30148 CVE-2022-30149 CVE-2022-30150 CVE-2022-30151 CVE-2022-30152 CVE-2022-30153 CVE-2022-30154 CVE-2022-30155 CVE-2022-30160 CVE-2022-30161 CVE-2022-30162 CVE-2022-30163 CVE-2022-30164 CVE-2022-30165 CVE-2022-30166 CVE-2022-30167 CVE-2022-30188 CVE-2022-30189 CVE-2022-30190 CVE-2022-30193 CVE-2022-32230
Workaround: No Exploited: Yes Public: Yes
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Feature Bypass
Spoofing
Edge
Chromium-based
Moderate
CVE-2022-22021 CVE-2022-26905 CVE-2022-30127 CVE-2022-30128
Workaround: No Exploited: No Public: No
.NET Framework
Core 3.1
.NET 6.0
Also Nuget.exe
Important
CVE-2022-30184
Visual Studio
2019 16.11 through 16.0
2022 17.0, 17.2
2019 for Mac 8.10
2022 for Mac 17.0
Office
365 Apps for Enterprise
Excel 2013 RT SP1, 2013 SP1, 2016
Online Server
Web Apps Server 2013 SP1
LTSC 2021
CVE-2022-30159 CVE-2022-30171 CVE-2022-30172 CVE-2022-30173 CVE-2022-30174
SharePoint Server
Enterprise Server 2013 SP1, 2016, 2019
Foundation 2013 SP1
Server Subscription Edition
CVE-2022-30157 CVE-2022-30158 CVE-2022-30159 CVE-2022-30171 CVE-2022-30172
SQL Server
2014 SP3 CU4 and GDR
2016 SP2 CU17 and GDR
2016 SP3 GDR and Azure Connectivity Pack
2017 CU29 and GDR
2019 CU16 and GDR
CVE-2022-29143
Azure
Automation State Configuration, DSC Extension
Automation Update Management
Diagnostics (LAD)
Open Management Infrastructure
Real Time Operating System (GUIX)
Security Center
Sentinel
Service Fabric
Stack Hub
Container Monitoring Solution
Log Analytics Agent
CVE-2022-29149 CVE-2022-30137 CVE-2022-30177 CVE-2022-30178 CVE-2022-30179 CVE-2022-30180
System Center
SCOM 2016, 2019, 2022
CVE-2022-29149
Apps
Microsoft Photos
CVE-2022-30168