Patch Analysis for June 2022

Welcome to my June Patch Tuesday newsletter.  Let's get right to it.  The big patch this month is CVE-2022-30190.  As you have surely heard in the news this Follina zero-day is currently being exploited.  This exploit was easily executed simply by opening a targeted Word document.  Thankfully Microsoft has released a patch that you will want to apply ASAP.  You will also want to give attention to the three yellow highlighted CVE's in the chart below.  Microsoft has given these an exploitability assessment of "Exploitation More Likely".  In addition to these, there are also three CVE's with a severity rating of Critical this month; CVE-2022-30136, CVE-2022-30139 and CVE-2022-30163.  Of the 55 CVE's this month being addressed these 6 should be your top priority.  

Patch data provided by:

LOGbinder.com

Technology

Products Affected

Severity

Reference

Workaround/ Exploited / Publicly Disclosed

Vulnerability Info

Windows

Windows 7, 8.1, RT 8.1, 10, 11

Server 2008 SP2, 2008R2, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations

2022  including Azure Edition Core Hotpatch

AV1 & HEVC Video Extension

Critical

CVE-2022-21123
CVE-2022-21125
CVE-2022-21127
CVE-2022-21166
CVE-2022-22018
CVE-2022-29111
CVE-2022-29119
CVE-2022-30131
CVE-2022-30132
CVE-2022-30135
CVE-2022-30136
CVE-2022-30138
CVE-2022-30139
CVE-2022-30140
CVE-2022-30141
CVE-2022-30142
CVE-2022-30143
CVE-2022-30145
CVE-2022-30146
CVE-2022-30147
CVE-2022-30148
CVE-2022-30149
CVE-2022-30150
CVE-2022-30151
CVE-2022-30152
CVE-2022-30153
CVE-2022-30154
CVE-2022-30155
CVE-2022-30160
CVE-2022-30161
CVE-2022-30162
CVE-2022-30163
CVE-2022-30164
CVE-2022-30165
CVE-2022-30166
CVE-2022-30167
CVE-2022-30188
CVE-2022-30189
CVE-2022-30190
CVE-2022-30193
CVE-2022-32230

Workaround: No
Exploited: Yes
Public: Yes

Denial of Service

Elevation of Privilege

Information Disclosure

Remote Code Execution

Security Feature Bypass

Spoofing

Edge

Chromium-based

Moderate

CVE-2022-22021
CVE-2022-26905
CVE-2022-30127
CVE-2022-30128

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Remote Code Execution

Spoofing

.NET Framework

Core 3.1

.NET 6.0

Also Nuget.exe

Important

CVE-2022-30184

Workaround: No
Exploited: No
Public: No

Information Disclosure

Visual Studio

2019 16.11 through 16.0

2022 17.0, 17.2

2019 for Mac 8.10

2022 for Mac 17.0

Important

CVE-2022-30184

Workaround: No
Exploited: No
Public: No

Information Disclosure

Office

365 Apps for Enterprise

Excel 2013 RT SP1, 2013 SP1, 2016

Online Server

Web Apps Server 2013 SP1

LTSC 2021

Important

CVE-2022-30159
CVE-2022-30171
CVE-2022-30172
CVE-2022-30173
CVE-2022-30174

Workaround: No
Exploited: No
Public: No

Remote Code Execution

Information Disclosure

SharePoint Server

Enterprise Server 2013 SP1, 2016, 2019

Foundation 2013 SP1

Server Subscription Edition

Important

CVE-2022-30157
CVE-2022-30158
CVE-2022-30159
CVE-2022-30171
CVE-2022-30172

Workaround: No
Exploited: No
Public: No

Remote Code Execution

Information Disclosure

SQL Server

2014 SP3 CU4 and GDR

2016 SP2 CU17 and GDR

2016 SP3 GDR and Azure Connectivity Pack

2017 CU29 and GDR

2019 CU16 and GDR

Important

CVE-2022-29143

Workaround: No
Exploited: No
Public: No

Remote Code Execution

Azure

Automation State Configuration, DSC Extension

Automation Update Management

Diagnostics (LAD)

Open Management Infrastructure

Real Time Operating System (GUIX)

Security Center

Sentinel

Service Fabric

Stack Hub

Container Monitoring Solution

Log Analytics Agent

Important

CVE-2022-29149
CVE-2022-30137
CVE-2022-30177
CVE-2022-30178
CVE-2022-30179
CVE-2022-30180

Workaround: No
Exploited: No
Public: No

Information Disclosure

Remote Code Execution

Elevation of Privilege

System Center

SCOM 2016, 2019, 2022

Important

CVE-2022-29149

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Apps

Microsoft Photos

Important

CVE-2022-30168

Workaround: No
Exploited: No
Public: No

Remote Code Execution

Receive Randy's same-day, independent analysis each Patch Tuesday

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The "Randy’s Recommendation" comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

 

Additional Resources