October 3, 2022

TheCyberThrone

Thinking Security ! Always

Microsoft patch Tuesday – June 2022

Microsoft has released 55 security fixes that resolve critical issues including Remote Code Execution (RCE) and also includes fixes for problems information leaks, Elevation of Privilege (EoP), Use-After-Free issues, and out-of-bounds memory access.

This month’s update includes patches for:

  • .NET and Visual Studio
  • Azure OMI
  • Azure Real Time Operating System
  • Azure Service Fabric Container
  • Intel
  • Microsoft Edge (Chromium-based)
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Windows ALPC
  • Microsoft Windows Codecs Library
  • Remote Volume Shadow Copy Service (RVSS)
  • Role: Windows Hyper-V
  • SQL Server
  • Windows Ancillary Function Driver for WinSock
  • Windows App Store
  • Windows Autopilot
  • Windows Container Isolation FS Filter Driver
  • Windows Container Manager Service
  • Windows Defender
  • Windows Encrypting File System (EFS)
  • Windows File History Service
  • Windows Installer
  • Windows iSCSI
  • Windows Kerberos
  • Windows Kernel
  • Windows LDAP – Lightweight Directory Access Protocol
  • Windows Local Security Authority Subsystem Service
  • Windows Media
  • Windows Network Address Translation (NAT)
  • Windows Network File System
  • Windows PowerShell
  • Windows SMB
Advertisements

Windows Network File System RCE Vulnerability

CVE-2022-30136 is a RCE vulnerability in the network file system (NFS) that can be exploited by an unauthenticated attacker using a specially crafted call to a NFS service. The vulnerability has a 9.8 CVSSv3 score and Exploitation More Likely. The advisory notes that NFS versions 2.0 and 3.0 are not affected and administrators can disable NFS version 4.1 to mitigate this flaw. Disabling NFSv4.1 could have adverse impacts, caution required while adopting it. This is only a mitigation option, the advisory also provides a warning that you should not disable NFSv4.1 unless you have installed the May 2022 Windows security updates, specifically the updates addressing CVE-2022-26937.

Windows Advanced Local Procedure Call EoP Vulnerability

CVE-2022-30160 is an EoP vulnerability affecting the advanced local procedure call (ALPC), a message-passing mechanism for internal operating system communications. With a CVSSv3 score of 7.8, this vulnerability can be exploited by a local, authenticated attacker and rated as Exploitation More Likely. patches are available for all supported Windows variants including Windows Server Core installations.

Windows Installer EoP Vulnerability

CVE-2022-30147 is an EoP vulnerability affecting the Windows Installer. The flaw received a 7.8 CVSSv3 score and can be exploited by a local, authenticated attacker and Exploitation More Likely and patches are available for all supported Windows variants including Windows Server Core Installations..

Numerous RCE Vulnerabilities in Windows  LDAP

This month Microsoft patched seven vulnerabilities in the Lightweight Directory Access Protocol (LDAP).

  • CVE-2022-30139
  • CVE-2022-30141
  • CVE-2022-30143
  • CVE-2022-30146
  • CVE-2022-30149
  • CVE-2022-30153
  • CVE-2022-30161

Two of the CVEs, CVE-2022-30153, and CVE-2022-30161 received CVSSv3 scores of 8.8, CVE-2022-30141 was scored at 8.1, and the remainder of the flaws each were scored at 7.5 and all are Exploitation Less Likely.

Advertisements

The vulnerability descriptions for CVE-2022-30139, CVE-2022-30141, and CVE-2022-30143 provide the same caveat that the vulnerability only exists if the “MaxReceiveBuffer” LDAP policy is configured to a higher value than the default value. A system with the default value for the policy would not be affected. In the case of both CVE-2022-30139 and CVE-2022-30141, no user interaction is required, however, an attacker must prepare the target environment to improve exploit reliability.

The remainder of the CVEs all require some form of user interaction to exploit the vulnerability.

MSDT RCE Vulnerability

CVE-2022-30190, also known as Follina the RCE vulnerability in the Microsoft Windows Support Diagnostic Tool that was disclosed in late May and exploited in the wild has now received patches for affected Windows systems. While Microsoft had provided mitigation guidance in an advisory on May 30, patches were not released until June 14.

Internet Explorer 11 End Of Support

Support for Internet Explorer (IE) 11 will end for certain versions of Windows 10. Microsoft recommends switching to Microsoft Edge and notes that IE 11 is the last major version of Internet Explorer. Tenable customers can utilize Plugin ID 22024 – Microsoft Internet Explorer Unsupported Version Detection to identify systems that have an unsupported version of IE. An update to the plugin will be released on June 15 to account for these updates from Microsoft.

Advertisements

Updates Summary

CVEDescriptionExploit AvailablePublicly DisclosedCVSS Score
CVE-2022-30168Microsoft Photos App Remote Code Execution VulnerabilityNoNo7.8
CVE-2022-30137Azure Service Fabric Container Elevation of Privilege VulnerabilityNoNo6.7
CVE-2022-30177Azure RTOS GUIX Studio Remote Code Execution VulnerabilityNoNo7.8
CVE-2022-30178Azure RTOS GUIX Studio Remote Code Execution VulnerabilityNoNo7.8
CVE-2022-30179Azure RTOS GUIX Studio Remote Code Execution VulnerabilityNoNo7.8
CVE-2022-30180Azure RTOS GUIX Studio Information Disclosure VulnerabilityNoNo7.8
CVE-2022-29149Azure Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityNoNo7.8
CVE-2022-22021Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityNoNo8.3
CVE-2022-2011Chromium: CVE-2022-2011 Use after free in ANGLENoNoN/A
CVE-2022-2010Chromium: CVE-2022-2010 Out of bounds read in compositingNoNoN/A
CVE-2022-2008Chromium: CVE-2022-2008 Out of bounds memory access in WebGLNoNoN/A
CVE-2022-2007Chromium: CVE-2022-2007 Use after free in WebGPUNoNoN/A
CVE-2022-30184.NET and Visual Studio Information Disclosure VulnerabilityNoNo5.5
CVE-2022-30140Windows iSCSI Discovery Service Remote Code Execution VulnerabilityNoNo7.1
CVE-2022-30152Windows Network Address Translation (NAT) Denial of Service VulnerabilityNoNo7.5
CVE-2022-30135Windows Media Center Elevation of Privilege VulnerabilityNoNo7.8
CVE-2022-30153Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityNoNo8.8
CVE-2022-30161Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityNoNo8.8
CVE-2022-30141Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityNoNo8.1
CVE-2022-30143Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityNoNo7.5
CVE-2022-30149Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityNoNo7.5
CVE-2022-30146Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityNoNo7.5
CVE-2022-30155Windows Kernel Denial of Service VulnerabilityNoNo5.5
CVE-2022-30147Windows Installer Elevation of Privilege VulnerabilityNoNo7.8
CVE-2022-30163Windows Hyper-V Remote Code Execution VulnerabilityNoNo8.5
CVE-2022-30142Windows File History Remote Code Execution VulnerabilityNoNo7.1
CVE-2022-30151Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityNoNo7
CVE-2022-30160Windows Advanced Local Procedure Call Elevation of Privilege VulnerabilityNoNo7.8
CVE-2022-30166Local Security Authority Subsystem Service Elevation of Privilege VulnerabilityNoNo7.8
CVE-2022-21166Intel: CVE-2022-21166 Device Register Partial Write (DRPW)NoNoN/A
CVE-2022-21127Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update)NoNoN/A
CVE-2022-21125Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS)NoNoN/A
CVE-2022-21123Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR)NoNoN/A
CVE-2022-30157Microsoft SharePoint Server Remote Code Execution VulnerabilityNoNo8.8
CVE-2022-30158Microsoft SharePoint Server Remote Code Execution VulnerabilityNoNo8.8
CVE-2022-30174Microsoft Office Remote Code Execution VulnerabilityNoNo7.4
CVE-2022-30159Microsoft Office Information Disclosure VulnerabilityNoNo5.5
CVE-2022-30171Microsoft Office Information Disclosure VulnerabilityNoNo5.5
CVE-2022-30172Microsoft Office Information Disclosure VulnerabilityNoNo5.5
CVE-2022-30173Microsoft Excel Remote Code Execution VulnerabilityNoNo7.8
CVE-2022-29143Microsoft SQL Server Remote Code Execution VulnerabilityNoNo7.5
CVE-2022-32230Windows SMB Denial of Service VulnerabilityNoNoN/A
CVE-2022-30136Windows Network File System Remote Code Execution VulnerabilityNoNo9.8
CVE-2022-30139Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityNoNo7.5
CVE-2022-30162Windows Kernel Information Disclosure VulnerabilityNoNo5.5
CVE-2022-30165Windows Kerberos Elevation of Privilege VulnerabilityNoNo8.8
CVE-2022-30145Windows Encrypting File System (EFS) Remote Code Execution VulnerabilityNoNo7.5
CVE-2022-30148Windows Desired State Configuration (DSC) Information Disclosure VulnerabilityNoNo5.5
CVE-2022-30150Windows Defender Remote Credential Guard Elevation of Privilege VulnerabilityNoNo7.5
CVE-2022-30132Windows Container Manager Service Elevation of Privilege VulnerabilityNoNo7.8
CVE-2022-30131Windows Container Isolation FS Filter Driver Elevation of Privilege VulnerabilityNoNo7.8
CVE-2022-30189Windows Autopilot Device Management and Enrollment Client Spoofing VulnerabilityNoNo6.5
CVE-2022-30154Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege VulnerabilityNoNo5.3
CVE-2022-30164Kerberos AppContainer Security Feature Bypass VulnerabilityNoNo8.4
CVE-2022-29111HEVC Video Extensions Remote Code Execution VulnerabilityNoNo7.8
CVE-2022-22018HEVC Video Extensions Remote Code Execution VulnerabilityNoNo7.8
CVE-2022-30188HEVC Video Extensions Remote Code Execution VulnerabilityNoNo7.8
CVE-2022-29119HEVC Video Extensions Remote Code Execution VulnerabilityNoNo7.8
CVE-2022-30167AV1 Video Extension Remote Code Execution VulnerabilityNoNo7.8
CVE-2022-30193AV1 Video Extension Remote Code Execution VulnerabilityNoNo7.8
%d bloggers like this: