Microsoft rolls out fixes for 55 CVEs through the June 2022 Patch Tuesday

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • A pretty busy month for a Microsoft Patch Tuesday release, with 55 CVEs.
  • Out of all the CVEs, 3 are Critical, 51 are Important, and one is Moderate.
  • We've included each and everyone in this article, with direct links as well
malware

It’s June and we are already enjoying the summer, but Windows users are also looking towards Microsoft, in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve already provided the direct download links for the cumulative updates released today for Windows 10 and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again.

This month, the Redmond tech giant released 55 new patches, which is a lot more than some people were expecting right after Easter.

These software updates address CVEs in:

  • Microsoft Windows and Windows Components
  • .NET and Visual Studio
  • Microsoft Office and Office Components
  • Microsoft Edge (Chromium-based)
  • Windows Hyper-V Server
  • Windows App Store
  • Azure OMI
  • Real Time Operating System
  • Service Fabric Container
  • SharePoint Server
  • Windows Defender
  • Windows Lightweight Directory Access Protocol (LDAP
  • Windows Powershell

55 CVEs were targeted and dealt with this month

Not the busiest but also not the lightest month for Microsoft security experts. You might like to know that, out of the 55 new CVEs released, 3 are rated Critical, 51 are rated Important, and one is rated Moderate in severity.

CVE Title Severity CVSS Public Exploited Type
CVE-2022-30163 Windows Hyper-V Remote Code Execution Vulnerability Critical 8.5 No No RCE
CVE-2022-30139 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Critical 7.5 No No RCE
CVE-2022-30136 Windows Network File System Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2022-30184 .NET and Visual Studio Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-30167 AV1 Video Extension Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-30193 AV1 Video Extension Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-29149 Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-30180 Azure RTOS GUIX Studio Information Disclosure Vulnerability Important 7.8 No No Info
CVE-2022-30177 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-30178 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-30179 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-30137 Azure Service Fabric Container Elevation of Privilege Vulnerability Important 6.7 No No EoP
CVE-2022-22018 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-29111 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-29119 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-30188 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-21123 * Intel: CVE-2022-21123 Shared Buffer Data Read (SBDR) Important N/A No No Info
CVE-2022-21125 * Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) Important N/A No No Info
CVE-2022-21127 * Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) Important N/A No No Info
CVE-2022-21166 * Intel: CVE-2022-21166 Device Register Partial Write (DRPW) Important N/A No No Info
CVE-2022-30164 Kerberos AppContainer Security Feature Bypass Vulnerability Important 8.4 No No SFB
CVE-2022-30166 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-30173 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-30154 Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability Important 5.3 No No EoP
CVE-2022-30159 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-30171 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-30172 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-30174 Microsoft Office Remote Code Execution Vulnerability Important 7.4 No No RCE
CVE-2022-30168 Microsoft Photos App Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-30157 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-30158 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-29143 Microsoft SQL Server Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-30160 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-30151 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-30189 Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability Important 6.5 No No Spoofing
CVE-2022-30131 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-30132 Windows Container Manager Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-30150 Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability Important 7.5 No No EoP
CVE-2022-30148 Windows Desired State Configuration (DSC) Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-30145 Windows Encrypting File System (EFS) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-30142 Windows File History Remote Code Execution Vulnerability Important 7.1 No No RCE
CVE-2022-30147 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-30140 Windows iSCSI Discovery Service Remote Code Execution Vulnerability Important 7.1 No No RCE
CVE-2022-30165 Windows Kerberos Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2022-30155 Windows Kernel Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2022-30162 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-30141 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 8.1 No No RCE
CVE-2022-30143 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-30146 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-30149 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-30153 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-30161 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-30135 Windows Media Center Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-30152 Windows Network Address Translation (NAT) Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-32230 * Windows SMB Denial of Service Vulnerability Important N/A No No DoS
CVE-2022-22021 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Moderate 8.3 No No RCE
CVE-2022-2007 * Chromium: Use after free in WebGPU High N/A No No RCE
CVE-2022-2008 * Chromium: Out of bounds memory access in WebGL High N/A No No RCE
CVE-2022-2010 * Chromium: Out of bounds read in compositing High N/A No No RCE
CVE-2022-2011 * Chromium: Use after free in ANGLE High N/A No No RC

It’s important to know that none of the new bugs patched this month are listed as publicly known or under active attack at the time of release.

But wait, there’s more. June 2022 is actually the first month in quite a while without an update for the Print Spooler.

To narrow things down for you, more than half of the patches this month deal with remote code execution, and 7 of these deal with LDAP vulnerabilities, which is at least a decrease from the 10 LDAP patches last month.

Keep in mind that The most severe of these clocks in with a CVSS of 9.8 but would require the MaxReceiveBuffer LDAP policy to be set to a value higher than the default value.

Was this article helpful to you? Share your opinion in the comments section below.

This article covers:Topics: