Czerwcowy Patch Tuesday Microsoftu

utworzone przez | cze 15, 2022 | Aktualizacje

Wtorkowa łatka Microsoftu z czerwca 2022 r., a wraz z nią poprawki 55 luk w zabezpieczeniach, w tym poprawki dla luki zero-day w systemie Windows MSDT „Follina” i nowe błędy Intel MMIO.

Spośród 55 luk naprawionych w dzisiejszej aktualizacji trzy zostały sklasyfikowane jako „krytyczne”, ponieważ umożliwiają zdalne wykonanie kodu, a pozostałe zostały sklasyfikowane jako ważne. Nie obejmuje to 5 aktualizacji Microsoft Edge Chromium, które zostały wydane na początku tego tygodnia

Aktualizacja bezpieczeństwa z czerwca 2022 r

TagCVE IDCVE opisKrytyczność
.NET and Visual StudioCVE-2022-30184.NET and Visual Studio Information Disclosure VulnerabilityWysoka
Azure OMICVE-2022-29149Azure Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityWysoka
Azure Real Time Operating SystemCVE-2022-30179Azure RTOS GUIX Studio Remote Code Execution VulnerabilityWysoka
Azure Real Time Operating SystemCVE-2022-30178Azure RTOS GUIX Studio Remote Code Execution VulnerabilityWysoka
Azure Real Time Operating SystemCVE-2022-30180Azure RTOS GUIX Studio Information Disclosure VulnerabilityWysoka
Azure Real Time Operating SystemCVE-2022-30177Azure RTOS GUIX Studio Remote Code Execution VulnerabilityWysoka
Azure Service Fabric ContainerCVE-2022-30137Azure Service Fabric Container Elevation of Privilege VulnerabilityWysoka
IntelCVE-2022-21127Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update)Wysoka
IntelADV220002Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities
IntelCVE-2022-21123Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR)Wysoka
IntelCVE-2022-21125Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS)Wysoka
IntelCVE-2022-21166Intel: CVE-2022-21166 Device Register Partial Write (DRPW)Wysoka
Microsoft OfficeCVE-2022-30159Microsoft Office Information Disclosure VulnerabilityWysoka
Microsoft OfficeCVE-2022-30171Microsoft Office Information Disclosure VulnerabilityWysoka
Microsoft OfficeCVE-2022-30172Microsoft Office Information Disclosure VulnerabilityWysoka
Microsoft OfficeCVE-2022-30174Microsoft Office Remote Code Execution VulnerabilityWysoka
Microsoft Office ExcelCVE-2022-30173Microsoft Excel Remote Code Execution VulnerabilityWysoka
Microsoft Office SharePointCVE-2022-30158Microsoft SharePoint Server Remote Code Execution VulnerabilityWysoka
Microsoft Office SharePointCVE-2022-30157Microsoft SharePoint Server Remote Code Execution VulnerabilityWysoka
Microsoft Windows ALPCCVE-2022-30160Windows Advanced Local Procedure Call Elevation of Privilege VulnerabilityWysoka
Microsoft Windows Codecs LibraryCVE-2022-29119HEVC Video Extensions Remote Code Execution VulnerabilityWysoka
Microsoft Windows Codecs LibraryCVE-2022-30188HEVC Video Extensions Remote Code Execution VulnerabilityWysoka
Microsoft Windows Codecs LibraryCVE-2022-30167AV1 Video Extension Remote Code Execution VulnerabilityWysoka
Microsoft Windows Codecs LibraryCVE-2022-30193AV1 Video Extension Remote Code Execution VulnerabilityWysoka
Microsoft Windows Codecs LibraryCVE-2022-29111HEVC Video Extensions Remote Code Execution VulnerabilityWysoka
Microsoft Windows Codecs LibraryCVE-2022-22018HEVC Video Extensions Remote Code Execution VulnerabilityWysoka
Remote Volume Shadow Copy Service (RVSS)CVE-2022-30154Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege VulnerabilityWysoka
Role: Windows Hyper-VCVE-2022-30163Windows Hyper-V Remote Code Execution VulnerabilityKrytyczna
SQL ServerCVE-2022-29143Microsoft SQL Server Remote Code Execution VulnerabilityWysoka
Windows Ancillary Function Driver for WinSockCVE-2022-30151Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityWysoka
Windows App StoreCVE-2022-30168Microsoft Photos App Remote Code Execution VulnerabilityWysoka
Windows AutopilotCVE-2022-30189Windows Autopilot Device Management and Enrollment Client Spoofing VulnerabilityWysoka
Windows Container Isolation FS Filter DriverCVE-2022-30131Windows Container Isolation FS Filter Driver Elevation of Privilege VulnerabilityWysoka
Windows Container Manager ServiceCVE-2022-30132Windows Container Manager Service Elevation of Privilege VulnerabilityWysoka
Windows DefenderCVE-2022-30150Windows Defender Remote Credential Guard Elevation of Privilege VulnerabilityWysoka
Windows Encrypting File System (EFS)CVE-2022-30145Windows Encrypting File System (EFS) Remote Code Execution VulnerabilityWysoka
Windows File History ServiceCVE-2022-30142Windows File History Remote Code Execution VulnerabilityWysoka
Windows InstallerCVE-2022-30147Windows Installer Elevation of Privilege VulnerabilityWysoka
Windows iSCSICVE-2022-30140Windows iSCSI Discovery Service Remote Code Execution VulnerabilityWysoka
Windows KerberosCVE-2022-30164Kerberos AppContainer Security Feature Bypass VulnerabilityWysoka
Windows KerberosCVE-2022-30165Windows Kerberos Elevation of Privilege VulnerabilityWysoka
Windows KernelCVE-2022-30162Windows Kernel Information Disclosure VulnerabilityWysoka
Windows KernelCVE-2022-30155Windows Kernel Denial of Service VulnerabilityWysoka
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30143Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityWysoka
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30161Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityWysoka
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30141Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityWysoka
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30153Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityWysoka
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30139Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityKrytyczna
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30149Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityWysoka
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-30146Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityWysoka
Windows Local Security Authority Subsystem ServiceCVE-2022-30166Local Security Authority Subsystem Service Elevation of Privilege VulnerabilityWysoka
Windows MediaCVE-2022-30135Windows Media Center Elevation of Privilege VulnerabilityWysoka
Windows Network Address Translation (NAT)CVE-2022-30152Windows Network Address Translation (NAT) Denial of Service VulnerabilityWysoka
Windows Network File SystemCVE-2022-30136Windows Network File System Remote Code Execution VulnerabilityKrytyczna
Windows PowerShellCVE-2022-30148Windows Desired State Configuration (DSC) Information Disclosure VulnerabilityWysoka
Windows SMBCVE-2022-32230Windows SMB Denial of Service VulnerabilityWysoka

Źródło:

https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/June-2022.html

https://msrc.microsoft.com/update-guide/