Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s June 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1007 on Wednesday, June 15th.

In-The-Wild & Disclosed CVEs

None of the vulnerabilities patched this month have been exploited in-the-wild or publicly disclosed according to Microsoft. However, Microsoft did update last month’s security guidance related to the Follina vulnerability (CVE-2022-30190) and a patch has now been released. A write-up from May 29 can be read here and Microsoft’s MSRC response can be found here.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
TagCVE CountCVEs
Azure Service Fabric Container1CVE-2022-30137
Windows Container Isolation FS Filter Driver1CVE-2022-30131
Windows Media1CVE-2022-30135
Windows Installer1CVE-2022-30147
Windows Network File System1CVE-2022-30136
Windows PowerShell1CVE-2022-30148
Microsoft Office SharePoint2CVE-2022-30157, CVE-2022-30158
Windows iSCSI1CVE-2022-30140
Microsoft Windows Codecs Library6CVE-2022-29111, CVE-2022-22018, CVE-2022-30167, CVE-2022-30188, CVE-2022-29119, CVE-2022-30193
SQL Server1CVE-2022-29143
Microsoft Office Excel1CVE-2022-30173
Windows Ancillary Function Driver for WinSock1CVE-2022-30151
Windows Kernel2CVE-2022-30155, CVE-2022-30162
Windows Local Security Authority Subsystem Service1CVE-2022-30166
Microsoft Office4CVE-2022-30159, CVE-2022-30171, CVE-2022-30172, CVE-2022-30174
Windows Defender1CVE-2022-30150
Intel4CVE-2022-21166, CVE-2022-21127, CVE-2022-21123, CVE-2022-21125
Windows Network Address Translation (NAT)1CVE-2022-30152
Remote Volume Shadow Copy Service (RVSS)1CVE-2022-30154
Windows File History Service1CVE-2022-30142
Windows Autopilot1CVE-2022-30189
.NET and Visual Studio1CVE-2022-30184
Azure OMI1CVE-2022-29149
Windows Kerberos2CVE-2022-30164, CVE-2022-30165
Windows Encrypting File System (EFS)1CVE-2022-30145
Windows Container Manager Service1CVE-2022-30132
Azure Real Time Operating System4CVE-2022-30177, CVE-2022-30178, CVE-2022-30179, CVE-2022-30180
Role: Windows Hyper-V1CVE-2022-30163
Microsoft Edge (Chromium-based)5CVE-2022-22021, CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-2022-2011
Microsoft Windows ALPC1CVE-2022-30160
Windows LDAP – Lightweight Directory Access Protocol7CVE-2022-30141, CVE-2022-30143, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161, CVE-2022-30139, CVE-2022-30146
Windows SMB1CVE-2022-32230
Windows App Store1CVE-2022-30168

Other Information

In addition to the Microsoft vulnerabilities included in the June Security Guidance, an advisory was also released today.

Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities [ADV220002]

Four of the vulnerabilities patched by Microsoft today are tied to INTEL-SA-000615, an Intel advisory describing a group of vulnerabilities known as Processor MMIO Stale Data Vulnerabilities. In addition to the security guidance for these four vulnerabilities, Microsoft has released this advisory to detail the recommended actions Microsoft customers should take to ensure complete remediation of these vulnerabilities.

Mastering Configuration Management Across the Modern Enterprise