Microsoft Patch Tuesday – June 2022

Patch Tuesday is once again upon us. The June 2022 edition of Patch Tuesday brings us 60 fixes, with 3 rated as critical. We’ve listed the most important changes below.

⚡ TL;DR | Go Straight to the June 2022 Patch Tuesday Audit Report

MSDT Remote Code Execution “Follina” Fixed

Earlier this month, Microsoft released a security advisory for the Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability, CVE-2022-30190. This vulnerability was an actively exploited zero-day vulnerability that allowed attackers to use Microsoft office files to run arbitrary code. Recent reports have also confirmed that Follina is being actively exploited. While Microsoft did provide a way to mitigate the risk, and we created a specific Follina vulnerability audit to ensure you’re fully protected, an official fix has now been included in the Patch Tuesday updates.

Network File System RCE Vulnerability

The vulnerability with the highest score this month goes to a Windows NFS RCE. With a CVSS base score of 9.8 it is the highest-rated vulnerability. Additionally, Microsoft lists that exploitation is more than likely which requires the attacker to make an unauthenticated, specially crafted call to a Network File System service to trigger a Remote Code Execution. Microsoft does provide a detailed mitigation guide for CVE-2022-30136, however, installing the latest patches is the easiest method to stay secure.

Need help with finding all servers with the NFS Role? Grab and run our Windows Server NFS Role Audit to get an easy overview.

Hyper-V Remote Code Execution Vulnerability

Coming in second this month is a vulnerability in Hyper-V. CVE-2022-30163 has a CVSS base score of 8.5 and required an attacker to run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code. Microsoft also mentions that this vulnerability can lead to a scope change, meaning that a successful attack could be performed from a low privilege Hyper-V guest. The attacker can then traverse the guest’s security boundary to execute code on the Hyper-V host execution environment.

Using the Hyper-V Virtual Guest Machines audit, you’ll easily be able to find all Hyper-V guests and hosts.

Run the Patch Tuesday June 2022 Audit Report

To help manage your update progress, we’ve created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

The Lansweeper Patch Tuesday report is automatically added to Lansweeper Cloud sites. Lansweeper Cloud is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!

Patch Tuesday June 2022 CVE Codes & Titles

Receive the Latest Patch Tuesday Report for FREE Every Month

"*" indicates required fields

Email*

Hidden

EmailType

Hidden

IM – Conv Page – Processing

Hidden

IM – UTM_Campaign FC – Processing

Hidden

IM – UTM_Campaign LC – Processing

Hidden

IM – UTM_Content FC – Processing

Hidden

IM – UTM_Content LC – Processing

Hidden

IM – UTM_Medium FC – Processing

Hidden

IM – UTM_Medium LC – Processing

Hidden

IM – UTM_Source FC – Processing

Hidden

IM – UTM_Source LC – Processing

Hidden

IM – UTM_Term FC – Processing

Hidden

IM – UTM_Term LC – Processing

Hidden

gclid

Hidden

msclkid

Name

This field is for validation purposes and should be left unchanged.

Count Me In Submit