VERT Threat Alert: June 2022 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s June 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1007 on Wednesday, June 15th.
In-The-Wild & Disclosed CVEs
None of the vulnerabilities patched this month have been exploited in-the-wild or publicly disclosed according to Microsoft. However, Microsoft did update last month’s security guidance related to the Follina vulnerability (CVE-2022-30190) and a patch has now been released. A write-up from May 29 can be read here and Microsoft’s MSRC response can be found here.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
| Tag | CVE Count | CVEs |
| Azure Service Fabric Container | 1 | CVE-2022-30137 |
| Windows Container Isolation FS Filter Driver | 1 | CVE-2022-30131 |
| Windows Media | 1 | CVE-2022-30135 |
| Windows Installer | 1 | CVE-2022-30147 |
| Windows Network File System | 1 | CVE-2022-30136 |
| Windows PowerShell | 1 | CVE-2022-30148 |
| Microsoft Office SharePoint | 2 | CVE-2022-30157, CVE-2022-30158 |
| Windows iSCSI | 1 | CVE-2022-30140 |
| Microsoft Windows Codecs Library | 6 | CVE-2022-29111, CVE-2022-22018, CVE-2022-30167, CVE-2022-30188, CVE-2022-29119, CVE-2022-30193 |
| SQL Server | 1 | CVE-2022-29143 |
| Microsoft Office Excel | 1 | CVE-2022-30173 |
| Windows Ancillary Function Driver for WinSock | 1 | CVE-2022-30151 |
| Windows Kernel | 2 | CVE-2022-30155, CVE-2022-30162 |
| Windows Local Security Authority Subsystem Service | 1 | CVE-2022-30166 |
| Microsoft Office | 4 | CVE-2022-30159, CVE-2022-30171, CVE-2022-30172, CVE-2022-30174 |
| Windows Defender | 1 | CVE-2022-30150 |
| Intel | 4 | CVE-2022-21166, CVE-2022-21127, CVE-2022-21123, CVE-2022-21125 |
| Windows Network Address Translation (NAT) | 1 | CVE-2022-30152 |
| Remote Volume Shadow Copy Service (RVSS) | 1 | CVE-2022-30154 |
| Windows File History Service | 1 | CVE-2022-30142 |
| Windows Autopilot | 1 | CVE-2022-30189 |
| .NET and Visual Studio | 1 | CVE-2022-30184 |
| Azure OMI | 1 | CVE-2022-29149 |
| Windows Kerberos | 2 | CVE-2022-30164, CVE-2022-30165 |
| Windows Encrypting File System (EFS) | 1 | (Read more...) |
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-june-2022-patch-tuesday-analysis/
