Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2022.0135
Microsoft Patch Tuesday update for Microsoft Windows for June 2022
15 June 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Windows 8.1, 10 and 11
Windows Server
Video Extensions
Operating System: Windows
Resolution: Patch/Upgrade
CVE Names: CVE-2022-32230 CVE-2022-30193 CVE-2022-30189
CVE-2022-30188 CVE-2022-30167 CVE-2022-30166
CVE-2022-30165 CVE-2022-30164 CVE-2022-30163
CVE-2022-30162 CVE-2022-30161 CVE-2022-30160
CVE-2022-30155 CVE-2022-30154 CVE-2022-30153
CVE-2022-30152 CVE-2022-30151 CVE-2022-30150
CVE-2022-30149 CVE-2022-30148 CVE-2022-30147
CVE-2022-30146 CVE-2022-30145 CVE-2022-30143
CVE-2022-30142 CVE-2022-30141 CVE-2022-30140
CVE-2022-30139 CVE-2022-30136 CVE-2022-30135
CVE-2022-30132 CVE-2022-30131 CVE-2022-29119
CVE-2022-29111 CVE-2022-22018 CVE-2022-21166
CVE-2022-21127 CVE-2022-21125 CVE-2022-21123
Comment: CVSS (Max): 9.8* CVE-2022-30136 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: Microsoft
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
OVERVIEW
Microsoft has released its monthly security patch update for the
month of June 2022.
This update resolves 39 vulnerabilities across the following
products: [1]
AV1 Video Extension
HEVC Video Extension
HEVC Video Extensions
Windows 10
Windows 11
Windows 8.1
Windows RT 8.1
Windows Server
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Server 2022
Windows Server 2022 Azure Edition Core Hotpatch
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2022-21123 Information Disclosure Important
CVE-2022-21125 Information Disclosure Important
CVE-2022-21127 Information Disclosure Important
CVE-2022-21166 Information Disclosure Important
CVE-2022-22018 Remote Code Execution Important
CVE-2022-29111 Remote Code Execution Important
CVE-2022-29119 Remote Code Execution Important
CVE-2022-30131 Elevation of Privilege Important
CVE-2022-30132 Elevation of Privilege Important
CVE-2022-30135 Elevation of Privilege Important
CVE-2022-30136 Remote Code Execution Critical
CVE-2022-30139 Remote Code Execution Critical
CVE-2022-30140 Remote Code Execution Important
CVE-2022-30141 Remote Code Execution Important
CVE-2022-30142 Remote Code Execution Important
CVE-2022-30143 Remote Code Execution Important
CVE-2022-30145 Remote Code Execution Important
CVE-2022-30146 Remote Code Execution Important
CVE-2022-30147 Elevation of Privilege Important
CVE-2022-30148 Information Disclosure Important
CVE-2022-30149 Remote Code Execution Important
CVE-2022-30150 Elevation of Privilege Important
CVE-2022-30151 Elevation of Privilege Important
CVE-2022-30152 Denial of Service Important
CVE-2022-30153 Remote Code Execution Important
CVE-2022-30154 Elevation of Privilege Important
CVE-2022-30155 Denial of Service Important
CVE-2022-30160 Elevation of Privilege Important
CVE-2022-30161 Remote Code Execution Important
CVE-2022-30162 Information Disclosure Important
CVE-2022-30163 Remote Code Execution Critical
CVE-2022-30164 Security Feature Bypass Important
CVE-2022-30165 Elevation of Privilege Important
CVE-2022-30166 Elevation of Privilege Important
CVE-2022-30167 Remote Code Execution Important
CVE-2022-30188 Remote Code Execution Important
CVE-2022-30189 Spoofing Important
CVE-2022-30193 Remote Code Execution Important
CVE-2022-32230 Denial of Service Important
MITIGATION
Microsoft recommends updating the software with the version made
available on the Microsoft Update Catalogue for the following
Knowledge Base articles. [1].
KB5013941, KB5013942, KB5013943, KB5013945, KB5014677
KB5014678, KB5014692, KB5014697, KB5014699, KB5014702
KB5014710, KB5014738, KB5014741, KB5014746, KB5014747
REFERENCES
[1] Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYqkSDckNZI30y1K9AQgyfQ/+KCUhT7T73xSqZdziaUTTjeoVazYC9fYg
eDMGdq0thaMYo5tFscSpvB/y5q9uhRjr1j0pm+211OOQYNY92aW3Gapucy1bYumF
vNGzRhgdg3h61mFPWjbCfKxsRhUJbmEUQrpNdA+EdRSnGr0STmgtlE9x46qaNwuy
Mj7vEB6xiY+DIGQJ1LrYisZ+EajUzuYIdcfC0Y8KGSnui92vepfuet6t76KCZvsC
RXpdQ/bC/DSK/hdNloXaSiNkvxQpIgggwK9oVWqDCEBirtHLdAF8loHDVVnNGAjy
SBXVA+j8Lt3kzPOrChF7lJTUniFOkhe2UvqhiC8KgedPjpbfQ/ZcAxO70w5lA2Kp
fVLTJAj9a72rZhrDSwqp13A8Evyg05PM2XBLDFT7RwqhrXlKmR2a0rUn5aVUeOdk
G+blX7G1DKOkTF8LawtpYp+7VOBuRNGlhB0SvGRuJjYmGKSZJn54rMB3EvzGyvB9
K08xPe0Wp6x3tuoxvHD/JmzWh/mjWXJM/Tnn0QO7/1CJkbrmitk0exqn5owRyHls
X7imMwRoxvTb19JdyiCwmo+9v9VrG5bFMfV0moBGbQ4SxjL52b9lc/cQLWVpmA3r
HuGjnbQ2f1QNdt4k16rzVZDXhtNEvMeMo5c77Px4granJJROqPGB9KE5Ffi7Alne
ahspBvMdUng=
=lTHn
-----END PGP SIGNATURE-----