Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0135 Microsoft Patch Tuesday update for Microsoft Windows for June 2022 15 June 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows 8.1, 10 and 11 Windows Server Video Extensions Operating System: Windows Resolution: Patch/Upgrade CVE Names: CVE-2022-32230 CVE-2022-30193 CVE-2022-30189 CVE-2022-30188 CVE-2022-30167 CVE-2022-30166 CVE-2022-30165 CVE-2022-30164 CVE-2022-30163 CVE-2022-30162 CVE-2022-30161 CVE-2022-30160 CVE-2022-30155 CVE-2022-30154 CVE-2022-30153 CVE-2022-30152 CVE-2022-30151 CVE-2022-30150 CVE-2022-30149 CVE-2022-30148 CVE-2022-30147 CVE-2022-30146 CVE-2022-30145 CVE-2022-30143 CVE-2022-30142 CVE-2022-30141 CVE-2022-30140 CVE-2022-30139 CVE-2022-30136 CVE-2022-30135 CVE-2022-30132 CVE-2022-30131 CVE-2022-29119 CVE-2022-29111 CVE-2022-22018 CVE-2022-21166 CVE-2022-21127 CVE-2022-21125 CVE-2022-21123 Comment: CVSS (Max): 9.8* CVE-2022-30136 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Microsoft Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OVERVIEW Microsoft has released its monthly security patch update for the month of June 2022. This update resolves 39 vulnerabilities across the following products: [1] AV1 Video Extension HEVC Video Extension HEVC Video Extensions Windows 10 Windows 11 Windows 8.1 Windows RT 8.1 Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2022 Azure Edition Core Hotpatch IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2022-21123 Information Disclosure Important CVE-2022-21125 Information Disclosure Important CVE-2022-21127 Information Disclosure Important CVE-2022-21166 Information Disclosure Important CVE-2022-22018 Remote Code Execution Important CVE-2022-29111 Remote Code Execution Important CVE-2022-29119 Remote Code Execution Important CVE-2022-30131 Elevation of Privilege Important CVE-2022-30132 Elevation of Privilege Important CVE-2022-30135 Elevation of Privilege Important CVE-2022-30136 Remote Code Execution Critical CVE-2022-30139 Remote Code Execution Critical CVE-2022-30140 Remote Code Execution Important CVE-2022-30141 Remote Code Execution Important CVE-2022-30142 Remote Code Execution Important CVE-2022-30143 Remote Code Execution Important CVE-2022-30145 Remote Code Execution Important CVE-2022-30146 Remote Code Execution Important CVE-2022-30147 Elevation of Privilege Important CVE-2022-30148 Information Disclosure Important CVE-2022-30149 Remote Code Execution Important CVE-2022-30150 Elevation of Privilege Important CVE-2022-30151 Elevation of Privilege Important CVE-2022-30152 Denial of Service Important CVE-2022-30153 Remote Code Execution Important CVE-2022-30154 Elevation of Privilege Important CVE-2022-30155 Denial of Service Important CVE-2022-30160 Elevation of Privilege Important CVE-2022-30161 Remote Code Execution Important CVE-2022-30162 Information Disclosure Important CVE-2022-30163 Remote Code Execution Critical CVE-2022-30164 Security Feature Bypass Important CVE-2022-30165 Elevation of Privilege Important CVE-2022-30166 Elevation of Privilege Important CVE-2022-30167 Remote Code Execution Important CVE-2022-30188 Remote Code Execution Important CVE-2022-30189 Spoofing Important CVE-2022-30193 Remote Code Execution Important CVE-2022-32230 Denial of Service Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5013941, KB5013942, KB5013943, KB5013945, KB5014677 KB5014678, KB5014692, KB5014697, KB5014699, KB5014702 KB5014710, KB5014738, KB5014741, KB5014746, KB5014747 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYqkSDckNZI30y1K9AQgyfQ/+KCUhT7T73xSqZdziaUTTjeoVazYC9fYg eDMGdq0thaMYo5tFscSpvB/y5q9uhRjr1j0pm+211OOQYNY92aW3Gapucy1bYumF vNGzRhgdg3h61mFPWjbCfKxsRhUJbmEUQrpNdA+EdRSnGr0STmgtlE9x46qaNwuy Mj7vEB6xiY+DIGQJ1LrYisZ+EajUzuYIdcfC0Y8KGSnui92vepfuet6t76KCZvsC RXpdQ/bC/DSK/hdNloXaSiNkvxQpIgggwK9oVWqDCEBirtHLdAF8loHDVVnNGAjy SBXVA+j8Lt3kzPOrChF7lJTUniFOkhe2UvqhiC8KgedPjpbfQ/ZcAxO70w5lA2Kp fVLTJAj9a72rZhrDSwqp13A8Evyg05PM2XBLDFT7RwqhrXlKmR2a0rUn5aVUeOdk G+blX7G1DKOkTF8LawtpYp+7VOBuRNGlhB0SvGRuJjYmGKSZJn54rMB3EvzGyvB9 K08xPe0Wp6x3tuoxvHD/JmzWh/mjWXJM/Tnn0QO7/1CJkbrmitk0exqn5owRyHls X7imMwRoxvTb19JdyiCwmo+9v9VrG5bFMfV0moBGbQ4SxjL52b9lc/cQLWVpmA3r HuGjnbQ2f1QNdt4k16rzVZDXhtNEvMeMo5c77Px4granJJROqPGB9KE5Ffi7Alne ahspBvMdUng= =lTHn -----END PGP SIGNATURE-----