Hash: SHA256

                         AUSCERT Security Bulletin

    Microsoft Patch Tuesday update for Microsoft Windows for June 2022
                               15 June 2022


        AusCERT Security Bulletin Summary

Product:          Windows 8.1, 10 and 11
                  Windows Server
                  Video Extensions
Operating System: Windows
Resolution:       Patch/Upgrade
CVE Names:        CVE-2022-32230 CVE-2022-30193 CVE-2022-30189
                  CVE-2022-30188 CVE-2022-30167 CVE-2022-30166
                  CVE-2022-30165 CVE-2022-30164 CVE-2022-30163
                  CVE-2022-30162 CVE-2022-30161 CVE-2022-30160
                  CVE-2022-30155 CVE-2022-30154 CVE-2022-30153
                  CVE-2022-30152 CVE-2022-30151 CVE-2022-30150
                  CVE-2022-30149 CVE-2022-30148 CVE-2022-30147
                  CVE-2022-30146 CVE-2022-30145 CVE-2022-30143
                  CVE-2022-30142 CVE-2022-30141 CVE-2022-30140
                  CVE-2022-30139 CVE-2022-30136 CVE-2022-30135
                  CVE-2022-30132 CVE-2022-30131 CVE-2022-29119
                  CVE-2022-29111 CVE-2022-22018 CVE-2022-21166
                  CVE-2022-21127 CVE-2022-21125 CVE-2022-21123

Comment: CVSS (Max):  9.8* CVE-2022-30136 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: Microsoft
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H


        Microsoft has released its monthly security patch update for the
        month of June 2022.
        This update resolves 39 vulnerabilities across the following
        products: [1]
         AV1 Video Extension
         HEVC Video Extension
         HEVC Video Extensions
         Windows 10
         Windows 11
         Windows 8.1
         Windows RT 8.1
         Windows Server
         Windows Server 2012
         Windows Server 2012 R2
         Windows Server 2016
         Windows Server 2019
         Windows Server 2022
         Windows Server 2022 Azure Edition Core Hotpatch


        Microsoft has given the following details regarding these vulnerabilities.
         Details         Impact                   Severity
         CVE-2022-21123  Information Disclosure   Important
         CVE-2022-21125  Information Disclosure   Important
         CVE-2022-21127  Information Disclosure   Important
         CVE-2022-21166  Information Disclosure   Important
         CVE-2022-22018  Remote Code Execution    Important
         CVE-2022-29111  Remote Code Execution    Important
         CVE-2022-29119  Remote Code Execution    Important
         CVE-2022-30131  Elevation of Privilege   Important
         CVE-2022-30132  Elevation of Privilege   Important
         CVE-2022-30135  Elevation of Privilege   Important
         CVE-2022-30136  Remote Code Execution    Critical
         CVE-2022-30139  Remote Code Execution    Critical
         CVE-2022-30140  Remote Code Execution    Important
         CVE-2022-30141  Remote Code Execution    Important
         CVE-2022-30142  Remote Code Execution    Important
         CVE-2022-30143  Remote Code Execution    Important
         CVE-2022-30145  Remote Code Execution    Important
         CVE-2022-30146  Remote Code Execution    Important
         CVE-2022-30147  Elevation of Privilege   Important
         CVE-2022-30148  Information Disclosure   Important
         CVE-2022-30149  Remote Code Execution    Important
         CVE-2022-30150  Elevation of Privilege   Important
         CVE-2022-30151  Elevation of Privilege   Important
         CVE-2022-30152  Denial of Service        Important
         CVE-2022-30153  Remote Code Execution    Important
         CVE-2022-30154  Elevation of Privilege   Important
         CVE-2022-30155  Denial of Service        Important
         CVE-2022-30160  Elevation of Privilege   Important
         CVE-2022-30161  Remote Code Execution    Important
         CVE-2022-30162  Information Disclosure   Important
         CVE-2022-30163  Remote Code Execution    Critical
         CVE-2022-30164  Security Feature Bypass  Important
         CVE-2022-30165  Elevation of Privilege   Important
         CVE-2022-30166  Elevation of Privilege   Important
         CVE-2022-30167  Remote Code Execution    Important
         CVE-2022-30188  Remote Code Execution    Important
         CVE-2022-30189  Spoofing                 Important
         CVE-2022-30193  Remote Code Execution    Important
         CVE-2022-32230  Denial of Service        Important


        Microsoft recommends updating the software with the version made
        available on the Microsoft Update Catalogue for the following
        Knowledge Base articles. [1].
         KB5013941, KB5013942, KB5013943, KB5013945, KB5014677
         KB5014678, KB5014692, KB5014697, KB5014699, KB5014702
         KB5014710, KB5014738, KB5014741, KB5014746, KB5014747


        [1] Microsoft Security Update Guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: https://auscert.org.au/gpg-key/