2022 June FR Patch Tuesday

Patch Tuesday Webinar
Wednesday, June 15, 2022
Hosted by Elise Dupont and Karl Chawalla

Agenda
June 2022 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A

Copyright © 2022 Ivanti. All rights reserved.
June Patch Tuesday 2022
June Patch Tuesday is here, and we’ve now reached the midway point of 2022. This month we saw 16 updates from
Microsoft including a rare SQL Server security update. The operating system updates addressed three vulnerabilities rated
Critical, one of which - CVE-2022-30136, has a CVSS score of 9.8 because it is network facing and has a low complexity to
exploit. In addition, these OS updates address CVE-2022-30190, also known as the Follina vulnerability which is actively
being exploited. The second phase of the DCOM server security update was also implemented this month. And finally,
don’t forget to upgrade Windows 10 1909 and others that reached end-of-life last month and put a plan in place if you
still need Internet Explorer 11 for any of your applications.

In the News
 Pacman Attack
 https://techcrunch.com/2022/06/10/apple-m1-unpatchable-flaw/
 Demonstrated successful in proof-of-concept
 Exploits hardware Pointer Authentication Code (PAC)
 PAC is used to confirm cryptographic signature of executable
 Attack combines memory corruption and speculative execution to ID PAC
 No traces left and no software to fix the issue
 PAC is used as one line of defense by the operating system
 Some debate as to impact and outcome of the exploit

In the News
 The Follina Vulnerability – CVE-2022-30190
 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code
Execution Vulnerability
 Launched via a specially crafted Word document
 Requires only Preview, no click required!
 Fixed in yesterday’s June Patch Tuesday releases
 Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool
Vulnerability
 https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-
30190-microsoft-support-diagnostic-tool-vulnerability
 Delete registry key HKEY_CLASSES_ROOTms-msdt
 Prevents URL launch of the diagnostic tool
 Could be manually intensive

In the News
 Internet 11 EOL
 https://techcommunity.microsoft.com/t5/windows-it-pro-blog/internet-
explorer-11-desktop-app-retirement-faq/ba-p/2366549
 The following will continue to get security updates until their OS EOL:
 Windows 8.1
 Windows 7 Extended Security Updates (ESU)
 Windows Server SAC (all versions)
 Windows 10 IoT Long-Term Servicing Channel (LTSC) (all versions)
 Windows Server LTSC (all versions)
 Windows 10 client LTSC (all versions)
 When in doubt:
 IE Mode in Microsoft Edge
 Supported until 2029

DCOM Server Phase 2 Security Update
 Security hardening required for DCOM CVE-2021-26414
 Phase1 completed in June 2021
 Ability added to enable hardening changes
 Disabled by default
 Phase 2 in June 2022
 Hardening changes enabled by default (RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
 Ability to disable (RequireIntegrityActivationAuthenticationLevel)
 Phase 3 in March 2023
 Hardening changes integral to operating system
 Admins must solve compatibility issues
 KB 5004442—Manage changes for Windows DCOM Server Security
Feature Bypass (CVE-2021-26414)

Known Exploited and Publicly Disclosed Vulnerability
 CVE-2022-30190 Microsoft Windows Support Diagnostic Tool (MSDT)
Remote Code Execution Vulnerability
 VSS 3.1 Scores: 7.8 / 7.0
 Severity: Important
 Impacts all Windows workstation and server operating systems, except Server 2008.

Microsoft Patch Tuesday Updates of Interest
 Advisory 220003 Microsoft Guidance on Intel Processor MMIO Stale Data
Vulnerabilities
 https://msrc.microsoft.com/update-guide/vulnerability/ADV220002
 Addresses four Intel CVEs which could lead to accessing info in memory
 Advisory 990001 Latest Servicing Stack Updates (SSU)
 https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
 No stand-alone SSUs this month
 Development Tool and Azure Updates
 .NET Core 3.1
 .NET 6.0
 Visual Studio 2019 (multiple)
 Visual Studio 2022 17.0 and 2022 17.2
 Azure (multiple components)

Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
21H2 11/16/2021 6/11/2024
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/9/2023
Windows 10 Home and Pro
21H2 11/16/2021 6/13/2023
21H1 5/18/2021 12/13/2022
Windows Datacenter and Standard Server
2022 8/18/2021 10/13/2026
Windows 11 Home and Pro
21H2 10/4/2021 10/10/2023
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/faq/windows

Server 2012/2012 R2 EOL is Coming
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Source: Microsoft

Patch Content Announcements
 Announcements Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

MS22-06-W11: Windows 11 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium
 Description: This bulletin references KB 5014697.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, Elevation of Privilege and Information Disclosure
 Fixes 29 Vulnerabilities: CVE-2022-30190 is known exploited and publicly
disclosed. See the Security Update Guide for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slide

June Known Issues for Windows 11
 KB 5014697 – Windows 11
 [.NET Apps] After installing this update, some .NET Framework 3.5 apps might
have issues or might fail to open. Affected apps are using certain optional
components in .NET Framework 3.5, such as Windows Communication
Foundation (WCF) and Windows Workflow (WWF) components. Workaround:
You can mitigate this issue by re-enabling .NET Framework 3.5 and the Windows
Communication Foundation in Windows Features. See KB for more details and
options.

MS22-06-W10: Windows 10 Update
 Affected Products: Microsoft Windows 10 Versions 1607, 1809, 2004, 20H2, 21H1,
21H2, Server 2016, Server 2019, Server 2022, Server version 2004, Server version
20H2, Server 21H1, IE 11, and Edge Chromium
 Description: This bulletin references 9 KB articles. See KBs for the list of changes.
Spoofing, Elevation of Privilege and Information Disclosure
 Known Issues: See next slides

June Known Issues for Windows 10
 KB 5014692 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019
 [Asian Packs] After installing KB 4493509, devices with some Asian language
packs installed may receive the error, "0x800f0982 -
PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall
and reinstall any recently added language packs or select Check for Updates and
install the April 2019 Cumulative Update. See KB for more recovery details.
Microsoft is working on a resolution.
 [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.

June Known Issues for Windows 10 (cont)
 KB 5014699 –Windows 10 version 20H2, Windows Server version
20H2, Windows 10 version 21H1
 [Scavaged] After installing the June 21, 2021 (KB5003690) update, some devices
cannot install new updates, such as the July 6, 2021 (KB5004945) or later
updates. You will receive the error message,
"PSFX_E_MATCHING_BINARY_MISSING". Workaround: In place upgrade. For
more information and a workaround, see KB5005322.
 [Edge Removed] Devices with Windows installations created from custom offline
media or custom ISO image might have Microsoft Edge Legacy removed by this
update, but not automatically replaced by the new Microsoft Edge. Devices that
connect directly to Windows Update to receive updates are not affected.
Workaround: Slipstream the SSU released March 29, 2021 or later into the
custom offline media or ISO image before slipstreaming the LCU. See KB for
details.
 [Snip] Snip & Sketch app might fail to capture a screenshot and might fail to open
using the keyboard shortcut. Workaround: None

MS22-06-MR2K8-ESU: Monthly Rollup for Windows Server 2008
 Maximum Severity: Important
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: This cumulative security update contains improvements that are part of
update KB 5014010 (released May 10, 2022). Bulletin is based on KB 5014752.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and
Information Disclosure
 Fixes 17 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. See the Security Update Guide for the complete list of CVEs.
 Known Issues: See next slide.

June Known Issues for Server 2008
 KB 5014752 – Windows Server 2008 (Monthly Rollup)
 [File Rename] Certain operations, such as rename, that you perform on files or
folders that are on a Cluster Shared Volume (CSV) may fail with the error,
“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you
perform the operation on a CSV owner node from a process that doesn’t have
administrator privilege. Workaround: Perform the operation from a process that
has administrator privilege or perform the operation from a node that doesn’t have
CSV ownership. Microsoft is working on a resolution.
 KB 5014743 – Windows Server 2008 (Security-only Update)
 [File Rename]

MS22-06-SO2K8-ESU: Security-only Update for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Bulletin is based on KB 5014743.
exploited. See the Security Update Guide for the complete list of CVEs.
 Known Issues: See previous slide.

MS22-06-MR7-ESU: Monthly Rollup for Win 7
MS22-06-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11
 Description: This cumulative security update contains improvements that are part of update
KB 5014012 (released May 10, 2022). Bulletin is based on KB 5014748.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and Information
Disclosure
 Fixes 21 Vulnerabilities: CVE-2022-30190 is known exploited and publicly disclosed. See
the Security Update Guide for the complete list of CVEs.
 Known Issues: [File Rename]

MS22-06-SO7-ESU: Security-only Update for Win 7
MS22-06-SO2K8R2-ESU: Security-only Update for Server 2008 R2
 Affected Products: Microsoft Windows 7 and Server 2008 R2
 Description: Bulletin is based on KB 5014742.
 Fixes 21 Vulnerabilities: CVE-2022-30190 is known exploited and publicly disclosed.
See the Security Update Guide for the complete list of CVEs.

MS22-06-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Windows Server 2012 and IE
 Description: This cumulative security update contains improvements that are part of update
KB 5014017 (released May 10, 2022) Addresses an elevation of privilege (EOP) vulnerability
under CVE-2022-30154 for the Microsoft File Server Shadow Copy Agent Service. To become
protected and functional, you must install the June 14, 2022 or later Windows update on both
the application server and the file server. Bulletin is based on KB 5014747.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege and Information Disclosure

MS22-06-SO8: Security-only Update for Windows Server 2012
 Affected Products: Microsoft Windows Server 2012
 Description: Addresses an elevation of privilege (EOP) vulnerability under CVE-
2022-30154 for the Microsoft File Server Shadow Copy Agent Service. To become
protected and functional, you must install the June 14, 2022 or later Windows update
on both the application server and the file server. Bulletin is based on KB 5014741.
Elevation of Privilege and Information Disclosure

MS22-06-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: This cumulative security update includes improvements that are part of update
KB 5014011 (released May 10, 2022). Addresses an elevation of privilege (EOP) vulnerability
under CVE-2022-30154 for the Microsoft File Server Shadow Copy Agent Service. To become
protected and functional, you must install the June 14, 2022 or later Windows update on both the
application server and the file server. Bulletin is based on KB 5014738.
 Known Issues: [File Rename] and [AD Forest Trust]

MS22-06-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Description: Addresses an elevation of privilege (EOP) vulnerability under CVE-2022-
30154 for the Microsoft File Server Shadow Copy Agent Service. To become protected and
functional, you must install the June 14, 2022 or later Windows update on both the
application server and the file server. Bulletin is based on KB 5014746.
 Fixes 25 Vulnerabilities: CVE-2022-30190 is known exploited and publicly disclosed.
See the Security Update Guide for the complete list of CVEs.

MS22-06-OFF: Security Updates for Microsoft Office
 Affected Products: Excel 2013 and 2016, Office Online Server, and Web Access
Server
 Description: This security update resolves multiple vulnerabilities in Microsoft Office
applications. Consult the Security Update Guide for specific details on each. This
bulletin references 4 KB articles.
 Impact: Remote Code Execution and Information Disclosure
exploited. CVE-2022-30159, CVE-2022-30171, CVE-2022-30172, and CVE-2022-
30173 are fixed in this release.
 Restart Required: Requires application restart
 Known Issues: None reported

MS22-06-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
 Affected Products: Microsoft 365 Apps and Office LTSC 2021
 Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
 Impact: Remote Code Execution
 Fixes 1 Vulnerability: No vulnerabilities are publicly disclosed or known exploited.
CVE-2022-30174 is fixed in this release.
 Restart Required: Requires application restart

MS22-06-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft
SharePoint Foundation Server 2013, SharePoint Enterprise Server 2013, SharePoint
Enterprise Server 2016, and SharePoint Server 2019
 Description: This update fixes a remote code execution vulnerability. Review the KB
articles for details. This bulletin is based on 6 KB articles.
exploited. CVE-2022-30157, CVE-2022-30158, CVE-2022-30159, CVE-2022-30171,
and CVE-2022-30172 are fixed in this release.
 Known Issues: You may receive error messages when you use a sandbox solution
in SharePoint Foundation 2013. See KB 5015556 for more details.

MS22-06-SQL: Security Updates for SQL Server
 Affected Products: Microsoft SQL Server 2014-2017
 Description: This security update fixes a remote code execution vulnerability in
Microsoft SQL Server an authenticated attacker could affect SQL Server memory
when executing a specially crafted query using $partition against a table with a
Column Store index. This bulletin is based on 10 KB articles.
 Fixes 1 Vulnerability: CVE-2022-29143

Release Summary
 Security Updates (with CVEs): Google Chrome (2), Firefox (2), Firefox ESR (2), Thunderbird (2),
VMware Tools (1), Zoom Client (1)
 Security (w/o CVEs): CCleaner (1), Google Chrome (1), ClickShare App Machine-Wide Installer (1),
Falcon Sensor for Windows (1), Citrix Workspace App (1), Docker for Windows Stable (2), Dropbox (2),
Evernote (2), Firefox (2), FileZilla Client (2), GoodSync (2), Apple iTunes (1), Jabra Direct (2), LibreOffice (2),
Malwarebytes (1), Node.JS (Current) (2), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1), Notepad++ (1),
Opera (4), Paint.net (1), Pidgin (1), Plex Media Server (2), PuTTY (1), Skype (1), Slack Machine-Wide
Installer (2), Sourcetree for Windows Enterprise (1), Tableau Desktop (5), Tableau Prep Builder (1), Tableau
Reader (1), Apache Tomcat (4), TeamViewer (3), Zoom Client (1), Zoom VDI (1)
 Non-Security Updates: Boxcryptor (1), Camtasia (2), Google Drive File Stream (1), GeoGebra Classic
(1), Inkscape (1), NextCloud Desktop Client (1), Python (2), RingCentral App (Machine-Wide Installer) (2),
Rocket.Chat Desktop Client (1), ScreenPresso (2), TortoiseHG (1), Cisco WebEx Teams (1), XnView (1)

Third Party CVE Information (cont)
 Google Chrome 102.0.5005.63
 CHROME-220524, QGC1020500563
 Fixes 24 Vulnerabilities: CVE-2022-1853, CVE-2022-1854, CVE-2022-1855, CVE-
2022-1856, CVE-2022-1857, CVE-2022-1858, CVE-2022-1859, CVE-2022-1860,
CVE-2022-1861, CVE-2022-1862, CVE-2022-1863, CVE-2022-1864, CVE-2022-
1865, CVE-2022-1866, CVE-2022-1867, CVE-2022-1868, CVE-2022-1869, CVE-
2022-1870, CVE-2022-1871, CVE-2022-1872, CVE-2022-1873, CVE-2022-1874,
CVE-2022-1875, CVE-2022-1876
 Google Chrome 101.0.4951.4
 CHROME-220609, QGC10205005115
 Fixes 4 Vulnerabilities: CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-
2022-2011
 VMware Tools 12.0.5
 VMWT12-220525, QVMWT1205
 Fixes 1 Vulnerability: CVE-2022-22977

 Firefox 100.0.2
 FF-220520, QFF10002
 Fixes 2 Vulnerabilities: CVE-2022-1529, CVE-2022-1802
 Firefox Firefox 101.0
 FF-220531, QFF1010
 Fixes 13 Vulnerabilities: CVE-2022-1919, CVE-2022-31736, CVE-2022-31737, CVE-2022-
2022-31743, CVE-2022-31744, CVE-2022-31745, CVE-2022-31747, CVE-2022-31748
 Firefox ESR 91.9.1
 FFE-220520, QFFE91100
 Firefox ESR 91.10.0
 FFE-220531, QFFE91100
31739, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742, CVE-2022-31747

 Thunderbird 91.9.1
 TB-220520, QTB9191
 Thunderbird 91.10.0
 TB-220531, QTB91100
2022-31747
 Zoom Client 5.10.6.5889
 ZOOM-220523, QZOOM5105889
22787

Thank You!

2022 June FR Patch Tuesday

More Related Content

Similar to 2022 June FR Patch Tuesday

More from Ivanti

Recently uploaded

2022 June FR Patch Tuesday