Patch Tuesday
Apologies for the delay in publishing this month’s bulletin for Patch Tuesday, it’s Summer Holiday time 🌞 but hey, better late than never!
Microsoft has released 60 patches for multiple products this month – including three Critical severity vulnerabilities.
The most important patches are:
CVE-2022-30163 is Remote Code Execution vulnerability in Windows Hyper-V which could allow attackers to run code in a Hyper-V guest which escapes the guest. CVSS 3.1: 8.5 (High)
CVE-2022-30139 is a Remote Code Execution vulnerability in the Windows Lightweight Directory Access Protocol (LDAP) CVSS 3.1: 7.5 (High)
CVE-2022-30136 is a Remote Code Execution vulnerability in the Windows Network File System which could allow network attackers to run arbitrary code. Not exploitable in NTFSV2.0 or NTFSV3.0. CVSS 3.1: 9.8 (Critical)
Affected Products
.NET and Visual Studio
Azure OMI
Azure Real Time Operating System
Azure Service Fabric Container
Intel
Microsoft Edge (Chromium-based)
Microsoft Office
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Windows ALPC
Microsoft Windows Codecs Library
Remote Volume Shadow Copy Service (RVSS)
Role: Windows Hyper-V
SQL Server
Windows Ancillary Function Driver for WinSock
Windows App Store
Windows Autopilot
Windows Container Isolation FS Filter Driver
Windows Container Manager Service
Windows Defender
Windows Encrypting File System (EFS)
Windows File History Service
Windows Installer
Windows iSCSI
Windows Kerberos
Windows Kernel
Windows LDAP – Lightweight Directory Access Protocol
Windows Local Security Authority Subsystem Service
Windows Media
Windows Network Address Translation (NAT)
Windows Network File System
Windows PowerShell
Windows SMB
Windows Autopatch
The Windows Autopatch Public Preview has been launched. The new service that automates the process of managing and rolling out updates for Windows and Microsoft 365 apps is now available for preview and is scheduled for full release in July.