{"cve": [{"lastseen": "2023-12-06T15:44:24", "description": "Windows Network File System Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-15T22:15:00", "type": "cve", "title": "CVE-2022-30136", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30136"], "modified": "2022-06-24T18:53:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2022-30136", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30136", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"]}], "prion": [{"lastseen": "2023-11-20T23:36:18", "description": "Windows Network File System Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-15T22:15:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30136"], "modified": "2022-06-24T18:53:00", "id": "PRION:CVE-2022-30136", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-30136", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "githubexploit": [{"lastseen": "2022-06-30T10:59:33", "description": "# Cve-2022-30136-RCE\nCVE-2022-30136 Unauthenticated RCE in Micro...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-25T07:28:34", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30136"], "modified": "2022-06-26T06:42:27", "id": "0BCFFC1F-A546-5E9E-91AB-7B975740524D", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-06-25T07:58:18", "description": "# Cve-2022-30136-RCE\nCVE-2022-30136 Unauthenticated RCE in Micro...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-16T21:16:53", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30136"], "modified": "2022-06-25T07:26:32", "id": "A3CECC1E-4F66-59B2-8EB1-0071E790E640", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-06-27T10:57:46", "description": "# Cve-2022-30136-RCE\nCVE-2022-30136 Unauthenticated RCE in Micro...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-26T20:54:02", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30136"], "modified": "2022-06-27T10:23:00", "id": "9D782BF3-104F-5613-8414-64751732B707", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}], "mscve": [{"lastseen": "2023-12-06T17:01:23", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T07:00:00", "type": "mscve", "title": "Windows Network File System Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26937", "CVE-2022-30136"], "modified": "2022-06-14T07:00:00", "id": "MS:CVE-2022-30136", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30136", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "krebs": [{"lastseen": "2022-06-24T22:07:49", "description": "**Microsoft** on Tuesday released software updates to fix 60 security vulnerabilities in its **Windows** operating systems and other software, including a zero-day flaw in all supported **Microsoft Office** versions on all flavors of Windows that's seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its **Internet Explorer** (IE) web browser, which turns 27 years old this year.\n\n\n\nThree of the bugs tackled this month earned Microsoft's most dire "critical" label, meaning they can be exploited remotely by malware or miscreants to seize complete control over a vulnerable system. On top of the critical heap this month is [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>), a vulnerability in the **Microsoft Support Diagnostics Tool** (MSDT), a service built into Windows.\n\nDubbed "**Follina**," the flaw became public knowledge on May 27, when a security researcher [tweeted](<https://twitter.com/nao_sec/status/1530196847679401984>) about a malicious **Word** document that had surprisingly low detection rates by antivirus products. Researchers soon learned that the malicious document was using a feature in Word to retrieve a HTML file from a remote server, and that HTML file in turn used MSDT to load code and execute PowerShell commands.\n\n"What makes this new MS Word vulnerability unique is the fact that there are no macros exploited in this attack," writes **Mayuresh Dani**, manager of threat research at **Qualys**. "Most malicious Word documents leverage the macro feature of the software to deliver their malicious payload. As a result, normal macro-based scanning methods will not work to detect Follina. All an attacker needs to do is lure a targeted user to download a Microsoft document or view an HTML file embedded with the malicious code."\n\n**Kevin Beaumont**, the researcher who gave Follina its name, penned [a fairly damning account and timeline](<https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e?gi=544f02649952>) of Microsoft's response to being alerted about the weakness. Beaumont says researchers in March 2021 told Microsoft they were able achieve the same exploit using Microsoft Teams as an example, and that Microsoft silently fixed the issue in Teams but did not patch MSDT in Windows or the attack vector in Microsoft Office.\n\nBeaumont said other researchers on April 12, 2022 told Microsoft about active exploitation of the MSDT flaw, but Microsoft closed the ticket saying it wasn't a security issue. Microsoft finally issued a CVE for the problem on May 30, the same day it [released recommendations](<https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/>) on how to mitigate the threat from the vulnerability.\n\nMicrosoft also is taking flak from security experts regarding a different set of flaws in its Azure cloud hosting platform. **Orca Security** said that [back on January 4](<https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/>) it told Microsoft about a critical bug in Azure's **Synapse** service that allowed attackers to obtain credentials to other workspaces, execute code, or leak customer credentials to data sources outside of Azure.\n\nIn [an update](<https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/>) to their research published Tuesday, Orca researchers said they were able to bypass Microsoft's fix for the issue twice before the company put a working fix in place.\n\n"In previous cases, vulnerabilities were fixed by the cloud providers within a few days of our disclosure to the affected vendor," wrote Orca's **Avi Shua**. "Based on our understanding of the architecture of the service, and our repeated bypasses of fixes, we think that the architecture contains underlying weaknesses that should be addressed with a more robust tenant separation mechanism. Until a better solution is implemented, we advise that all customers assess their usage of the service and refrain from storing sensitive data or keys in it."\n\n**Amit Yoran**, CEO of **Tenable** and a former U.S. cybersecurity czar, took Microsoft to task for silently patching an issue Tenable reported in the same Azure Synapse service.\n\n"It was only after being told that we were going to go public, that their story changed\u202689 days after the initial vulnerability notification\u2026when they privately acknowledged the severity of the security issue," Yoran wrote in [a post on LinkedIn](<https://www.linkedin.com/pulse/microsofts-vulnerability-practices-put-customers-risk-amit-yoran/?trackingId=PLcDXIRdRxuq%2FQ4RDpyEHA%3D%3D>). "To date, Microsoft customers have not been notified. Without timely and detailed disclosures, customers have no idea if they were, or are, vulnerable to attack\u2026or if they fell victim to attack prior to a vulnerability being patched. And not notifying customers denies them the opportunity to look for evidence that they were or were not compromised, a grossly irresponsible policy."\n\nAlso in the critical and notable stack this month is [CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>), which is a remote code execution flaw in the **Windows Network File System** (NFS version 4.1) that earned a CVSS score of 9.8 (10 being the worst). Microsoft issued a very similar patch last month for vulnerabilities in NFS versions 2 and 3.\n\n"This vulnerability could allow a remote attacker to execute privileged code on affected systems running NFS. On the surface, the only difference between the patches is that this month\u2019s update fixes a bug in NFSV4.1, whereas last month\u2019s bug only affected versions NSFV2.0 and NSFV3.0," wrote **Trend Micro's Zero Day Initiative**. "It\u2019s not clear if this is a variant or a failed patch or a completely new issue. Regardless, enterprises running NFS should prioritize testing and deploying this fix."\n\nBeginning today, Microsoft will officially stop supporting most versions of its Internet Explorer Web browser, which was launched in August 1995. The IE desktop application will be disabled, and Windows users who wish to stick with a Microsoft browser are encouraged to move to Microsoft Edge with IE mode, which will be supported through at least 2029.\n\nFor a closer look at the patches released by Microsoft today and indexed by severity and other metrics, check out the [always-useful Patch Tuesday roundup](<https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/>) from the **SANS Internet Storm Center**. And it\u2019s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: [AskWoody.com](<https://www.askwoody.com/>) usually has the dirt on any patches that may be causing problems for Windows users.\n\nAs always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-15T04:52:30", "type": "krebs", "title": "Microsoft Patch Tuesday, June 2022 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30136", "CVE-2022-30190"], "modified": "2022-06-15T04:52:30", "id": "KREBS:2752861A306F74170D69FBD9E0DC3AAB", "href": "https://krebsonsecurity.com/2022/06/microsoft-patch-tuesday-june-2022-edition/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-06-16T03:57:00", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiyxVEc_Mvo8igz5TouzFDQRJwfgGzJwxrqvv0ZABRdr2mIJrsGnRQPRSQRt6jUw9qm4bSTS7L6l-P2aKdJ7iX_oPNsk1hr2g1qcp2UPJujSRzuyjcVh1sB9rWs8Sc7LAqOzYalmR897GG8SOKJ_PKFZr2juLG7sXa8ji8u0oUUwkiAIyLrod-A420Z/s728-e100/windows-update.jpg>)\n\nMicrosoft finally released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates.\n\nAlso addressed by the tech giant are [55 other flaws](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun>), three of which are rated Critical, 51 are rated Important, and one is rated Moderate in severity. Separately, [five more shortcomings](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) were resolved in the Microsoft Edge browser.\n\nTracked as [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>) (CVSS score: 7.8), the [zero-day bug](<https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html>) relates to a remote code execution vulnerability affecting the Windows Support Diagnostic Tool (MSDT) when it's invoked using the \"ms-msdt:\" URI protocol scheme from an application such as Word.\n\nThe vulnerability can be trivially exploited by means of a specially crafted Word document that downloads and loads a malicious HTML file through Word's remote template feature. The HTML file ultimately permits the attacker to load and execute PowerShell code within Windows.\n\n\"An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application,\" Microsoft said in an advisory. \"The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user's rights.\"\n\nA crucial aspect of Follina is that exploiting the flaw does not require the use of macros, thereby obviating the need for an adversary to trick victims into enabling macros to trigger the attack.\n\nSince details of the issue surfaced late last month, it has been [subjected](<https://thehackernews.com/2022/06/state-backed-hackers-exploit-microsoft.html>) to [widespread](<https://thehackernews.com/2022/06/researchers-warn-of-unpatched-dogwalk.html>) [exploitation](<https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/follina-msdt-exploit-malware>) by different threat actors to drop a variety of payloads such as AsyncRAT, QBot, and other information stealers. Evidence indicates that Follina has been abused in the wild since at least April 12, 2022.\n\nBesides CVE-2022-30190, the cumulative security update also resolves several remote code execution flaws in Windows Network File System ([CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>)), Windows Hyper-V ([CVE-2022-30163](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30163>)), Windows Lightweight Directory Access Protocol, Microsoft Office, HEVC Video Extensions, and Azure RTOS GUIX Studio.\n\nAnother security shortcoming of note is [CVE-2022-30147](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30147>) (CVSS score: 7.8), an elevation of privilege vulnerability affecting Windows Installer and which has been marked with an \"Exploitation More Likely\" assessment by Microsoft.\n\n\"Once an attacker has gained initial access, they can elevate that initial level of access up to that of an administrator, where they can disable security tools,\" Kev Breen, director of cyber threat research at Immersive Labs, said in a statement. \"In the case of ransomware attack, this leverages access to more sensitive data before encrypting the files.\"\n\nThe latest round of patches is also notable for not featuring any updates to the Print Spooler component for the first time since January 2022. They also arrive as Microsoft said it's officially [retiring support](<https://docs.microsoft.com/en-us/lifecycle/products/internet-explorer-11>) for [Internet Explorer 11](<https://docs.microsoft.com/en-us/lifecycle/announcements/internet-explorer-11-end-of-support-windows-10>) starting June 15, 2022, on Windows 10 Semi-Annual Channels and Windows 10 IoT Semi-Annual Channels.\n\n### Software Patches from Other Vendors\n\nIn addition to Microsoft, security updates have also been released by other vendors since the start of the month to rectify several vulnerabilities, including \u2014\n\n * [Adobe](<https://helpx.adobe.com/security/security-bulletin.html>)\n * [AMD](<https://www.amd.com/en/corporate/product-security>)\n * [Android](<https://source.android.com/security/bulletin/2022-06-01>)\n * [Apache Projects](<https://blogs.apache.org/foundation/entry/the-apache-news-round-up260>)\n * [Atlassian Confluence Server and Data Center](<https://thehackernews.com/2022/06/atlassian-releases-patch-for-confluence.html>)\n * [Cisco](<https://tools.cisco.com/security/center/publicationListing.x>)\n * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>)\n * [Dell](<https://www.dell.com/support/security/>)\n * [GitLab](<https://thehackernews.com/2022/06/gitlab-issues-security-patch-for.html>)\n * [Google Chrome](<https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html>)\n * [HP](<https://support.hp.com/us-en/security-bulletins>)\n * [Intel](<https://www.intel.com/content/www/us/en/security-center/default.html>)\n * [Lenovo](<https://support.lenovo.com/us/en/product_security/ps500001-lenovo-product-security-advisories>)\n * Linux distributions [Debian](<https://www.debian.org/security/2022/>), [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21::::RP::>), [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=PortalProduct>), [SUSE](<https://www.suse.com/support/update/>), and [Ubuntu](<https://ubuntu.com/security/notices>)\n * [MediaTek](<https://corp.mediatek.com/product-security-bulletin/June-2022>)\n * [Mozilla Firefox, Firefox ESR, and Thunderbird](<https://www.mozilla.org/en-US/security/advisories/>)\n * [Qualcomm](<https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2022-bulletin.html>)\n * [Samba](<https://www.samba.org/samba/history/>)\n * [SAP](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp>)\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>), and\n * [VMware](<https://www.vmware.com/security/advisories.html>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-15T03:42:00", "type": "thn", "title": "Patch Tuesday: Microsoft Issues Fix for Actively Exploited 'Follina' Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30136", "CVE-2022-30147", "CVE-2022-30163", "CVE-2022-30190"], "modified": "2022-06-16T03:10:20", "id": "THN:CD69EF060C75E2FF4DB33C7C492E75B1", "href": "https://thehackernews.com/2022/06/patch-tuesday-microsoft-issues-fix-for.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "malwarebytes": [{"lastseen": "2022-06-15T14:57:21", "description": "The June 2022 Patch Tuesday may go down in history as the day that [Follina](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/microsoft-office-zero-day-follina-its-not-a-bug-its-a-feature-its-a-bug/>) got patched, but there was a host of other important updates. And not just from Microsoft. Many other software vendors follow the pattern of monthly updates set by the people in Redmond.\n\n## Microsoft\n\nMicrosoft released updates to deal with 60 security vulnerabilities. Undoubtedly the most prominent one is the one that goes by the name of [Follina](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/microsoft-office-zero-day-follina-its-not-a-bug-its-a-feature-its-a-bug/>). The Edge browser received five of the patched vulnerabilities .\n\n### Follina, or CVE-2022-30190\n\nA quick recap about Follina. On Monday May 30, 2022, Microsoft issued [CVE-2022-30190](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30190>) regarding a vulnerability in the Microsoft Support Diagnostic Tool (MSDT) in Windows. An in the wild exploit was using a feature in Word to retrieve a HTML file from a remote server, and that HTML file in turn was using MSDT to load code and execute PowerShell commands.\n\n### CVE-2022-30136\n\nAnother critical vulnerability is [CVE-2022-30136](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30136>), a bug in NFS 4.1 which could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). This vulnerability concerns a number of Windows Server products and received a [CVSS](<https://blog.malwarebytes.com/malwarebytes-news/2020/05/how-cvss-works-characterizing-and-scoring-vulnerabilities/>) score of 9.8 out of 10. Last month, Microsoft fixed a similar vulnerability ([CVE-2022-26937](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26937>)) affecting NFS v2.0 and v3.0.\n\n### CVE-2022-30139\n\nSimilar is [CVE-2022-30139](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30139>), a Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution (RCE) vulnerability. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. LDAP is a software protocol for enabling anyone to locate data about organizations, individuals and other resources such as files and devices in a network. LDAP is a "lightweight" (smaller amount of code) version of Directory Access Protocol (DAP). In total, seven vulnerabilities in LDAP were found and fixed.\n\n### CVE-2022-30163\n\nNoteworthy as well is [CVE-2022-30163](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30163>) a Windows Hyper-V Remote Code Execution vulnerability that allows an attacker to run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code. Microsoft Hyper-V is a virtualization platform, which enables administrators to virtualize multiple operating systems to run off the same physical server simultaneously.\n\n## More Microsoft news\n\nMicrosoft has also started to phase out Internet Explorer, but more about that in a [separate post](<https://blog.malwarebytes.com/reports/2022/06/its-official-today-you-can-say-goodbye-to-internet-explorer-or-can-you/>).\n\nAnd then there was a storm of criticism about the way Microsoft handled the [SynLapse vulnerability](<https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/>) in Azure Data Factory and Azure Synapse Pipelines. SynLapse is the name for a critical bug in Azure\u2019s Synapse service that allowed attackers to obtain credentials to other workspaces, execute code, or leak customer credentials to data sources outside of Azure. Rather than dealing with the vulnerability in a way that closed the gap once and for all, Microsoft choose what researchers called a halfhearted way that was easily bypassed in a following attempt. Orca researchers said they were able to bypass Microsoft\u2019s fix for the issue twice before the company put a working fix in place.\n\n## Other vendors\n\nAdobe has released security updates to address vulnerabilities in [multiple products](<https://www.cisa.gov/uscert/ncas/current-activity/2022/06/14/adobe-releases-security-updates-multiple-products>).\n\n[Atlassian](<https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html>) released a patch for the [in the wild exploited](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/multiple-adversaries-exploiting-confluence-vulnerability-warns-microsoft/>) Confluence RCE vulnerability.\n\n[Citrix](<https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512>) fixed two vulnerabilities in Citrix ADM server and Citrix ADM agent.\n\n[Drupal](<https://www.drupal.org/sa-core-2022-011>) fixed two \u201cModerately critical\u201d vulnerabilities.\n\n[GitLab](<https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/>) released versions 15.0.1, 14.10.4, and 14.9.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).\n\nGoogle put out updates for [Android](<https://source.android.com/security/bulletin/2022-06-01>) and [Chrome](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/update-chrome-now-four-high-risk-vulnerabilities-found/>).\n\n[SAP](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>) published security notes about some high priority vulnerabilities\n\nStay safe, everyone!\n\nThe post [Update now! Microsoft patches Follina, and many other security updates](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/update-now-microsoft-patches-follina-and-many-other-security-updates/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-15T13:17:05", "type": "malwarebytes", "title": "Update now!\u00a0 Microsoft patches Follina, and many other security updates", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26937", "CVE-2022-30136", "CVE-2022-30139", "CVE-2022-30163", "CVE-2022-30190"], "modified": "2022-06-15T13:17:05", "id": "MALWAREBYTES:0647495F01C9F1847B118A9E32BC6C13", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/update-now-microsoft-patches-follina-and-many-other-security-updates/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2022-06-25T17:57:09", "description": "Hello everyone! This will be an episode about the Microsoft vulnerabilities that were released on June Patch Tuesday and also between May and June Patch Tuesdays. \n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239094>\n\nOn June Patch Tuesday, June 14, 56 vulnerabilities were released. Between May and June Patch Tuesdays, 38 vulnerabilities were released. This gives us 94 vulnerabilities in the report. \n \n \n $ cat comments_links.txt \n Qualys|June 2022 Patch Tuesday Microsoft Releases 55 Vulnerabilities with 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities with 40 Critical|https://blog.qualys.com/vulnerabilities-threat-research/2022/06/14/june-2022-patch-tuesday\n ZDI|THE JUNE 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/6/14/the-june-2022-security-update-review\n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"June\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n ...\n Creating Patch Tuesday profile...\n MS PT Year: 2022\n MS PT Month: June\n MS PT Date: 2022-06-14\n MS PT CVEs found: 56\n Ext MS PT Date from: 2022-05-11\n Ext MS PT Date to: 2022-06-13\n Ext MS PT CVEs found: 38\n ALL MS PT CVEs: 94\n ...\n\n * Urgent: 1\n * Critical: 1\n * High: 32\n * Medium: 55\n * Low: 4\n\nThe urgent one is **Remote Code Execution** in Microsoft Windows Support Diagnostic Tool (MSDT) ([CVE-2022-30190](<https://vulners.com/cve/CVE-2022-30190>)). Also known as \u201cFollina\u201d. It was observed being exploited in the wild at the end of May. MSDT is an application that is used to automatically collect diagnostic information and send it to Microsoft when something goes wrong with Windows. The tool can be called up from other applications (Microsoft Word being the most popular example) through the special MSDT URL protocol. Attackers who successfully exploit this vulnerability can execute arbitrary code with the privileges of the calling app to install programs, view, change, or delete data, and even create new Windows accounts as allowed by the compromised user's rights. And now dozens of repositories with exploits for this vulnerability are available on Github. Therefore criticality is indeed Urgent. Vulristics prioritizes this correctly. While Microsoft had provided mitigation guidance in an advisory on May 30, patches were not released until June 14.\n\nThe critical vulnerability is **Remote Code Execution** in Windows Network File System ([CVE-2022-30136](<https://vulners.com/cve/CVE-2022-30136>)). A vulnerability can be exploited by an unauthenticated attacker using a specially crafted call to a NFS service. Microsoft rated this as \u201cExploitation More Likely\u201d according to its Exploitability Index. This bug looks very similar to [CVE-2022-26937 \u2013 an NFS bug patched last month](<https://avleonov.com/2022/05/27/microsoft-patch-tuesday-may-2022-edge-rce-petitpotam-lsa-spoofing-bad-patches/>). The only difference between the patches is that this month\u2019s update fixes a bug in NFSV4.1, whereas last month\u2019s bug only affected versions NSFV2.0 and NSFV3.0. Microsoft has provided mitigation guidance to disable NFS v4.1, which should only be done if the May updates fixing previous NFS versions have been applied. The criticality of this vulnerability was increased by the advertisement of an exploit for this CVE in the github repository. Could this be a scam? Of course, but maybe it's not.\n\nThere were 7 High-level **Remote Code Executions** in Windows LDAP ([CVE-2022-30153](<https://vulners.com/cve/CVE-2022-30153>), [CVE-2022-30161](<https://vulners.com/cve/CVE-2022-30161>), [CVE-2022-30139](<https://vulners.com/cve/CVE-2022-30139>), [CVE-2022-30141](<https://vulners.com/cve/CVE-2022-30141>), [CVE-2022-30143](<https://vulners.com/cve/CVE-2022-30143>), [CVE-2022-30146](<https://vulners.com/cve/CVE-2022-30146>), [CVE-2022-30149](<https://vulners.com/cve/CVE-2022-30149>)). For three of them (CVE-2022-30139, CVE-2022-30141 and CVE-2022-30143) vulnerability only exists if the \u201cMaxReceiveBuffer\u201d LDAP policy is configured to a higher value than the default value (i.e. a higher maximum number of threads LDAP requests can contain per processor). A system with the default value for the policy would not be affected. For two of them (CVE-2022-30139 and CVE-2022-30141), no user interaction is required, however an attacker must "prepare the target environment to improve exploit reliability".\n\nWell, I would like to finish on patches that break servers. This time there were such problems too. This month's Windows Server updates are [causing a wide range of issues, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service (RRAS) enabled](<https://www.bleepingcomputer.com/news/microsoft/recent-windows-server-updates-break-vpn-rdp-rras-connections/>). The vast majority of reports related to these problems coming in since Patch Tuesday have a common theme: losing Remote Desktop and VPN connectivity to servers with Routing and Remote Access Service (RRAS) enabled where the June Windows Server Updates have been installed. It is not clear what is causing these issues, maybe a fix for "Windows Network Address Translation (NAT) Denial of Service Vulnerability" tracked as CVE-2022-30152 that may have introduced bugs into RRAS connectivity. "We are aware of the issue and working to provide a resolution. Customers experiencing this issue can temporarily disable the NAT feature on their RRAS server," a Microsoft spokesperson told. So let's wait for new patches.\n\nThe full report is available here: [ms_patch_tuesday_june2022_report](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_june2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-25T12:32:07", "type": "avleonov", "title": "Microsoft Patch Tuesday June 2022: Follina RCE, NFSV4.1 RCE, LDAP RCEs and bad patches", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26937", "CVE-2022-30136", "CVE-2022-30139", "CVE-2022-30141", "CVE-2022-30143", "CVE-2022-30146", "CVE-2022-30149", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30161", "CVE-2022-30190"], "modified": "2022-06-25T12:32:07", "id": "AVLEONOV:4B6EFA5DE55BAEFCD9C72826A3524969", "href": "https://avleonov.com/2022/06/25/microsoft-patch-tuesday-june-2022-follina-rce-nfsv4-1-rce-ldap-rces-and-bad-patches/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2022-06-24T21:57:29", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 55 vulnerabilities (aka flaws) in the June 2022 update, including three (3) vulnerabilities classified as **_Critical_** as they allow Remote Code Execution (RCE). This month's Patch Tuesday cumulative Windows update includes the fix for one (1) zero-day vulnerability ([CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>)). Microsoft also released an advisory for Intel Processor MMIO Stale Data Vulnerabilitie to address four (4) Intel vulnerabilities ([Microsoft Advisory 220002](<https://msrc.microsoft.com/update-guide/vulnerability/ADV220002>), [Intel-SA-00615](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html>)).\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege, Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, and Spoofing vulnerabilities.\n\nMany of the vulnerabilities patched this month relate to remote code execution, but there are no reports of active exploitation in the wild with the exception of an update to [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>), a Microsoft Windows Support Diagnostic Tool (MSDT) vulnerability made public in May.\n\n### The June 2022 Microsoft vulnerabilities are classified as follows: \n\n\n\n [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/06/15/microsoft-patches-55-vulnerabilities-including-one-zero-day-and-three-critical-in-the-june-2022-patch-tuesday/>)\n\n* * *\n\n# **Notable Microsoft Vulnerabilities Patched**\n\n### [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>) | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nMicrosoft has fixed the widely-exploited _**Windows Follina MSDT zero-day**_ vulnerability tracked as[ CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>) in the June 2022 Updates.\n\nThe update for this vulnerability is in the June 2022 cumulative Windows Updates. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected._**\n\nOn May 31st Qualys released **QID 91909 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) Vulnerability (Follina) (Zero Day)**. \n \nOn June 14th, Microsoft released the patch for this vulnerability in the June 2022 cumulative Windows Updates. \n \nQualys will modify our existing detection signature to check for the PATCH ONLY and apply a minor title revision to remove the zero-day reference:** QID 91909 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) Vulnerability (Follina).** \n \nQualys will also release a NEW Information Gathered (IG) detection that will test for the MITIGATION ONLY: **QID 45538 Microsoft Support Diagnostic Tool (MSDT) URL Protocol Vulnerability Disabled (Follina Mitigation Enabled).** \n \nThese updates will be included in the June 14th evening\u2019s Patch Tuesday release cycle. \n_(VULNSIGS-2.5.504-4, QAGENT-SIGNATURE-SET-2.5.504.4-3, LX_MANIFEST-2.5.504.4-4)_ \n--- \n \n\n\n _Examine a potential attack vector as well as technical details of Follina, and chart the ability to detect this new vulnerability using both Qualys Multi-Vector EDR and Qualys Context XDR._ [Detect the Follina MSDT Vulnerability (CVE-2022-30190) with Qualys Multi-Vector EDR & Context XDR](<https://blog.qualys.com/product-tech/2022/06/14/detect-the-follina-msdt-vulnerability-cve-2022-30190-with-qualys-multi-vector-edr-context-xdr>)\n\n [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/05/31/microsoft-windows-support-diagnostic-tool-msdt-remote-code-execution-vulnerability-cve-2022-30190/>)\n\n* * *\n\n### Microsoft Guidance on Intel [Processor MMIO Stale Data Vulnerabilities](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html>)\n\n#### [Microsoft Advisory 220002](<https://msrc.microsoft.com/update-guide/vulnerability/ADV220002>), [Intel-SA-00615](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html>)\n\nOn June 14, 2022, Intel published information about a class of memory-mapped I/O vulnerabilities known as [Processor MMIO Stale Data Vulnerabilities](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html>).\n\nAn attacker who successfully exploited these vulnerabilities might be able to read privileged data across trust boundaries. In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run a specially crafted application on the target system to leverage these vulnerabilities.\n\nThese vulnerabilities are known as:\n\n * [CVE-2022-21123](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21123>) | Shared Buffer Data Read (SBDR) \n * [CVE-2022-21125](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21125>) | Shared Buffer Data Sampling (SBDS)\n * [CVE-2022-21127](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21127>) | Special Register Buffer Data Sampling Update (SRBDS Update)\n * [CVE-2022-21166](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21166>) | Device Register Partial Write (DRPW)\n\n**Important**: These vulnerabilities might affect other operating systems and service providers. We advise customers to seek guidance from their respective vendors.\n\n [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/06/15/microsoft-releases-patches-for-the-intel-processor-mmio-stale-data-vulnerabilities-in-june-2022-patch-tuesday/>)\n\n* * *\n\n### Windows Server 2022 Azure Edition Core Hotpatch ([KB5014677](<https://support.microsoft.com/en-us/topic/june-14-2022-kb5014677-os-build-20348-770-a7a0d557-bd34-4867-bf6f-a47fbc997810>)) **OS Build 20348.770**\n\nWindows Server 2022 Azure Edition Core Hotpatch ([KB5014677](<https://support.microsoft.com/en-us/topic/june-14-2022-kb5014677-os-build-20348-770-a7a0d557-bd34-4867-bf6f-a47fbc997810>)) addresses 22 unique vulnerabilities, ranging in severity from a CVSSv3.1 score of 5.3/10 to 8.8/10, as summarized below.\n\n\n\n* * *\n\n# **Microsoft Critical and Important Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun>) covers multiple Microsoft product families, including Azure, Developer Tools, Edge-Chromium Browser, Microsoft Office, SQL Server, System Center, and Windows.\n\nA total of 25 unique Microsoft products/versions are affected.\n\nDownloads include Azure Hotpatch, Cumulative Updates, Monthly Rollup, Security Only, and Security Updates.\n\n* * *\n\n### [CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>) | Windows Network File System Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely._**\n\n* * *\n\n### [CVE-2022-30157](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30157>) | Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nIn a network-based attack, an attacker would need to have the privileges to create a page on a vulnerable SharePoint server. By creating a site using specific code, the attacker could execute code remotely on the target server.\n\nThe attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability. \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**.\n\n* * *\n\n### [CVE-2022-30158](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30158>) | Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nAn authenticated attacker with access to a server that has Sandboxed Code Service enabled could execute code in the context of the web service account.\n\nThe attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability. \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Unlikely_**.\n\n* * *\n\n### [CVE-2022-30165](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30165>) | Windows Kerberos Elevation of Privilege Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nSystems configured to activate both of the following features in Windows Server: CredSSP (Credential Security Service Provider) and RCG (Remote Credential Guard) might be vulnerable to this exploit.\n\nAn authenticated attacker could exploit this vulnerability to elevate privileges and then spoof the Kerberos login process when a remote credential guard connection is made via CredSSP over the network.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**.\n\n* * *\n\n### [CVE-2022-30163](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30163>) | Windows Hyper-V Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.5/10.\n\nTo exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition. \n\nIn this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n### [CVE-2022-30164](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30164>) | Windows Kerberos AppContainer Security Feature Bypass Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.4/10.\n\nA low privilege attacker could execute a script within an App Container to request a service ticket and thereby gain elevation to the service privilege.\n\nAn attacker could bypass the Kerberos service ticketing feature which performs user access control checks\n\nIn this case, a successful attack could be performed from a low privilege [AppContainer](<https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation>). The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n### [CVE-2022-30139](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30139>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nThis vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.\n\nFor more information, please see [LDAP policies](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3f0137a1-63df-400c-bf97-e1040f055a99>).\n\nSuccessful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n### [CVE-2022-30145](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30145>) | Windows Encrypting File System (EFS) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n## **Microsoft Last But Not Least**\n\nEarlier in June, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities on June 9 Microsoft Edge (Chromium-based) Remote Code Execution (RCE) Vulnerability ([CVE-2022-22021](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22021>)) and an additional four (4) vulnerabilities on June 13 ([CVE-2022-2011](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2011>), [CVE-2022-2010](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2010>), [CVE-2022-2008](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2008>), [CVE-2022-2007](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2007>)).\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released six (6) [advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 46 vulnerabilities affecting Adobe Animate, Bridge, Illustrator, InCopy, InDesign, and RoboHelp Server. Of these 46 vulnerabilities, 40 are rated as **_Critical_**; ranging in severity from a CVSSv3.1 score of 5.5/10 to 7.8/10, as summarized below.\n\n\n\n### [APSB22-24](<https://helpx.adobe.com/security/products/animate/apsb22-24.html>) | Security updates available for Adobe Animate\n\nThis update resolves one (1) **_Critical_** vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update resolves a [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n\n* * *\n\n### [APSB22-25](<https://helpx.adobe.com/security/products/bridge/apsb22-25.html>) | Security updates available for Adobe Bridge\n\nThis update resolves 11 **_Critical_** and one (1) _**Important **_vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update addresses [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution, arbitrary file system write, and memory leak. \n\n* * *\n\n### [APSB22-26](<https://helpx.adobe.com/security/products/illustrator/apsb22-26.html>) | Security updates available for Adobe Illustrator\n\nThis update resolves 13 **_Critical_**, and four (4) **_Important _**vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-29](<https://helpx.adobe.com/security/products/incopy/apsb22-29.html>) | Security updates available for Adobe InCopy\n\nThis update resolves eight (8) **_Critical_** vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution. \n\n* * *\n\n### [APSB22-30](<https://helpx.adobe.com/security/products/indesign/apsb22-30.html>) | Security updates available for Adobe InDesign\n\nThis update resolves seven (7) **_Critical_** vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution. \n\n* * *\n\n### [APSB22-31](<https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html>) | Security updates available for RoboHelp Server\n\nThis update resolves one (1) **_Moderate_** vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security hotfix for RoboHelp Server 11 (Update 3) and prior releases. This hotfix resolves a security vulnerability that allows end-users with non-administrative privileges to manipulate API requests and elevate their account privileges to that of a server administrator.\n\nThis update resolves a vulnerability rated [moderate](<https://helpx.adobe.com/security/severity-ratings.html>). Successful exploitation could lead to privilege escalation. \n\n* * *\n\n# **About Qualys Patch Tuesday**\n\nQualys Patch Tuesday QIDs are published as [Security Alerts](<https://www.qualys.com/research/security-alerts/>) typically late in the evening on the day of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard](<https://success.qualys.com/discussions/s/article/000006821>) by Noon on Wednesday.\n\n* * *\n\n## Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`45538` OR qid:`91909` OR qid:`91910` OR qid:`91911` OR qid:`91912` OR qid:`91913` OR qid:`91914` OR qid:`91915` OR qid:`91916` OR qid:`91917` OR qid:`91918` OR qid:`91919` OR qid:`110409` OR qid:`110410` OR qid:`376665` OR qid:`376666` ) \n\n\n\n* * *\n\n## Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday:\n \n \n ( qid:`45538` OR qid:`91909` OR qid:`91910` OR qid:`91911` OR qid:`91912` OR qid:`91913` OR qid:`91914` OR qid:`91915` OR qid:`91916` OR qid:`91917` OR qid:`91918` OR qid:`91919` OR qid:`110409` OR qid:`110410` OR qid:`376665` OR qid:`376666` ) \n\n\n\n* * *\n\n# \nQualys Monthly Webinar Series \n\n\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities & Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T20:00:00", "type": "qualysblog", "title": "June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities with 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities with 40 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-22021", "CVE-2022-30136", "CVE-2022-30139", "CVE-2022-30145", "CVE-2022-30157", "CVE-2022-30158", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30165", "CVE-2022-30190"], "modified": "2022-06-14T20:00:00", "id": "QUALYSBLOG:BB3D6B2DDD8D4FA41B52503EF011FDA4", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2023-11-28T09:56:15", "description": "None\n## **Summary**\n\nLearn more about this cumulative security update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT **On May 19, 2022, we released an [out-of-band](<https://support.microsoft.com/help/5014991>) (OOB) update to address an issue that might cause machine certificate authentication failures on domain controllers. If you haven\u2019t installed the May 19, 2022 or later releases, then installing this June 14, 2022 update will also address that issue. For more information, see the **Before installing this update** section in this article.\n\n**IMPORTANT** Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements**\n\nThis cumulative security update contains improvements that are part of update [KB5014017](<https://support.microsoft.com/help/5014017>) (released May 10, 202) and includes new improvements for the following issue:\n\n * Printing to a NUL port from a Low Integrity Level (LowIL) process application could cause printing failures.\n * Addresses an elevation of privilege (EOP) vulnerability under [CVE-2022-30154](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30154>) for the [Microsoft File Server Shadow Copy Agent Service](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj612865\\(v=ws.11\\)>). To become protected and functional, you must install the June 14, 2022 or later Windows update on both the application server and the file server. The application server runs the Volume Shadow Copy Service (VSS)-aware application that stores data on the remote [Server Message Block](<https://docs.microsoft.com/windows/win32/fileio/microsoft-smb-protocol-and-cifs-protocol-overview>) 3.0 (or higher) shares on a file server. The file server hosts the file shares. If you don\u2019t install the update on both machine roles, backup operations carried out by applications, which previously worked, might fail. For such failure scenarios, the Microsoft File Server Shadow Copy Agent Service will log FileShareShadowCopyAgent event 1013 on the file server. For more information, see [KB5015527](<https://support.microsoft.com/help/5015527>).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [June 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nWe are working on a resolution and will provide an update in an upcoming release. \nAfter installing this update, Windows devices might be unable to use the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the Internet after a client device connects.| This issue is addressed in [KB5015863](<https://support.microsoft.com/help/5015863>). \nAfter installing this update, Windows Servers which use the Routing and Remote Access Service (RRAS) might be unable to correctly direct Internet traffic. Devices which connect to the server might not connect to the Internet, and servers can lose connection to the Internet after a client device connects.| This issue is addressed in [KB5015863](<https://support.microsoft.com/help/5015863>). \n \n## **How to get this update**\n\n**Before installing this update**For machine certificate authentication considerations, do one of the following:\n\n * Install this June 14, 2022 update on all intermediate or application servers that pass authentication certificates from authenticated clients to the domain controller (DC) first. Then install this update on all DC role computers.\n * Or, pre-populate **CertificateMappingMethods** to **0x1F** as documented in the [Registry key information](<https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_kdcregkey>) section of [KB5014754](<https://support.microsoft.com/help/5014754>) on all DCs. Delete the **CertificateMappingMethods** registry setting only after the June 14, 2022 update has been installed on all intermediate or application servers and all DCs. \n \n**Note** Adding, modifying, or removing the **CertificateMappingMethods** registry setting does not require a device restart. \n--- \nWe strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5014027](<https://support.microsoft.com/help/5014027>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014747>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update KB5014747](<https://download.microsoft.com/download/8/6/2/862b9ebd-62e3-4b24-97ff-58bb28c24f02/5014747.csv>).\n\n## **References**\n\nFor information about the security updates released on June 14, 2022, see [Security update deployment information: June 14, 2022 (KB5015454)](<https://support.microsoft.com/help/5015454>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T00:00:00", "type": "mskb", "title": "June 14, 2022\u2014KB5014747 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-30135", "CVE-2022-30136", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30149", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30166", "CVE-2022-30190"], "modified": "2022-06-14T00:00:00", "id": "KB5014747", "href": "https://support.microsoft.com/en-us/help/5014747", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:56:11", "description": "None\n## **Summary**\n\nLearn more about this cumulative security update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT **On May 19, 2022, we released an [out-of-band](<https://support.microsoft.com/help/5014986>) (OOB) update to address an issue that might cause machine certificate authentication failures on domain controllers. If you haven\u2019t installed the May 19, 2022 or later releases, then installing this June 14, 2022 update will also address that issue. For more information, see the **Before installing this update** section in this article.\n\n**IMPORTANT** Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements**\n\nThis cumulative security update includes improvements that are part of update [KB5014011](<https://support.microsoft.com/help/5014011>) (released May 10, 2022) and includes new improvements for the following issue:\n\n * Printing to a NUL port from a Low Integrity Level (LowIL) process application could cause printing failures.\n * Addresses an elevation of privilege (EOP) vulnerability under [CVE-2022-30154](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30154>) for the [Microsoft File Server Shadow Copy Agent Service](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj612865\\(v=ws.11\\)>). To become protected and functional, you must install the June 14, 2022 or later Windows update on both the application server and the file server. The application server runs the Volume Shadow Copy Service (VSS)-aware application that stores data on the remote [Server Message Block](<https://docs.microsoft.com/windows/win32/fileio/microsoft-smb-protocol-and-cifs-protocol-overview>) 3.0 (or higher) shares on a file server. The file server hosts the file shares. If you don\u2019t install the update on both machine roles, backup operations carried out by applications, which previously worked, might fail. For such failure scenarios, the Microsoft File Server Shadow Copy Agent Service will log FileShareShadowCopyAgent event 1013 on the file server. For more information, see [KB5015527](<https://support.microsoft.com/help/5015527>).\nFor more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [June 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nWe are working on a resolution and will provide an update in an upcoming release. \nAfter installing this update, Windows devices might be unable to use the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the Internet after a client device connects.| This issue is addressed in [KB5015874](<https://support.microsoft.com/help/5015874>). \nAfter installing this update, Windows Servers which use the Routing and Remote Access Service (RRAS) might be unable to correctly direct Internet traffic. Devices which connect to the server might not connect to the Internet, and servers can lose connection to the Internet after a client device connects.| This issue is addressed in [KB5015874](<https://support.microsoft.com/help/5015874>). \n \n## **How to get this update**\n\n**Before installing this update**For machine certificate authentication considerations, do one of the following:\n\n * Install this June 14, 2022 update on all intermediate or application servers that pass authentication certificates from authenticated clients to the domain controller (DC) first. Then install this update on all DC role computers.\n * Or, pre-populate **CertificateMappingMethods** to **0x1F** as documented in the [Registry key information](<https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_kdcregkey>) section of [KB5014754](<https://support.microsoft.com/help/5014754>) on all DCs. Delete the **CertificateMappingMethods** registry setting only after the June 14, 2022 update has been installed on all intermediate or application servers and all DCs. \n \n**Note** Adding, modifying, or removing the **CertificateMappingMethods** registry setting does not require a device restart. \n--- \nWe strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5014025](<https://support.microsoft.com/help/5014025>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014738>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update KB5014738](<https://download.microsoft.com/download/2/d/4/2d43bda6-cff0-4fcf-8358-947f29b93db5/5014738.csv>). \n\n## **References**\n\nFor information about the security updates released on June 14, 2022, see [Security update deployment information: June 14, 2022 (KB5015454)](<https://support.microsoft.com/help/5015454>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T00:00:00", "type": "mskb", "title": "June 14, 2022\u2014KB5014738 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26414", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-30135", "CVE-2022-30136", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30149", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30162", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30166", "CVE-2022-30190"], "modified": "2022-06-14T00:00:00", "id": "KB5014738", "href": "https://support.microsoft.com/en-us/help/5014738", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:56:11", "description": "None\n## **Summary**\n\nLearn more about this security-only update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT **On May 19, 2022, we released an [out-of-band](<https://support.microsoft.com/help/5014991>) (OOB) update to address an issue that might cause machine certificate authentication failures on domain controllers. If you haven\u2019t installed the May 19, 2022 or later releases, then installing this June 14, 2022 update will also address that issue. For more information, see the **Before installing this update** section in this article.\n\n**IMPORTANT **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).Verify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements**\n\nThis security-only update includes new improvements for the following issue:\n\n * Printing to a NUL port from a Low Integrity Level (LowIL) process application could cause printing failures.\n * Addresses an elevation of privilege (EOP) vulnerability under [CVE-2022-30154](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30154>) for the [Microsoft File Server Shadow Copy Agent Service](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj612865\\(v=ws.11\\)>). To become protected and functional, you must install the June 14, 2022 or later Windows update on both the application server and the file server. The application server runs the Volume Shadow Copy Service (VSS)-aware application that stores data on the remote [Server Message Block](<https://docs.microsoft.com/windows/win32/fileio/microsoft-smb-protocol-and-cifs-protocol-overview>) 3.0 (or higher) shares on a file server. The file server hosts the file shares. If you don\u2019t install the update on both machine roles, backup operations carried out by applications, which previously worked, might fail. For such failure scenarios, the Microsoft File Server Shadow Copy Agent Service will log FileShareShadowCopyAgent event 1013 on the file server. For more information, see [KB5015527](<https://support.microsoft.com/help/5015527>).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [June 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nWe are working on a resolution and will provide an update in an upcoming release. \nAfter installing this update, Windows devices might be unable to use the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the Internet after a client device connects.| This issue is addressed in [KB5015875](<https://support.microsoft.com/help/5015875>). \nAfter installing this update, Windows Servers which use the Routing and Remote Access Service (RRAS) might be unable to correctly direct Internet traffic. Devices which connect to the server might not connect to the Internet, and servers can lose connection to the Internet after a client device connects.| This issue is addressed in [KB5015875](<https://support.microsoft.com/help/5015875>). \n \n## **How to get this update**\n\n**Before installing this update**For machine certificate authentication considerations, do one of the following:\n\n * Install this June 14, 2022 update on all intermediate or application servers that pass authentication certificates from authenticated clients to the domain controller (DC) first. Then install this update on all DC role computers.\n * Or, pre-populate **CertificateMappingMethods** to **0x1F** as documented in the [Registry key information](<https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_kdcregkey>) section of [KB5014754](<https://support.microsoft.com/help/5014754>) on all DCs. Delete the **CertificateMappingMethods** registry setting only after the June 14, 2022 update has been installed on all intermediate or application servers and all DCs. \n \n**Note** Adding, modifying, or removing the **CertificateMappingMethods** registry setting does not require a device restart. \n--- \nWe strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5014027](<https://support.microsoft.com/help/5014027>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n \n**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5011486](<https://support.microsoft.com/help/5011486>)).\n\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014741>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for KB5014741](<https://download.microsoft.com/download/3/9/3/39310be3-5587-42f5-9629-e06168826c81/5014741.csv>).\n\n## **References**\n\nFor information about the security updates released on June 14, 2022, see [Security update deployment information: June 14, 2022 (KB5015454)](<https://support.microsoft.com/help/5015454>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T00:00:00", "type": "mskb", "title": "June 14, 2022\u2014KB5014741 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-30135", "CVE-2022-30136", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30149", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30166", "CVE-2022-30190"], "modified": "2022-06-14T00:00:00", "id": "KB5014741", "href": "https://support.microsoft.com/en-us/help/5014741", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:56:15", "description": "None\n## **Summary**\n\nLearn more about this security-only update, including improvements, any known issues, and how to get the update.\n\n**IMPORTANT **On May 19, 2022, we released an [out-of-band](<https://support.microsoft.com/help/5014986>) (OOB) update to address an issue that might cause machine certificate authentication failures on domain controllers. If you haven\u2019t installed the May 19, 2022 or later releases, then installing this June 14, 2022 update will also address that issue. For more information, see the **Before installing this update** section in this article.\n\n**IMPORTANT** Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release).For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements**\n\nThis security-only update includes new improvements for the following issue:\n\n * Printing to a NUL port from a Low Integrity Level (LowIL) process application could cause printing failures.\n * Addresses an elevation of privilege (EOP) vulnerability under [CVE-2022-30154](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30154>) for the [Microsoft File Server Shadow Copy Agent Service](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj612865\\(v=ws.11\\)>). To become protected and functional, you must install the June 14, 2022 or later Windows update on both the application server and the file server. The application server runs the Volume Shadow Copy Service (VSS)-aware application that stores data on the remote [Server Message Block](<https://docs.microsoft.com/windows/win32/fileio/microsoft-smb-protocol-and-cifs-protocol-overview>) 3.0 (or higher) shares on a file server. The file server hosts the file shares. If you don\u2019t install the update on both machine roles, backup operations carried out by applications, which previously worked, might fail. For such failure scenarios, the Microsoft File Server Shadow Copy Agent Service will log FileShareShadowCopyAgent event 1013 on the file server. For more information, see [KB5015527](<https://support.microsoft.com/help/5015527>).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [June 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun>).\n\n## **Known issues in this update**\n\n**Symptom**| **Next step** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nWe are working on a resolution and will provide an update in an upcoming release. \nAfter installing this update, Windows devices might be unable to use the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the Internet after a client device connects.| This issue is addressed in [KB5015877](<https://support.microsoft.com/help/5015877>). \nAfter installing this update, Windows Servers which use the Routing and Remote Access Service (RRAS) might be unable to correctly direct Internet traffic. Devices which connect to the server might not connect to the Internet, and servers can lose connection to the Internet after a client device connects.| This issue is addressed in [KB5015877](<https://support.microsoft.com/help/5015877>). \n \n## **How to get this update**\n\n**Before installing this update**For machine certificate authentication considerations, do one of the following:\n\n * Install this June 14, 2022 update on all intermediate or application servers that pass authentication certificates from authenticated clients to the domain controller (DC) first. Then install this update on all DC role computers.\n * Or, pre-populate **CertificateMappingMethods** to **0x1F** as documented in the [Registry key information](<https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_kdcregkey>) section of [KB5014754](<https://support.microsoft.com/help/5014754>) on all DCs. Delete the **CertificateMappingMethods** registry setting only after the June 14, 2022 update has been installed on all intermediate or application servers and all DCs. \n \n**Note** Adding, modifying, or removing the **CertificateMappingMethods** registry setting does not require a device restart. \n--- \nWe strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5014025](<https://support.microsoft.com/help/5014025>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n \n**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5011486](<https://support.microsoft.com/help/5011486>)).\n\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014746>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update KB5014746](<https://download.microsoft.com/download/6/b/a/6ba0d890-425e-436d-a452-eab90c2ce57e/5014746.csv>). \n\n## **References**\n\nFor information about the security updates released on June 14, 2022, see [Security update deployment information: June 14, 2022 (KB5015454)](<https://support.microsoft.com/help/5015454>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T00:00:00", "type": "mskb", "title": "June 14, 2022\u2014KB5014746 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26414", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-30135", "CVE-2022-30136", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30149", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30162", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30166", "CVE-2022-30190"], "modified": "2022-06-14T00:00:00", "id": "KB5014746", "href": "https://support.microsoft.com/en-us/help/5014746", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:56:07", "description": "None\n**NEW 06/14/22 \nIMPORTANT **On May 19, 2022, we released an out-of-band (OOB) update to address an issue that might cause machine certificate authentication failures on domain controllers. If you haven\u2019t installed the May 19, 2022 or later releases, then installing this June 14, 2022 update will also address that issue. For more information, see the **Before installing this update** section in this article. \n\n**Note: **To improve the information presented in the history pages and related KBs and make them more useful to our customers, we have created an [anonymous survey](<https://forms.office.com/r/ficuk8QT3n>) for you to share your comments and feedback. \n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 10, version 1809, see its update history page.\n\n## Highlights \n\n * Addresses security issues for your Windows operating system. \n\n## Improvements\n\nThis security update includes improvements that were a part of update KB5014022 (released May 24, 2022) and also addresses the following issues: \n\n * Addresses an elevation of privilege (EOP) vulnerability under [CVE-2022-30154](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30154>) for the [Microsoft File Server Shadow Copy Agent Service](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj612865\\(v=ws.11\\)>). To become protected and functional, you must install the June 14, 2022 or later Windows update on both the application server and the file server. The application server runs the Volume Shadow Copy Service (VSS)-aware application that stores data on the remote [Server Message Block](<https://docs.microsoft.com/windows/win32/fileio/microsoft-smb-protocol-and-cifs-protocol-overview>) 3.0 (or higher) shares on a file server. The file server hosts the file shares. If you don\u2019t install the update on both machine roles, backup operations carried out by applications, which previously worked, might fail. For such failure scenarios, the Microsoft File Server Shadow Copy Agent Service will log FileShareShadowCopyAgent event 1013 on the file server. For more information, see [KB5015527](<https://support.microsoft.com/help/5015527>).\nIf you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.For more information about security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [June 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun>).\n\n### Windows 10 servicing stack update - 17763.2980\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. \n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| This issue is addressed by updates released June 11, 2019 and later. We recommend you install the latest security updates for your device. Customers installing Windows Server 2019 using media should install the latest [Servicing Stack Update (SSU)](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) before installing the language pack or other optional components. If using the [Volume Licensing Service Center (VLSC)](<https://www.microsoft.com/licensing/servicecenter/default.aspx>), acquire the latest Windows Server 2019 media available. The proper order of installation is as follows:\n\n 1. Install the latest prerequisite SSU, currently [KB5005112](<https://support.microsoft.com/help/5005112>)\n 2. Install optional components or language packs\n 3. Install latest cumulative update\n**Note** Updating your device will prevent this issue, but will have no effect on devices already affected by this issue. If this issue is present in your device, you will need to use the workaround steps to repair it.**Workaround:**\n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see [Manage the input and display language settings in Windows 10](<https://support.microsoft.com/windows/manage-the-input-and-display-language-settings-in-windows-12a10cb4-8626-9b77-0ccb-5013e0c7c7a2>).\n 2. Click **Check for Updates **and install the April 2019 Cumulative Update or later. For instructions, see [Update Windows 10](<https://support.microsoft.com/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a>).\n**Note **If reinstalling the language pack does not mitigate the issue, use the In-Place-Upgrade feature. For guidance, see [How to do an in-place upgrade on Windows](<https://docs.microsoft.com/troubleshoot/windows-server/deployment/repair-or-in-place-upgrade>), and [Perform an in-place upgrade of Windows Server](<https://docs.microsoft.com/windows-server/get-started/perform-in-place-upgrade>). \nAfter installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \nAfter installing this update, Windows devices might be unable use the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the internet after a client device connects.| To mitigate the issue and restore internet access on the host device, you can disable the Wi-Fi hotspot feature. For instructions, please see [Use your Windows PC as a mobile hotspot](<https://support.microsoft.com/windows/use-your-windows-pc-as-a-mobile-hotspot-c89b0fad-72d5-41e8-f7ea-406ad9036b85>). \nAfter installing this update, Windows Servers that are using the Routing and Remote Access Service (RRAS) might be unable to correctly direct internet traffic. Devices that connect to the server might fail to connect to the internet, and servers can lose connection to the internet after a client device connects.| This issue is addressed in KB5014669. \nAfter installing updates released June 14, 2022, or later, [PowerShell Desired State Configuration (DSC)](<https://docs.microsoft.com/powershell/scripting/dsc/overview?view=powershell-7.2>) using an encrypted the [PSCredential](<https://docs.microsoft.com/powershell/scripting/learn/deep-dives/add-credentials-to-powershell-functions?view=powershell-7.2>) property might fail when decrypting the credentials on the target node. This failure will result in a password related error message, similar to, \u201cThe password supplied to the Desired State Configuration resource <resource name> is not valid. The password cannot be null or empty.\u201d**Note **Environments which use non-encrypted PSCredential properties will not experience the issue.DSC is a management platform in PowerShell that enables administrators to manage IT and development infrastructure with configuration as code. This issue is not likely to be experienced by home users of Windows.| This issue is addressed in KB5015811. \n \n## How to get this update\n\n**Before installing this update**For machine certificate authentication considerations that affect [Network Policy Server](<https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top>) (NPS) and other scenarios, do one of the following:\n\n * Install this June 14, 2022 update on all intermediate or application servers that pass authentication certificates from authenticated clients to the domain controller (DC) first. Then install this update on all DC role computers.OR\n * Pre-populate CertificateMappingMethods to 0x1F as documented in the [Registry key information](<https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_kdcregkey>) section of KB5014754 on all DCs. Delete the CertificateMappingMethods registry setting only after the June 14, 2022 update has been installed on all intermediate or application servers and all DCs.\n**Note** Adding, modifying, or removing the CertificateMappingMethods registry setting does not require a device restart.Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).Prerequisite:You **must **install the August 10, 2021 SSU (KB5005112) before installing the LCU. **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014692>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5014692.](<https://download.microsoft.com/download/1/5/f/15f303c3-6092-471d-ac9b-37b392738e93/5014692.csv>).For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 17763.2980](<https://download.microsoft.com/download/8/e/b/8eb1fe8b-b227-4f70-80a2-bcf0a3f3fcdb/SSU_version_17763_2980.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T00:00:00", "type": "mskb", "title": "June 14, 2022\u2014KB5014692 (OS Build 17763.3046)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-30131", "CVE-2022-30132", "CVE-2022-30136", "CVE-2022-30139", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30145", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30148", "CVE-2022-30149", "CVE-2022-30150", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30162", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30165", "CVE-2022-30166", "CVE-2022-30190"], "modified": "2022-06-14T00:00:00", "id": "KB5014692", "href": "https://support.microsoft.com/en-us/help/5014692", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:56:10", "description": "None\n**NEW 06/14/22 \nIMPORTANT **On May 19, 2022, we released an out-of-band (OOB) update to address an issue that might cause machine certificate authentication failures on domain controllers. If you haven\u2019t installed the May 19, 2022 or later releases, then installing this June 14, 2022 update will also address that issue. For more information, see the **Before installing this update** section in this article.\n\n**Note: **To improve the information presented in the history pages and related KBs and make them more useful to our customers, we have created an [anonymous survey](<https://forms.office.com/r/ficuk8QT3n>) for you to share your comments and feedback. \n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). For an overview of Windows 10, version 1607, see its update history page. \n\n## Highlights\n\n * Addresses security issues for your Windows operating system.\n\n## Improvements\n\nThis security update includes quality improvements. Key changes include:\n\n * Provides a Group Policy that administrators can use to enable customers to use the Ctrl+S (Save As) keyboard shortcut in Microsoft Edge IE Mode.\n * Addresses an issue that prevents printing from operating properly for some low integrity process apps.\n * Addresses an issue that causes print failures when a low integrity level (LowIL) application prints to a null port.\n * Addresses an issue that prevents you from signing in to Citrix servers that have enabled the [Interactive logon: Require smart card](<https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card>) security policy setting.\n * Addresses an issue that causes a mismatch between a Remote Desktop session\u2019s keyboard and the Remote Desktop Protocol (RDP) client when signing in.\n * Addresses an issue that prevents the file system control code (FSCTL_SET_INTEGRITY_INFORMATION_EX) from handling its input parameter correctly.\n * Addresses an elevation of privilege (EOP) vulnerability under [CVE-2022-30154](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30154>) for the [Microsoft File Server Shadow Copy Agent Service](<https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj612865\\(v=ws.11\\)>). To become protected and functional, you must install the June 14, 2022 or later Windows update on both the application server and the file server. The application server runs the Volume Shadow Copy Service (VSS)-aware application that stores data on the remote [Server Message Block](<https://docs.microsoft.com/windows/win32/fileio/microsoft-smb-protocol-and-cifs-protocol-overview>) 3.0 (or higher) shares on a file server. The file server hosts the file shares. If you don\u2019t install the update on both machine roles, backup operations carried out by applications, which previously worked, might fail. For such failure scenarios, the Microsoft File Server Shadow Copy Agent Service will log FileShareShadowCopyAgent event 1013 on the file server. For more information, see [KB5015527](<https://support.microsoft.com/help/5015527>).\nIf you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device. For more information about security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website and the [June 2022 Security Updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun>).\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, Windows devices might be unable use the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the internet after a client device connects.| This issue is addressed in KB5015808. \nAfter installing this update, Windows Servers that are using the Routing and Remote Access Service (RRAS) might be unable to correctly direct internet traffic. Devices that connect to the server might fail to connect to the internet, and servers can lose connection to the internet after a client device connects.| This issue is addressed in KB5015808. \nAfter installing updates released June 14, 2022, or later, [PowerShell Desired State Configuration (DSC)](<https://docs.microsoft.com/powershell/scripting/dsc/overview?view=powershell-7.2>) using an encrypted the [PSCredential](<https://docs.microsoft.com/powershell/scripting/learn/deep-dives/add-credentials-to-powershell-functions?view=powershell-7.2>) property might fail when decrypting the credentials on the target node. This failure will result in a password related error message, similar to, \u201cThe password supplied to the Desired State Configuration resource <resource name> is not valid. The password cannot be null or empty.\u201d**Note **Environments which use non-encrypted PSCredential properties will not experience the issue.DSC is a management platform in PowerShell that enables administrators to manage IT and development infrastructure with configuration as code. This issue is not likely to be experienced by home users of Windows.| This issue is addressed in KB5015808. \n \n## How to get this update\n\n**Before installing this update**For machine certificate authentication considerations that affect [Network Policy Server](<https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top>) (NPS) and other scenarios, do one of the following:\n\n * Install this June 14, 2022 update on all intermediate or application servers that pass authentication certificates from authenticated clients to the domain controller (DC) first. Then install this update on all DC role computers.OR\n * Pre-populate CertificateMappingMethods to 0x1F as documented in the [Registry key information](<https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_kdcregkey>) section of KB5014754 on all DCs. Delete the CertificateMappingMethods registry setting only after the June 14, 2022 update has been installed on all intermediate or application servers and all DCs.\n**Note** Adding, modifying, or removing the CertificateMappingMethods registry setting does not require a device restart.Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security updates. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe>).If you are using Windows Update, the latest SSU (KB5014026) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5014702>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5014702](<https://download.microsoft.com/download/c/d/9/cd9b127e-8686-47cd-8315-09b9f69d5bfe/5014702.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T00:00:00", "type": "mskb", "title": "June 14, 2022\u2014KB5014702 (OS Build 14393.5192)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-30131", "CVE-2022-30136", "CVE-2022-30139", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30145", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30148", "CVE-2022-30149", "CVE-2022-30150", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30162", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30165", "CVE-2022-30166", "CVE-2022-30190"], "modified": "2022-06-14T00:00:00", "id": "KB5014702", "href": "https://support.microsoft.com/en-us/help/5014702", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-17T16:30:30", "description": "The remote Windows host is missing security update 5014741. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-30136)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161)\n\n - Windows Hyper-V Remote Code Execution Vulnerability (CVE-2022-30163)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-14T00:00:00", "type": "nessus", "title": "KB5014741: Windows Server 2012 Security Update (June 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-30135", "CVE-2022-30136", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30149", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30166", "CVE-2022-30190"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_JUN_5014741.NASL", "href": "https://www.tenable.com/plugins/nessus/162194", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162194);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21127\",\n \"CVE-2022-21166\",\n \"CVE-2022-30135\",\n \"CVE-2022-30136\",\n \"CVE-2022-30140\",\n \"CVE-2022-30141\",\n \"CVE-2022-30142\",\n \"CVE-2022-30143\",\n \"CVE-2022-30146\",\n \"CVE-2022-30147\",\n \"CVE-2022-30149\",\n \"CVE-2022-30151\",\n \"CVE-2022-30152\",\n \"CVE-2022-30153\",\n \"CVE-2022-30154\",\n \"CVE-2022-30155\",\n \"CVE-2022-30160\",\n \"CVE-2022-30161\",\n \"CVE-2022-30163\",\n \"CVE-2022-30164\",\n \"CVE-2022-30166\",\n \"CVE-2022-30190\"\n );\n script_xref(name:\"MSKB\", value:\"5014741\");\n script_xref(name:\"MSKB\", value:\"5014747\");\n script_xref(name:\"MSFT\", value:\"MS22-5014741\");\n script_xref(name:\"MSFT\", value:\"MS22-5014747\");\n script_xref(name:\"IAVA\", value:\"2022-A-0240-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0241-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/05\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0022\");\n\n script_name(english:\"KB5014741: Windows Server 2012 Security Update (June 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5014741. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-30136)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30141,\n CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161)\n\n - Windows Hyper-V Remote Code Execution Vulnerability (CVE-2022-30163)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5014741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5014747\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5014741 or Cumulative Update 5014747\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30136\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word MSDTJS');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-06';\nkbs = make_list(\n '5014747',\n '5014741'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2',\n sp:0,\n rollup_date:'06_2022',\n bulletin:bulletin,\n rollup_kb_list:[5014747, 5014741])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T15:52:14", "description": "The remote Windows host is missing security update 5014746. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-30136)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161)\n\n - Windows Hyper-V Remote Code Execution Vulnerability (CVE-2022-30163)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-14T00:00:00", "type": "nessus", "title": "KB5014746: Windows 8.1 and Windows Server 2012 R2 Security Update (June 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-30135", "CVE-2022-30136", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30149", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30162", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30166", "CVE-2022-30190"], "modified": "2023-09-22T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_JUN_5014746.NASL", "href": "https://www.tenable.com/plugins/nessus/162202", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162202);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/22\");\n\n script_cve_id(\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21127\",\n \"CVE-2022-21166\",\n \"CVE-2022-30135\",\n \"CVE-2022-30136\",\n \"CVE-2022-30140\",\n \"CVE-2022-30141\",\n \"CVE-2022-30142\",\n \"CVE-2022-30143\",\n \"CVE-2022-30146\",\n \"CVE-2022-30147\",\n \"CVE-2022-30149\",\n \"CVE-2022-30151\",\n \"CVE-2022-30152\",\n \"CVE-2022-30153\",\n \"CVE-2022-30154\",\n \"CVE-2022-30155\",\n \"CVE-2022-30160\",\n \"CVE-2022-30161\",\n \"CVE-2022-30162\",\n \"CVE-2022-30163\",\n \"CVE-2022-30164\",\n \"CVE-2022-30166\",\n \"CVE-2022-30190\"\n );\n script_xref(name:\"MSKB\", value:\"5014738\");\n script_xref(name:\"MSKB\", value:\"5014746\");\n script_xref(name:\"MSFT\", value:\"MS22-5014738\");\n script_xref(name:\"MSFT\", value:\"MS22-5014746\");\n script_xref(name:\"IAVA\", value:\"2022-A-0240-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0241-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/05\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0022\");\n\n script_name(english:\"KB5014746: Windows 8.1 and Windows Server 2012 R2 Security Update (June 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5014746. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-30136)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30141,\n CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161)\n\n - Windows Hyper-V Remote Code Execution Vulnerability (CVE-2022-30163)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5014738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5014746\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5014746 or Cumulative Update 5014738\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30136\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word MSDTJS');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-06';\nkbs = make_list(\n '5014746',\n '5014738'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3',\n sp:0,\n rollup_date:'06_2022',\n bulletin:bulletin,\n rollup_kb_list:[5014746, 5014738])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:30:48", "description": "The remote Windows host is missing security update 5014702. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-30136)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-30165)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-14T00:00:00", "type": "nessus", "title": "KB5014702: Windows 10 Version 1607 and Windows Server 2016 Security Update (June 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-30131", "CVE-2022-30136", "CVE-2022-30139", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30145", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30148", "CVE-2022-30149", "CVE-2022-30150", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30162", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30165", "CVE-2022-30166", "CVE-2022-30190"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_JUN_5014702.NASL", "href": "https://www.tenable.com/plugins/nessus/162196", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162196);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21127\",\n \"CVE-2022-21166\",\n \"CVE-2022-30131\",\n \"CVE-2022-30136\",\n \"CVE-2022-30139\",\n \"CVE-2022-30140\",\n \"CVE-2022-30141\",\n \"CVE-2022-30142\",\n \"CVE-2022-30143\",\n \"CVE-2022-30145\",\n \"CVE-2022-30146\",\n \"CVE-2022-30147\",\n \"CVE-2022-30148\",\n \"CVE-2022-30149\",\n \"CVE-2022-30150\",\n \"CVE-2022-30151\",\n \"CVE-2022-30152\",\n \"CVE-2022-30153\",\n \"CVE-2022-30154\",\n \"CVE-2022-30155\",\n \"CVE-2022-30160\",\n \"CVE-2022-30161\",\n \"CVE-2022-30162\",\n \"CVE-2022-30163\",\n \"CVE-2022-30164\",\n \"CVE-2022-30165\",\n \"CVE-2022-30166\",\n \"CVE-2022-30190\"\n );\n script_xref(name:\"MSKB\", value:\"5014702\");\n script_xref(name:\"MSFT\", value:\"MS22-5014702\");\n script_xref(name:\"IAVA\", value:\"2022-A-0240-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0241-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/05\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0022\");\n\n script_name(english:\"KB5014702: Windows 10 Version 1607 and Windows Server 2016 Security Update (June 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5014702. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-30136)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-30165)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30139,\n CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5014702\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5014702\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30136\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word MSDTJS');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-06';\nkbs = make_list(\n '5014702'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:14393,\n rollup_date:'06_2022',\n bulletin:bulletin,\n rollup_kb_list:[5014702])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:30:30", "description": "The remote Windows host is missing security update 5014692. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-30136)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-30165)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-14T00:00:00", "type": "nessus", "title": "KB5014692: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-30131", "CVE-2022-30132", "CVE-2022-30136", "CVE-2022-30139", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30145", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30148", "CVE-2022-30149", "CVE-2022-30150", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30162", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30165", "CVE-2022-30166", "CVE-2022-30190"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_JUN_5014692.NASL", "href": "https://www.tenable.com/plugins/nessus/162197", "sourceData": "##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162197);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21127\",\n \"CVE-2022-21166\",\n \"CVE-2022-30131\",\n \"CVE-2022-30132\",\n \"CVE-2022-30136\",\n \"CVE-2022-30139\",\n \"CVE-2022-30140\",\n \"CVE-2022-30141\",\n \"CVE-2022-30142\",\n \"CVE-2022-30143\",\n \"CVE-2022-30145\",\n \"CVE-2022-30146\",\n \"CVE-2022-30147\",\n \"CVE-2022-30148\",\n \"CVE-2022-30149\",\n \"CVE-2022-30150\",\n \"CVE-2022-30151\",\n \"CVE-2022-30152\",\n \"CVE-2022-30153\",\n \"CVE-2022-30154\",\n \"CVE-2022-30155\",\n \"CVE-2022-30160\",\n \"CVE-2022-30161\",\n \"CVE-2022-30162\",\n \"CVE-2022-30163\",\n \"CVE-2022-30164\",\n \"CVE-2022-30165\",\n \"CVE-2022-30166\",\n \"CVE-2022-30190\"\n );\n script_xref(name:\"MSKB\", value:\"5014692\");\n script_xref(name:\"MSFT\", value:\"MS22-5014692\");\n script_xref(name:\"IAVA\", value:\"2022-A-0240-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0241-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/05\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0022\");\n\n script_name(english:\"KB5014692: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5014692. It is, therefore, affected by multiple vulnerabilities\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2022-30136)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-30165)\n\n - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30139,\n CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5014692\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5014692\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30136\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word MSDTJS');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-06';\nkbs = make_list(\n '5014692'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:17763,\n rollup_date:'06_2022',\n bulletin:bulletin,\n rollup_kb_list:[5014692])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-12-06T16:38:52", "description": "### *Detect date*:\n06/14/2022\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface.\n\n### *Exploitation*:\nPublic exploits exist for this vulnerability.\n\n### *Affected products*:\nWindows Server 2016 (Server Core installation) \nWindows 10 Version 21H1 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2022 Azure Edition Core Hotpatch \nWindows 10 Version 21H1 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1607 for x64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nAV1 Video Extension \nWindows 11 for ARM64-based Systems \nWindows RT 8.1 \nWindows Server 2019 \nWindows Server 2012 \nHEVC Video Extension \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows 11 for x64-based Systems \nWindows Server 2022 \nHEVC Video Extensions \nWindows 8.1 for x64-based systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 21H2 for x64-based Systems \nWindows 10 Version 20H2 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 21H2 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 21H2 for ARM64-based Systems \nWindows 10 Version 20H2 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2012 R2 \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows Server 2022 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-30152](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30152>) \n[CVE-2022-22018](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22018>) \n[CVE-2022-21125](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21125>) \n[CVE-2022-21123](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21123>) \n[CVE-2022-30131](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30131>) \n[CVE-2022-30162](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30162>) \n[CVE-2022-30150](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30150>) \n[CVE-2022-30151](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30151>) \n[CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>) \n[CVE-2022-32230](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230>) \n[CVE-2022-30165](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30165>) \n[CVE-2022-30154](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30154>) \n[CVE-2022-30164](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30164>) \n[CVE-2022-30163](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30163>) \n[CVE-2022-30155](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30155>) \n[CVE-2022-29119](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29119>) \n[CVE-2022-30135](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30135>) \n[CVE-2022-29111](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29111>) \n[CVE-2022-30153](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30153>) \n[CVE-2022-30140](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30140>) \n[CVE-2022-30160](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30160>) \n[CVE-2022-30148](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30148>) \n[CVE-2022-30167](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30167>) \n[CVE-2022-30132](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30132>) \n[CVE-2022-21166](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21166>) \n[CVE-2022-30149](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30149>) \n[CVE-2022-30139](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30139>) \n[CVE-2022-30142](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30142>) \n[CVE-2022-30161](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30161>) \n[CVE-2022-30146](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30146>) \n[CVE-2022-21127](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21127>) \n[CVE-2022-30193](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30193>) \n[CVE-2022-30147](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30147>) \n[CVE-2022-30166](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30166>) \n[CVE-2022-30189](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30189>) \n[CVE-2022-30145](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30145>) \n[CVE-2022-30141](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30141>) \n[CVE-2022-30188](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30188>) \n[CVE-2022-30143](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30143>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2022-30152](<https://vulners.com/cve/CVE-2022-30152>)5.0Warning \n[CVE-2022-21125](<https://vulners.com/cve/CVE-2022-21125>)2.1Warning \n[CVE-2022-30160](<https://vulners.com/cve/CVE-2022-30160>)4.6Warning \n[CVE-2022-21123](<https://vulners.com/cve/CVE-2022-21123>)2.1Warning \n[CVE-2022-21166](<https://vulners.com/cve/CVE-2022-21166>)2.1Warning \n[CVE-2022-30149](<https://vulners.com/cve/CVE-2022-30149>)5.1High \n[CVE-2022-30151](<https://vulners.com/cve/CVE-2022-30151>)4.4Warning \n[CVE-2022-30142](<https://vulners.com/cve/CVE-2022-30142>)7.6Critical \n[CVE-2022-30161](<https://vulners.com/cve/CVE-2022-30161>)6.8High \n[CVE-2022-30146](<https://vulners.com/cve/CVE-2022-30146>)5.1High \n[CVE-2022-21127](<https://vulners.com/cve/CVE-2022-21127>)2.1Warning \n[CVE-2022-30147](<https://vulners.com/cve/CVE-2022-30147>)7.2High \n[CVE-2022-30166](<https://vulners.com/cve/CVE-2022-30166>)4.6Warning \n[CVE-2022-30141](<https://vulners.com/cve/CVE-2022-30141>)9.3Critical \n[CVE-2022-30163](<https://vulners.com/cve/CVE-2022-30163>)6.0High \n[CVE-2022-30155](<https://vulners.com/cve/CVE-2022-30155>)7.1High \n[CVE-2022-30135](<https://vulners.com/cve/CVE-2022-30135>)7.2High \n[CVE-2022-30153](<https://vulners.com/cve/CVE-2022-30153>)6.8High \n[CVE-2022-30143](<https://vulners.com/cve/CVE-2022-30143>)5.1High \n[CVE-2022-30140](<https://vulners.com/cve/CVE-2022-30140>)5.1High \n[CVE-2022-22018](<https://vulners.com/cve/CVE-2022-22018>)6.8High \n[CVE-2022-30131](<https://vulners.com/cve/CVE-2022-30131>)7.2High \n[CVE-2022-30162](<https://vulners.com/cve/CVE-2022-30162>)2.1Warning \n[CVE-2022-30150](<https://vulners.com/cve/CVE-2022-30150>)6.0High \n[CVE-2022-32230](<https://vulners.com/cve/CVE-2022-32230>)7.8Critical \n[CVE-2022-30165](<https://vulners.com/cve/CVE-2022-30165>)6.5High \n[CVE-2022-30154](<https://vulners.com/cve/CVE-2022-30154>)2.1Warning \n[CVE-2022-30164](<https://vulners.com/cve/CVE-2022-30164>)4.6Warning \n[CVE-2022-29119](<https://vulners.com/cve/CVE-2022-29119>)6.8High \n[CVE-2022-29111](<https://vulners.com/cve/CVE-2022-29111>)6.8High \n[CVE-2022-30148](<https://vulners.com/cve/CVE-2022-30148>)2.1Warning \n[CVE-2022-30167](<https://vulners.com/cve/CVE-2022-30167>)6.8High \n[CVE-2022-30132](<https://vulners.com/cve/CVE-2022-30132>)7.2High \n[CVE-2022-30139](<https://vulners.com/cve/CVE-2022-30139>)6.0High \n[CVE-2022-30193](<https://vulners.com/cve/CVE-2022-30193>)6.8High \n[CVE-2022-30189](<https://vulners.com/cve/CVE-2022-30189>)4.3Warning \n[CVE-2022-30145](<https://vulners.com/cve/CVE-2022-30145>)6.0High \n[CVE-2022-30188](<https://vulners.com/cve/CVE-2022-30188>)6.8High\n\n### *KB list*:\n[5013942](<http://support.microsoft.com/kb/5013942>) \n[5013941](<http://support.microsoft.com/kb/5013941>) \n[5013943](<http://support.microsoft.com/kb/5013943>) \n[5013945](<http://support.microsoft.com/kb/5013945>) \n[5014702](<http://support.microsoft.com/kb/5014702>) \n[5014699](<http://support.microsoft.com/kb/5014699>) \n[5014692](<http://support.microsoft.com/kb/5014692>) \n[5014710](<http://support.microsoft.com/kb/5014710>) \n[5014747](<http://support.microsoft.com/kb/5014747>) \n[5014678](<http://support.microsoft.com/kb/5014678>) \n[5014738](<http://support.microsoft.com/kb/5014738>) \n[5014741](<http://support.microsoft.com/kb/5014741>) \n[5014697](<http://support.microsoft.com/kb/5014697>) \n[5014746](<http://support.microsoft.com/kb/5014746>) \n[5014677](<http://support.microsoft.com/kb/5014677>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T00:00:00", "type": "kaspersky", "title": "KLA12569 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-22018", "CVE-2022-29111", "CVE-2022-29119", "CVE-2022-30131", "CVE-2022-30132", "CVE-2022-30135", "CVE-2022-30136", "CVE-2022-30139", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30145", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30148", "CVE-2022-30149", "CVE-2022-30150", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30162", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30165", "CVE-2022-30166", "CVE-2022-30167", "CVE-2022-30188", "CVE-2022-30189", "CVE-2022-30193", "CVE-2022-32230"], "modified": "2023-09-29T00:00:00", "id": "KLA12569", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12569/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2022-06-24T22:03:33", "description": "\n\nJune's Patch Tuesday sees Microsoft releasing fixes for over 60 CVEs. Top of mind for many administrators this month is [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>), also known as Follina, which was observed being exploited in the wild [at the end of May](<https://www.rapid7.com/blog/post/2022/05/31/cve-2022-30190-follina-microsoft-support-diagnostic-tool-vulnerability/>). Microsoft provided [mitigation instructions](<https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/>) (disabling the MSDT URL protocol via the registry), but actual patches were not available until today\u2019s cumulative Windows Updates. Even if the mitigation was previously applied, installing the updates is highly recommended.\n\nNone of the other CVEs being addressed this month have been previously disclosed or seen exploited yet. However, it won\u2019t be long before attackers start looking at [CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>), a critical remote code execution (RCE) vulnerability affecting the Windows Network File System (NFS). Last month, Microsoft fixed a similar vulnerability ([CVE-2022-26937](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>)) affecting NFS v2.0 and v3.0. [CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>), on the other hand, is only exploitable in NFS v4.1. Microsoft has provided mitigation guidance to disable NFS v4.1, which should only be done if the May updates fixing previous NFS versions have been applied. Again, even if the mitigation has been put into place, best to patch sooner rather than later.\n\nAlso reminiscent of last month is [CVE-2022-30139](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30139>), a critical RCE in LDAP carrying a CVSSv3 base score of 7.1, which again is only exploitable if the MaxReceiveBuffer LDAP policy value is set higher than the default. Rounding out the critical RCEs for June is [CVE-2022-30163](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30163>), which could allow a malicious application running on a Hyper-V guest to execute code on the host OS.\n\nThe other big news this month is the end of support for Internet Explorer 11 (IE11) on Windows 10 Semi-Annual Channels and Windows 10 IoT Semi-Annual Channels, as Microsoft encourages users to adopt the Chromium-based Edge browser (which saw fixes for 5 CVEs this month). Internet Explorer 11 on other versions of Windows should continue receiving security updates and technical support based on the OS support lifecycle, so this is only the beginning of the end for the legacy browser.\n\n## Summary charts\n\n\n\n## Summary tables\n\n### Apps vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30168>) | Microsoft Photos App Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### Azure vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30137](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30137>) | Azure Service Fabric Container Elevation of Privilege Vulnerability | No | No | 6.7 | Yes \n[CVE-2022-30177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30177>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30178](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30178>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30179](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30179>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30180](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30180>) | Azure RTOS GUIX Studio Information Disclosure Vulnerability | No | No | 7.8 | Yes \n \n### Azure System Center vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-29149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149>) | Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n### Browser vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-22021](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22021>) | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | No | No | 8.3 | Yes \n[CVE-2022-2011](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2011>) | Chromium: CVE-2022-2011 Use after free in ANGLE | No | No | N/A | Yes \n[CVE-2022-2010](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2010>) | Chromium: CVE-2022-2010 Out of bounds read in compositing | No | No | N/A | Yes \n[CVE-2022-2008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2008>) | Chromium: CVE-2022-2008 Out of bounds memory access in WebGL | No | No | N/A | Yes \n[CVE-2022-2007](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2007>) | Chromium: CVE-2022-2007 Use after free in WebGPU | No | No | N/A | Yes \n \n### Developer Tools vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184>) | .NET and Visual Studio Information Disclosure Vulnerability | No | No | 5.5 | Yes \n \n### ESU Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30140](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30140>) | Windows iSCSI Discovery Service Remote Code Execution Vulnerability | No | No | 7.1 | Yes \n[CVE-2022-30152](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30152>) | Windows Network Address Translation (NAT) Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-30135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30135>) | Windows Media Center Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30153](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30153>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30161](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30161>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30141>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-30143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30143>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30149>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30146>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30155](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30155>) | Windows Kernel Denial of Service Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30147>) | Windows Installer Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30163](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30163>) | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 8.5 | Yes \n[CVE-2022-30142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30142>) | Windows File History Remote Code Execution Vulnerability | No | No | 7.1 | Yes \n[CVE-2022-30151](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30151>) | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-30160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30160>) | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30166>) | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-21166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21166>) | Intel: CVE-2022-21166 Device Register Partial Write (DRPW) | No | No | N/A | Yes \n[CVE-2022-21127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21127>) | Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) | No | No | N/A | Yes \n[CVE-2022-21125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21125>) | Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) | No | No | N/A | Yes \n[CVE-2022-21123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21123>) | Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) | No | No | N/A | Yes \n \n### Microsoft Office vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30157](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30157>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30158](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30158>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30174>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.4 | Yes \n[CVE-2022-30159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30159>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30171>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30172>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30173>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### SQL Server vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-29143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29143>) | Microsoft SQL Server Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n \n### Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-32230](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-32230>) | Windows SMB Denial of Service Vulnerability | No | No | N/A | Yes \n[CVE-2022-30136](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30136>) | Windows Network File System Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-30139](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30139>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30162](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30162>) | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30165](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30165>) | Windows Kerberos Elevation of Privilege Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30145>) | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30148>) | Windows Desired State Configuration (DSC) Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30150](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30150>) | Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30132](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30132>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30131](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30131>) | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30189](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30189>) | Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-30154](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30154>) | Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability | No | No | 5.3 | Yes \n[CVE-2022-30164](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30164>) | Kerberos AppContainer Security Feature Bypass Vulnerability | No | No | 8.4 | Yes \n[CVE-2022-29111](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29111>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-22018](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22018>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30188](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30188>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-29119](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29119>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30167](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30167>) | AV1 Video Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30193](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30193>) | AV1 Video Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n\u200b\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe\n\n \n\n\n_**Additional reading:**_\n\n * _[The Hidden Harm of Silent Patches](<https://www.rapid7.com/blog/post/2022/06/06/the-hidden-harm-of-silent-patches/>)_\n * _[Maximize Your VM Investment: Fix Vulnerabilities Faster With Automox + Rapid7](<https://www.rapid7.com/blog/post/2022/05/16/maximize-your-vm-investment-fix-vulnerabilities-faster-with-automox-rapid7/>)_\n * _[How to Strategically Scale Vendor Management and Supply Chain Security](<https://www.rapid7.com/blog/post/2022/04/26/how-to-strategically-scale-vendor-management-and-supply-chain-security/>)_\n * _[Analyzing the Attack Landscape: Rapid7\u2019s 2021 Vulnerability Intelligence Report](<https://www.rapid7.com/blog/post/2022/03/28/analyzing-the-attack-landscape-rapid7s-annual-vulnerability-intelligence-report/>) \n_", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T19:37:50", "type": "rapid7blog", "title": "Patch Tuesday - June 2022", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-22018", "CVE-2022-22021", "CVE-2022-26937", "CVE-2022-29111", "CVE-2022-29119", "CVE-2022-29143", "CVE-2022-29149", "CVE-2022-30131", "CVE-2022-30132", "CVE-2022-30135", "CVE-2022-30136", "CVE-2022-30137", "CVE-2022-30139", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30145", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30148", "CVE-2022-30149", "CVE-2022-30150", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30157", "CVE-2022-30158", "CVE-2022-30159", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30162", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30165", "CVE-2022-30166", "CVE-2022-30167", "CVE-2022-30168", "CVE-2022-30171", "CVE-2022-30172", "CVE-2022-30173", "CVE-2022-30174", "CVE-2022-30177", "CVE-2022-30178", "CVE-2022-30179", "CVE-2022-30180", "CVE-2022-30184", "CVE-2022-30188", "CVE-2022-30189", "CVE-2022-30190", "CVE-2022-30193", "CVE-2022-32230"], "modified": "2022-06-14T19:37:50", "id": "RAPID7BLOG:36C78C12B88BFE8FEF93D8EF7A7AA553", "href": "https://blog.rapid7.com/2022/06/14/patch-tuesday-june-2022/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
Exploit for Vulnerability in Microsoft
