Microsoft has released the June 2022 Patch Tuesday. The company announced that it had patched 55 vulnerabilities, including the CVE-2022-30190 vulnerability, nicknamed Follina, which affects Office products. Among the fixed vulnerabilities, 27 RCE and 12 privilege escalation vulnerabilities stand out as having “important” levels.
June 2022 Patch Tuesday fixes major vulnerabilities in products such as Windows, Office, Azure, Endpoint Configuration Manager, SQL Server, Visual Studio, Microsoft Photos, and Intel MMIO.
Threat Actors Exploited Follina Zero-Day Vulnerability
The Follinazero-day vulnerability, discovered last month, allowed the execution of malicious PowerShell commands in the Windows Microsoft Diagnostic Tool (MSDT). The vulnerability, which was also capable of bypassing security measures such as Microsoft Office’s Protected View, could only be activated by opening a Word document.
Threat actors also started utilizing the Follina vulnerability and began distributing Qbot with phishing attacks. Among the targets of the attackers were the US government and Ukrainian media outlets. Microsoft offered a workaround for the issue, but an official patch did not come.
Three Critical Vulnerabilities Fixed by June 2022 Patch Tuesday
Apart from Follina, the details of the three critical vulnerabilities fixed are as follows:
- CVE-2022-30136 (CVSS: 9.8): Windows Network File System Remote Code Execution Vulnerability
- CVE-2022-30163 (CVSS: 8.5): Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2022-30139 (CVSS: 7.5): Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
You can read the update guide for a list of all the vulnerabilities that Microsoft patched with June 2022 Patch Tuesday.
With SOCRadar® Free Edition, you’ll be able to:
- Prevent Ransomware attacks with Free External Attack Surface Management
- Get Instant alerts for fraudulent domains against phishing and BEC attacks
- Monitor Deep Web and Dark Net for threat trends
- Get vulnerability intelligence when a critical zero-day is disclosed
- Get IOC search & APT tracking & threat hunting in one place
- Get notified with data breach detection
Free for 12 months for one corporate domain and 100 auto-discovered digital assets. Get Free Access.