Update now! Microsoft patches Follina, and many other security updates

Update now! Microsoft patches Follina, and many other security updates

The June 2022 Patch Tuesday may go down in history as the day that Follinagot patched, but there was a host of other important updates. And not just from Microsoft. Many other software vendors follow the pattern of monthly updates set by the people in Redmond.

Microsoft

Microsoft released updates to deal with 60 security vulnerabilities. Undoubtedly the most prominent one is the one that goes by the name of Follina. The Edge browser received five of the patched vulnerabilities .

Follina, or CVE-2022-30190

A quick recap about Follina. On Monday May 30, 2022, Microsoft issued CVE-2022-30190regarding a vulnerability in the Microsoft Support Diagnostic Tool (MSDT) in Windows. An in the wild exploit was using a feature in Word to retrieve a HTML file from a remote server, and that HTML file in turn was using MSDT to load code and execute PowerShell commands.

CVE-2022-30136

Another critical vulnerability is CVE-2022-30136, a bug in NFS 4.1 which could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). This vulnerability concerns a number of Windows Server products and received a CVSSscore of 9.8 out of 10. Last month, Microsoft fixed a similar vulnerability (CVE-2022-26937) affecting NFS v2.0 and v3.0.

CVE-2022-30139

Similar is CVE-2022-30139, a Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution (RCE) vulnerability. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. LDAP is a software protocol for enabling anyone to locate data about organizations, individuals and other resources such as files and devices in a network. LDAP is a “lightweight” (smaller amount of code) version of Directory Access Protocol (DAP). In total, seven vulnerabilities in LDAP were found and fixed.

CVE-2022-30163

Noteworthy as well is CVE-2022-30163a Windows Hyper-V Remote Code Execution vulnerability that allows an attacker to run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code. Microsoft Hyper-V is a virtualization platform, which enables administrators to virtualize multiple operating systems to run off the same physical server simultaneously.

More Microsoft news

Microsoft has also started to phase out Internet Explorer, but more about that in a separate post.

And then there was a storm of criticism about the way Microsoft handled the SynLapse vulnerabilityin Azure Data Factory and Azure Synapse Pipelines. SynLapse is the name for a critical bug in Azure’s Synapse service that allowed attackers to obtain credentials to other workspaces, execute code, or leak customer credentials to data sources outside of Azure. Rather than dealing with the vulnerability in a way that closed the gap once and for all, Microsoft choose what researchers called a halfhearted way that was easily bypassed in a following attempt. Orca researchers said they were able to bypass Microsoft’s fix for the issue twice before the company put a working fix in place.

Other vendors

Adobe has released security updates to address vulnerabilities in multiple products.

Atlassianreleased a patch for the in the wild exploitedConfluence RCE vulnerability.

Citrixfixed two vulnerabilities in Citrix ADM server and Citrix ADM agent.

Drupalfixed two “Moderately critical” vulnerabilities.

GitLabreleased versions 15.0.1, 14.10.4, and 14.9.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).

Google put out updates for Androidand Chrome.

SAPpublished security notes about some high priority vulnerabilities

Stay safe, everyone!

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.