Patch Tuesday June 2022 – Microsoft Releases Several Chromium Security Updates
Patch Tuesday June – Highlights
This month’s Patch Tuesday has brought us some improvements and fixes for issues associated with Microsoft Edge Stable Channel (Version 102.0.1245.39), which incorporates the latest Security Updates of the Chromium project for CVE-2022-2011, CVE-2022-2010, CVE-2022-2008, and CVE-2022-2007.
The Follina Vulnerability Remains Unpatched
The most important vulnerability to be addressed, remains CVE-2022-30190, as it was discovered that hosts that rely upon MSDT from apps like Word or Excel are susceptible to the remote code execution vulnerability that has been dubbed the Follina Vulnerability.
Whenever the user interacts with the system, they will be taken to Microsoft’s Support page via a URL protocol. An interceding threat actor has the potential to get local user rights while data is being sent. This would allow the actor to execute malicious arbitrary code on the host computer.
In addition, according to Microsoft, if the vulnerability were successfully exploited, it would provide an attacker with the same sort of capabilities (such as the ability to remove data, alter data, view data, or create a new account) as the program that was doing the calling. There is currently no official solution available to solve the MSDT vulnerability. Microsoft has provided users with a number of different workarounds, which are short-term remedies that may stop in-application calling.
Microsoft has yet to patch this vulnerability but offered advice in regards to how it can be mitigated.
June Highlights in Vulnerabilities
Below you’ll be able to discover the full list of security and non-security vulnerabilities released in the latest patch Tuesday.
| Release Date | Last Updated | CVE Number | CVE Title | Tag |
|---|---|---|---|---|
| May 30, 2022 | Jun 3, 2022 | CVE-2022-30190 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | Microsoft Windows Support Diagnostic Tool (MSDT) |
| May 10, 2022 | Jun 3, 2022 | CVE-2022-29104 | Windows Print Spooler Elevation of Privilege Vulnerability | Windows Print Spooler Components |
| Jun 09, 2022 | Jun 9, 2022 | CVE-2022-22021 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Microsoft Edge (Chromium-based) |
| Jun 13, 2022 | Jun 13, 2022 | CVE-2022-2011 | Chromium: CVE-2022-2011 Use after free in ANGLE | Microsoft Edge (Chromium-based) |
| Jun 13, 2022 | Jun 13, 2022 | CVE-2022-2010 | Chromium: CVE-2022-2010 Out of bounds read in compositing | Microsoft Edge (Chromium-based) |
| Jun 13, 2022 | Jun 13, 2022 | CVE-2022-2008 | Chromium: CVE-2022-2008 Out of bounds memory access in WebGL | Microsoft Edge (Chromium-based) |
| Jun 13, 2022 | Jun 13, 2022 | CVE-2022-2007 | Chromium: CVE-2022-2007 Use after free in WebGPU | Microsoft Edge (Chromium-based) |
Additional resources:
- Patch Tuesday, May 2022.
- CVE-2022-30190 Enables Remote Code Execution
- What Is an Attack Surface in Cybersecurity?
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.