CYBER SECURITY ENTHUSIAST

This month’s Patch Tuesday has brought us some improvements and fixes for issues associated with Microsoft Edge Stable Channel (Version 102.0.1245.39), which incorporates the latest Security Updates of the Chromium project for CVE-2022-2011, CVE-2022-2010, CVE-2022-2008, and CVE-2022-2007.

The Follina Vulnerability Remains Unpatched

The most important vulnerability to be addressed, remains CVE-2022-30190, as it was discovered that hosts that rely upon MSDT from apps like Word or Excel are susceptible to the remote code execution vulnerability that has been dubbed the Follina Vulnerability.

Whenever the user interacts with the system, they will be taken to Microsoft’s Support page via a URL protocol. An interceding threat actor has the potential to get local user rights while data is being sent. This would allow the actor to execute malicious arbitrary code on the host computer.

In addition, according to Microsoft, if the vulnerability were successfully exploited, it would provide an attacker with the same sort of capabilities (such as the ability to remove data, alter data, view data, or create a new account) as the program that was doing the calling. There is currently no official solution available to solve the MSDT vulnerability. Microsoft has provided users with a number of different workarounds, which are short-term remedies that may stop in-application calling.

Microsoft has yet to patch this vulnerability but offered advice in regards to how it can be mitigated.

June Highlights in Vulnerabilities

Below you’ll be able to discover the full list of security and non-security vulnerabilities released in the latest patch Tuesday.

Release DateLast UpdatedCVE NumberCVE Title
Tag
May 30, 2022Jun 3, 2022
CVE-2022-30190 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Microsoft Windows Support Diagnostic Tool (MSDT)
May 10, 2022Jun 3, 2022
CVE-2022-29104Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Components
Jun 09, 2022
Jun 9, 2022
CVE-2022-22021Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based)
Jun 13, 2022
Jun 13, 2022
CVE-2022-2011Chromium: CVE-2022-2011 Use after free in ANGLE
Microsoft Edge (Chromium-based)
Jun 13, 2022
Jun 13, 2022
CVE-2022-2010Chromium: CVE-2022-2010 Out of bounds read in compositing
Microsoft Edge (Chromium-based)
Jun 13, 2022
Jun 13, 2022
CVE-2022-2008Chromium: CVE-2022-2008 Out of bounds memory access in WebGL
Microsoft Edge (Chromium-based)
Jun 13, 2022
Jun 13, 2022
CVE-2022-2007Chromium: CVE-2022-2007 Use after free in WebGPU
Microsoft Edge (Chromium-based)

Additional resources:

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

SECURITY ALERT:  Zero-Day Microsoft Support Diagnostic Tool Vulnerability CVE-2022-30190 Enables Remote Code Execution

Patch Tuesday May 2022 – Microsoft Pledges Fixes and Improvements for Azure Synapse Pipeline and Azure Data Factory

15+ Experts Explain Why Software Patching is Key for Your Online Security

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP