Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws
Microsoft’s June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT ‘Follina’ zero-day vulnerability and new Intel MMIO flaws.
Of the 55 vulnerabilities fixed in today’s update, three are classified as ‘Critical’ as they allow remote code execution, with the rest classified as Important. This does not include 5 Microsoft Edge Chromium updates that were released earlier this week.
The number of bugs in each vulnerability category is listed below:
- 12 Elevation of Privilege Vulnerabilities
- 1 Security Feature Bypass Vulnerabilities
- 27 Remote Code Execution Vulnerabilities
- 11 Information Disclosure Vulnerabilities
- 3 Denial of Service Vulnerabilities
- 1 Spoofing Vulnerability
Last month, a new Windows zero-day vulnerability was discovered in attacks that executed malicious PowerShell commands via the Windows Microsoft Diagnostic Tool (MSDT).
At the time, this vulnerability bypassed all security protections, including Microsoft Office’s Protected View, and executed the PowerShell scripts just by opening a Word document.
Soon after, threat actors began utilizing it in widespread phishing attacks that distributed QBot, targeted US government agencies, and targeted Ukrainian media organizations.
While Microsoft released mitigations for the vulnerability, they would not say if they would patch it.
Today, Microsoft released a security update for the Windows MSDT vulnerability, and it is included in the June 2022 cumulative updates or in a standalone security update for Windows Server.