Microsoft’s June 2022 Patch Tuesday Updates Fix Several Remote Code Execution Vulnerabilities
Microsoft has released yesterday the June 2022 Patch Tuesday updates for Windows 11 and Windows 10, which include 60 security fixes for remote code execution vulnerabilities, information disclosures, and more. Windows 11 users are also getting a new feature this month with Windows Spotlight wallpapers coming to the desktop.
Serious bugs patched in June 2022
Here are the most important security fixes that Microsoft released as part of the June 2022 Patch Tuesday updates, which include patches for three critical vulnerabilities:
- CVE-2022-30163: This Windows Hyper-V Remote Code Execution Vulnerability could allow attackers to run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code.
- CVE-2022-30139: This RCE vulnerability in the Windows Lightweight Directory Access Protocol (LDAP) is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value.
- CVE-2022-30136: This RCE vulnerability in the Windows Network File system could be exploited over the network by attackers making an unauthenticated, specially crafted call to a Network File System (NFS) service. However, this vulnerability is not exploitable in NFSV2.0 or NFSV3.0.
Quality and experience updates
The KB5014697 patch (build 22000.739) for Windows 11 gives users the option to personalize their background with Windows Spotlight wallpapers. Windows Spotlight already offers a rotating selection of wallpapers on the Windows 10 and Windows 11 lock screens, but it can now be enabled on the Windows 11 desktop as well.
To enable Windows Spotlight wallpapers, users need to open the Settings app and go to Personalization > Background > Personalize your background, and then choose Windows spotlight. The feature will also add a desktop shortcut allowing users to learn more details about the current image and switch to another one.
If you have set up a Microsoft Family to manage how your kids can use their devices, this update also improves the Family Safety verification experience when kids send a request for additional screen time. This month’s Patch Tuesday update also fixes an issue causing file copying to be slower than usual.
60 vulnerabilities were fixed in the June 2022 Patch Tuesday updates
You can find the list of 60 CVEs included in the June 2022 Patch Tuesday updates below (via the Zero Day Initiative). We’ve already detailed the three critical vulnerabilities, but there are also 51 CVEs rated as important.
|CVE-2022-30163||Remote Code Execution||Critical|
|CVE-2022-30139||Remote Code Execution||Critical|
|CVE-2022-30136||Remote Code Execution||Critical|
|CVE-2022-30167||Remote Code Execution||Important|
|CVE-2022-30193||Remote Code Execution||Important|
|CVE-2022-29149||Elevation of Privilege||Important|
|CVE-2022-30177||Remote Code Execution||Important|
|CVE-2022-30178||Remote Code Execution||Important|
|CVE-2022-30179||Remote Code Execution||Important|
|CVE-2022-30137||Elevation of Privilege||Important|
|CVE-2022-22018||Remote Code Execution||Important|
|CVE-2022-29111||Remote Code Execution||Important|
|CVE-2022-29119||Remote Code Execution||Important|
|CVE-2022-30188||Remote Code Execution||Important|
|CVE-2022-30164||Security Feature Bypass||Important|
|CVE-2022-30166||Elevation of Privilege||Important|
|CVE-2022-30173||Remote Code Execution||Important|
|CVE-2022-30154||Elevation of Privilege||Important|
|CVE-2022-30174||Remote Code Execution||Important|
|CVE-2022-30168||Remote Code Execution||Important|
|CVE-2022-30157||Remote Code Execution||Important|
|CVE-2022-30158||Remote Code Execution||Important|
|CVE-2022-29143||Remote Code Execution||Important|
|CVE-2022-30160||Elevation of Privilege||Important|
|CVE-2022-30151||Elevation of Privilege||Important|
|CVE-2022-30131||Elevation of Privilege||Important|
|CVE-2022-30132||Elevation of Privilege||Important|
|CVE-2022-30150||Elevation of Privilege||Important|
|CVE-2022-30145||Remote Code Execution||Important|
|CVE-2022-30142||Remote Code Execution||Important|
|CVE-2022-30147||Elevation of Privilege||Important|
|CVE-2022-30140||Remote Code Execution||Important|
|CVE-2022-30165||Elevation of Privilege||Important|
|CVE-2022-30155||Denial of Service||Important|
|CVE-2022-30141||Remote Code Execution||Important|
|CVE-2022-30143||Remote Code Execution||Important|
|CVE-2022-30146||Remote Code Execution||Important|
|CVE-2022-30149||Remote Code Execution||Important|
|CVE-2022-30153||Remote Code Execution||Important|
|CVE-2022-30161||Remote Code Execution||Important|
|CVE-2022-30135||Elevation of Privilege||Important|
|CVE-2022-30152||Denial of Service||Important|
|CVE-2022-32230||Denial of Service||Important|
|CVE-2022-22021||Remote Code Execution||Moderate|
|CVE-2022-2007||Remote Code Execution||High|
|CVE-2022-2008||Remote Code Execution||High|
|CVE-2022-2010||Remote Code Execution||High|
Internet Explorer 11 reaches and of support today
As you may already know, Internet Explorer also reaches end of support today, June 15, 2022. If Internet Explorer isn’t available on Windows 11, this announcement will affect all currently supported versions of Windows 10 Home, Pro, Enterprise, Education, and IoT.
The legacy web browser won’t be immediately removed on all these versions of Windows today, but users will be progressively redirected to Microsoft Edge. Microsoft invites organizations to start using IE mode in Microsoft Edge, which will be supported through at least 2029.
Microsoft will actually continue to support Internet Explorer 11 on Windows 10 LTSC releases (including IoT), all Windows Server versions, as well as Windows 10 China Government Edition, Windows 8.1, and Windows 7 with Extended Security Updates (ESUs). Still, Microsoft recommends using IE mode in Microsoft Edge, which will allow web developers to continue testing their sites for years to come.
Windows Update testing and best practices
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.
If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.
More in Windows Client OS
How to Enable Windows 11 Config Lock on Secured-Core PCs
Dec 2, 2022 | Dean Ellerby
How to Install Google Drive for Desktop (Install & Set Up)
Nov 23, 2022 | Rabia Noureen
How to Use LAPS to Manage Local Admin Account Passwords in Active Directory and Azure AD
Nov 14, 2022 | Michael Reinders
Microsoft's November Patch Tuesday Updates Fix 69 Windows Flaws
Nov 9, 2022 | Laurent Giret
What Are the Different Windows Logon Types?
Oct 31, 2022 | Michael Reinders
October 2022 Patch Tuesday Updates Fix 85 Windows Vulnerabilities
Oct 12, 2022 | Laurent Giret
Most popular on petri