Published: Jun 15, 2022
Microsoft has released yesterday the June 2022 Patch Tuesday updates for Windows 11 and Windows 10, which include 60 security fixes for remote code execution vulnerabilities, information disclosures, and more. Windows 11 users are also getting a new feature this month with Windows Spotlight wallpapers coming to the desktop.
Here are the most important security fixes that Microsoft released as part of the June 2022 Patch Tuesday updates, which include patches for three critical vulnerabilities:
The KB5014697 patch (build 22000.739) for Windows 11 gives users the option to personalize their background with Windows Spotlight wallpapers. Windows Spotlight already offers a rotating selection of wallpapers on the Windows 10 and Windows 11 lock screens, but it can now be enabled on the Windows 11 desktop as well.
To enable Windows Spotlight wallpapers, users need to open the Settings app and go to Personalization > Background > Personalize your background, and then choose Windows spotlight. The feature will also add a desktop shortcut allowing users to learn more details about the current image and switch to another one.
If you have set up a Microsoft Family to manage how your kids can use their devices, this update also improves the Family Safety verification experience when kids send a request for additional screen time. This month’s Patch Tuesday update also fixes an issue causing file copying to be slower than usual.
You can find the list of 60 CVEs included in the June 2022 Patch Tuesday updates below (via the Zero Day Initiative). We’ve already detailed the three critical vulnerabilities, but there are also 51 CVEs rated as important.
Details | Impact | Severity |
CVE-2022-30163 | Remote Code Execution | Critical |
CVE-2022-30139 | Remote Code Execution | Critical |
CVE-2022-30136 | Remote Code Execution | Critical |
CVE-2022-30184 | Information Disclosure | Important |
CVE-2022-30167 | Remote Code Execution | Important |
CVE-2022-30193 | Remote Code Execution | Important |
CVE-2022-29149 | Elevation of Privilege | Important |
CVE-2022-30180 | Information Disclosure | Important |
CVE-2022-30177 | Remote Code Execution | Important |
CVE-2022-30178 | Remote Code Execution | Important |
CVE-2022-30179 | Remote Code Execution | Important |
CVE-2022-30137 | Elevation of Privilege | Important |
CVE-2022-22018 | Remote Code Execution | Important |
CVE-2022-29111 | Remote Code Execution | Important |
CVE-2022-29119 | Remote Code Execution | Important |
CVE-2022-30188 | Remote Code Execution | Important |
CVE-2022-21123 | Information Disclosure | Important |
CVE-2022-21125 | Information Disclosure | Important |
CVE-2022-21127 | Information Disclosure | Important |
CVE-2022-21166 | Information Disclosure | Important |
CVE-2022-30164 | Security Feature Bypass | Important |
CVE-2022-30166 | Elevation of Privilege | Important |
CVE-2022-30173 | Remote Code Execution | Important |
CVE-2022-30154 | Elevation of Privilege | Important |
CVE-2022-30159 | Information Disclosure | Important |
CVE-2022-30171 | Information Disclosure | Important |
CVE-2022-30172 | Information Disclosure | Important |
CVE-2022-30174 | Remote Code Execution | Important |
CVE-2022-30168 | Remote Code Execution | Important |
CVE-2022-30157 | Remote Code Execution | Important |
CVE-2022-30158 | Remote Code Execution | Important |
CVE-2022-29143 | Remote Code Execution | Important |
CVE-2022-30160 | Elevation of Privilege | Important |
CVE-2022-30151 | Elevation of Privilege | Important |
CVE-2022-30189 | Spoofing | Important |
CVE-2022-30131 | Elevation of Privilege | Important |
CVE-2022-30132 | Elevation of Privilege | Important |
CVE-2022-30150 | Elevation of Privilege | Important |
CVE-2022-30148 | Information Disclosure | Important |
CVE-2022-30145 | Remote Code Execution | Important |
CVE-2022-30142 | Remote Code Execution | Important |
CVE-2022-30147 | Elevation of Privilege | Important |
CVE-2022-30140 | Remote Code Execution | Important |
CVE-2022-30165 | Elevation of Privilege | Important |
CVE-2022-30155 | Denial of Service | Important |
CVE-2022-30162 | Information Disclosure | Important |
CVE-2022-30141 | Remote Code Execution | Important |
CVE-2022-30143 | Remote Code Execution | Important |
CVE-2022-30146 | Remote Code Execution | Important |
CVE-2022-30149 | Remote Code Execution | Important |
CVE-2022-30153 | Remote Code Execution | Important |
CVE-2022-30161 | Remote Code Execution | Important |
CVE-2022-30135 | Elevation of Privilege | Important |
CVE-2022-30152 | Denial of Service | Important |
CVE-2022-32230 | Denial of Service | Important |
CVE-2022-22021 | Remote Code Execution | Moderate |
CVE-2022-2007 | Remote Code Execution | High |
CVE-2022-2008 | Remote Code Execution | High |
CVE-2022-2010 | Remote Code Execution | High |
CVE-2022-2011 | RC | High |
As you may already know, Internet Explorer also reaches end of support today, June 15, 2022. If Internet Explorer isn’t available on Windows 11, this announcement will affect all currently supported versions of Windows 10 Home, Pro, Enterprise, Education, and IoT.
The legacy web browser won’t be immediately removed on all these versions of Windows today, but users will be progressively redirected to Microsoft Edge. Microsoft invites organizations to start using IE mode in Microsoft Edge, which will be supported through at least 2029.
Microsoft will actually continue to support Internet Explorer 11 on Windows 10 LTSC releases (including IoT), all Windows Server versions, as well as Windows 10 China Government Edition, Windows 8.1, and Windows 7 with Extended Security Updates (ESUs). Still, Microsoft recommends using IE mode in Microsoft Edge, which will allow web developers to continue testing their sites for years to come.
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.
If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.