Science

Microsoft closes 3 critical gaps and the Internet Explorer chapter

2 weeks ago
Add Comment
by insideindyhomes

Microsoft Patch Day June 2022
Microsoft closes 3 critical gaps and the Internet Explorer chapter

providers on the topic

Microsoft releases 55 updates for patch day in June, 3 of which are classified as critical. The good news: None of the new vulnerabilities are currently public knowledge. The bad news: There is no update for the print spooler vulnerability on this patch day either.

Official support for Internet Explorer will end on Microsoft’s June 2022 patch day. Internet Explorer mode in Microsoft Edge ensures IE dependent applications will work until 2029.

(Logo: Microsoft)

In addition to the usual and obligatory cumulative updates for all supported Windows versions, there are three critical vulnerabilities this month that should be closed as soon as possible. This also affects the latest Windows versions Windows 11 and Windows Server 2022. The vulnerabilities affect Hyper-V, LDAP in Active Directory and NFS in Windows.

After a fresh installation of Windows 10, installing the necessary updates can become a game of patience. But with the right tools, it's quick and easy.

With the patch day in June 2022, the official support for Internet Explorer will also end. Internet Explorer mode in Microsoft Edge ensures IE dependent applications will work until 2029.

Several critical vulnerabilities allow remote code execution

The three vulnerabilities CVE-2022-30163, CVE-2022-30139 and CVE-2022-30136 are classified as critical and have one thing in common: They allow remote code execution on Windows systems. Basically, all current operating systems are affected, including Windows 11 and Windows Server 2022. The updates for these three gaps should therefore be closed as soon as possible.

Takeover of Hyper-V hosts possible – also from VMS: CVE-2022-30163

The CVE-2022-30163 vulnerability is one of the three vulnerabilities mentioned above that should be closed as soon as possible. A bug in Hyper-V makes it possible to run code from a VM on the Hyoer-V host. This of course puts all other VMs at risk as well as the rest of the network. Attacks of this type are more common, which is why the vulnerability is also defined as critical.

With Windows Server 2022, Microsoft is significantly increasing system security with DNS-over-Http, Secured Core and TLS 1.3.

LDAP under attack when MaxReceiveBuffer was adjusted in LDAP policy

Anyone who has increased the value of MaxReceiveBuffer via the LDAP policy should install the update as a matter of urgency, because the change also enables remote code execution on the affected servers. According to Microsoft, anyone who has left the value on the standard is not in danger. More about the guidelines can be found in the Microsoft documentation.

picture gallery

Picture gallery with 35 pictures

We want your opinion on the patch day news!

For many years we have been regularly publishing reports on Microsoft Patchday. We would like to know from you today how we can make the reports even more useful for your daily work. What additional information would you like, what can we make clearer, what can we leave out? Write us an eMail! We read every letter, I promise!

(ID:48402993)

#Microsoft #closes #critical #gaps #Internet #Explorer #chapter

You may also like

About the author

insideindyhomes

View all posts

Leave a Comment