Microsoft has released 55 security fixes that resolve critical issues including Remote Code Execution (RCE).
The Redmond giant’s latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, includes fixes for problems such as RCE vulnerabilities, information leaks, Elevation of Privilege (EoP), Use-After-Free issues, and out-of-bounds memory access.
Products impacted by June’s security update include the Windows operating system, Microsoft Office, Hyper-V Server, Azure, and Windows Defender. In total, three vulnerabilities are critical, one is moderate, and the rest are considered important.
Many of the vulnerabilities patched this month relate to remote code execution, but Microsoft says that there are no reports of active exploitation in the wild with the exception of an update to CVE-2022-30190, a Microsoft Windows Support Diagnostic Tool (MSDT) vulnerability made public in May.
Some of the most severe vulnerabilities resolved in this update are:
CVE-2022-30136: CVSS 9.8, Windows Network File System RCE vulnerability. Attackers need to make an unauthenticated, crafted call to a Network File System (NFS) service to trigger the bug.CVE-2022-30163: CVSS 8.5, A Windows Hyper-V RCE vulnerability exploitable through a specially