15-Year-Long Struggle Ends! Elderly Hyderabad-Based Couple Successfully Undergoes Total Knee Replacement Surgery At Medicover Hospitals, Navi Mumbai-श्रीरंग बारणेंनासाठी राष्ट्रवादीची जंगी सभा : सुधाकर घारेंच्या नेतृत्वात रॉयल गार्डनचे सभागृह झाले हाऊसफुल-Para Share Entertainments Kicks off its operations in India with three power-packed shows-IndiaMART InterMESH Limited Announces 12M FY24 (Full Year) and Q4FY24 (Fourth Quarter) Ending March 31, 2024 - Results-GJEPC innovNXT I Forty Under 40 - Next Gen Leadership Summit Witnesses Young Leaders Transforming The Business Landscape and Driving Growth-TBO TEK LIMITED IPO OPENS ON 8 May, 2024 PRICE BAND SET AT Rs. 875 TO 920 PER EQUITY SHARE-आधार हाउसिंग फाइनैंस लिमिटेड का आईपीओ 8-10 मई तक, 3,000 करोड़ जुटाएगी-Airbnb introduces Icons— Bollywood Star Jahnvi Kapoor opens the door to her legendary, never-before-seen family home in Chennai-AADHAR HOUSING FINANCE LIMITED IPO OPENS ON MAY 8, 2024 PRICE BAND SET AT Rs. 300 TO 315 PER EQUITY SHARE-महाराष्ट्र दिवस पर कालबादेवी में ओशो समारोह 'ओशो के अनुज डॉक्टर स्वामी शैलेंद्र सरस्वती' और 'मां अमृत प्रियाजी' की उपस्थिति में ओशो का ध्यान प्रयोग और प्रवचन होगा

Microsoft’s June 2022 Patch Tuesday Addresses 55 CVEs

Claire Tills, Senior Research Engineer at Tenable

Posted By: Sachin Murdeshwar June 16, 2022

MUMBAI, 16 JUNE, 2022 (GPN): Microsoft addressed CVE-2022-30136, a remote code execution vulnerability in the network file system that can be exploited by an unauthenticated attacker, assigning a CVSSv3 score of 9.8. This vulnerability does not affect versions 2 and 3 of Network File System (NFS). In terms of mitigation, Microsoft has proposed disabling NFS version 4.1. However, this may have adverse effects on systems, particularly for organizations that have not applied the May 2022 security update for CVE-2022-26937. Whenever possible, organizations are strongly encouraged to update with the most recent patches.

“Patches for CVE-2022-30190, the zero day known as Follina that was disclosed in late May, were also included in this month’s release. There was significant speculation leading up to Patch Tuesday about whether Microsoft would be releasing patches given Microsoft’s initial dismissal of the flaw and its widespread exploitation in the weeks since its public disclosure.

“On the subject of Microsoft’s troubling pattern of dismissing legitimate security concerns, Tenable researcher Jimi Sebree discovered and disclosed two vulnerabilities in Microsoft’s Azure Synapse Analytics, one of which has been patched and one which has not. Neither of these vulnerabilities were assigned CVE numbers or documented in Microsoft’s security update guide for June.”

Discussing the vulnerabilities discovered by Tenable researcher Jimi Sebree, Amit Yoran, Chairman and CEO at Tenable said in a LinkedIn Post yesterday:

“After evaluating the situation, Microsoft decided to silently patch one of the problems, downplaying the risk. It was only after being told that we were going to go public, that their story changed…89 days after the initial vulnerability notification…when they privately acknowledged the severity of the security issue. To date, Microsoft customers have not been notified.”

“Without timely and detailed disclosures, customers have no idea if they were, or are, vulnerable to attack…or if they fell victim to attack prior to a vulnerability being patched. And not notifying customers denies them the opportunity to look for evidence that they were or were not compromised, a grossly irresponsible policy.” — Claire Tills, Senior Research Engineer at Tenable.Ends

About the Author

Sachin Murdeshwar
Sachin Murdeshwar is a Sr.Journalist and Columnist in several Mainline Newspapers and Portals.He is an ardent traveller and likes to explore destinations to the core.

Be the first to comment on "Microsoft’s June 2022 Patch Tuesday Addresses 55 CVEs"

Leave a comment

Your email address will not be published.


*