Microsoft released June 2022 security updates to fix found vulnerabilities in their software products and features that include, but not limited to:
Windows OS: 10 and 11
Windows Server: 2012, 2016, 2019, 2022
Microsoft Office: 2013, 2016, 2019, Microsoft 365
Microsoft SQL Server: 2014, 2016, 2017 and 2019
The released security updates fix about 55 vulnerabilities, which include 3 rated as critical and 1 zero-day vulnerability. It includes:
CVE-2022-30190: Microsoft Windows Support Diagnostic Tool (MSDT) RCE Vulnerability
CVE-2022-30136: Windows Network File System RCE Vulnerability
CVE-2022-30147: Windows Installer Elevation of Privilege Vulnerability
Microsoft also announced that Internet Explorer browser has reached its end of life and will therefore be permanently disabled in Windows in future updates.
Security Risks
If the identified vulnerabilities in Microsoft products are not patched, authenticated attackers can remotely gain control of vulnerable systems and run malicious code with elevated privileges.
The National Cyber Security Authority (NCSA) recommends users and system administrators to:
1. apply the latest security patches, as soon as possible, to prevent unauthorized control over unpatched systems;
2. upgrade immediately to the latest supported version of installed Microsoft software in order to continue receiving technical support and security patches.
The following Microsoft software products reached their end-of-life and need to be upgraded immediately:
Internet Explorer;
Windows XP, 8 and 7.
3. Before any update task, ensure you have backup for your data.
For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009