Alert GCSA-22068 - Microsoft Security Update Giugno 2022
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-22068
Data: 15 Giugno 2022
Titolo: Microsoft Security Update Giugno 2022
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato il security update mensile per Giugno 2022,
questa versione risolve 55 vulnerabilita', delle quali 3 sono classificate
come critiche e una zero-day.
La CVE-2022-30190 risulta essere sfruttata attivamente in rete.
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
.NET and Visual Studio
Azure OMI
Azure Real Time Operating System
Azure Service Fabric Container
Intel
Microsoft Edge (Chromium-based)
Microsoft Office
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Windows ALPC
Microsoft Windows Codecs Library
Remote Volume Shadow Copy Service (RVSS)
Role: Windows Hyper-V
SQL Server
Windows Ancillary Function Driver for WinSock
Windows App Store
Windows Autopilot
Windows Container Isolation FS Filter Driver
Windows Container Manager Service
Windows Defender
Windows Encrypting File System (EFS)
Windows File History Service
Windows Installer
Windows iSCSI
Windows Kerberos
Windows Kernel
Windows LDAP - Lightweight Directory Access Protocol
Windows Local Security Authority Subsystem Service
Windows Media
Windows Network Address Translation (NAT)
Windows Network File System
Windows PowerShell
Windows SMB
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
Provide Misleading Information (spoofing)
Information Disclosure (ID)
Bypass restrizioni di sicurezza
:: Soluzioni
Per default l'installazione degli aggiornamenti
avviene in maniera automatica.
Per installare manualmente scegliere
Start > Impostazioni > Aggiornamento e Sicurezza > Windows Update
Verificare di aver installato la versione piu' recente del
Servicing Stack Updates
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
https://docs.microsoft.com/it-it/windows/deployment/update/servicing-stack-updates
Windows Update domande frequenti
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Gli aggiornamenti sono disponibili anche tramite il catalogo di Microsoft Update
https://www.catalog.update.microsoft.com/
Gli utenti che utilizzano ancora Windows 7, Windows Server 2008 o 2008 R2
devono acquistare l'Extended Security Update per continuare a ricevere gli aggiornamenti
https://support.microsoft.com/en-hk/help/4522133/procedure-to-continue-receiving-security-updates
:: Riferimenti
Microsoft Security Updates - Release Notes
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32230
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFiqZYtwZxMk2USYEIRCOdzAJ9CHXFHtnpI08CVVvLT+PubIlPv3gCfYAtk
ocFr5nEvX1zu/0kdRYACclo=
=gY5j
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-22068
Data: 15 Giugno 2022
Titolo: Microsoft Security Update Giugno 2022
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato il security update mensile per Giugno 2022,
questa versione risolve 55 vulnerabilita', delle quali 3 sono classificate
come critiche e una zero-day.
La CVE-2022-30190 risulta essere sfruttata attivamente in rete.
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
.NET and Visual Studio
Azure OMI
Azure Real Time Operating System
Azure Service Fabric Container
Intel
Microsoft Edge (Chromium-based)
Microsoft Office
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Windows ALPC
Microsoft Windows Codecs Library
Remote Volume Shadow Copy Service (RVSS)
Role: Windows Hyper-V
SQL Server
Windows Ancillary Function Driver for WinSock
Windows App Store
Windows Autopilot
Windows Container Isolation FS Filter Driver
Windows Container Manager Service
Windows Defender
Windows Encrypting File System (EFS)
Windows File History Service
Windows Installer
Windows iSCSI
Windows Kerberos
Windows Kernel
Windows LDAP - Lightweight Directory Access Protocol
Windows Local Security Authority Subsystem Service
Windows Media
Windows Network Address Translation (NAT)
Windows Network File System
Windows PowerShell
Windows SMB
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
Provide Misleading Information (spoofing)
Information Disclosure (ID)
Bypass restrizioni di sicurezza
:: Soluzioni
Per default l'installazione degli aggiornamenti
avviene in maniera automatica.
Per installare manualmente scegliere
Start > Impostazioni > Aggiornamento e Sicurezza > Windows Update
Verificare di aver installato la versione piu' recente del
Servicing Stack Updates
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
https://docs.microsoft.com/it-it/windows/deployment/update/servicing-stack-updates
Windows Update domande frequenti
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Gli aggiornamenti sono disponibili anche tramite il catalogo di Microsoft Update
https://www.catalog.update.microsoft.com/
Gli utenti che utilizzano ancora Windows 7, Windows Server 2008 o 2008 R2
devono acquistare l'Extended Security Update per continuare a ricevere gli aggiornamenti
https://support.microsoft.com/en-hk/help/4522133/procedure-to-continue-receiving-security-updates
:: Riferimenti
Microsoft Security Updates - Release Notes
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32230
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFiqZYtwZxMk2USYEIRCOdzAJ9CHXFHtnpI08CVVvLT+PubIlPv3gCfYAtk
ocFr5nEvX1zu/0kdRYACclo=
=gY5j
-----END PGP SIGNATURE-----