Microsoft Security Update Revisions Issued: June 14, 2022

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

************************************************************************************

Title: Microsoft Security Update Revisions

Issued: June 14, 2022

************************************************************************************

Summary

=======

The following CVEs have undergone a revision increment.

====================================================================================

* CVE-2021-26414

* CVE-2022-23267

* CVE-2022-24513

* CVE-2022-24527

* CVE-2022-26832

* CVE-2022-30190

 - CVE-2021-26414 | Windows DCOM Server Security Feature Bypass

 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414

 - Version: 2.0

 - Reason for Revision: Microsoft is announcing the release of the June 14, 2022

   Windows security updates to address the second phase of hardening changes for this

   vulnerability. After these updates are installed, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY

   on DCOM servers will be enabled by default. Customers who need to do so can still

   disable it by using the  RequireIntegrityActivationAuthenticationLevel registry key.

   Microsoft strongly recommends that customers install the June 14, 2022 updates,

   complete testing in your environment, and enable these hardening changes as soon

   as possible.

 - Originally posted: June 8, 2021

 - Updated: June 14, 2022

 - Aggregate CVE Severity Rating: Important

 - CVE-2022-23267 | .NET and Visual Studio Denial of Service Vulnerability

 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267

 - Version: 3.0

 - Reason for Revision: Revised the Security Updates table to include Visual Studio

   2019 for Mac and Visual Studio 2022 for Mac because these versions of Visual

   Studio for Mac are affected by this vulnerability. Microsoft strongly recommends

   that customers running these versions of Visual Studio install the updates to be

   fully protected from the vulnerability.

 - Originally posted: May 10, 2022

 - Updated: June 14, 2022

 - Aggregate CVE Severity Rating: Important

 - CVE-2022-24513 | Visual Studio Elevation of Privilege Vulnerability

 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513

 - Version: 3.0

 - Reason for Revision: Microsoft has released the June 2022 security updates to

   further address CVE-2022-24513 for the following supported versions of Visual Studio:

   Visual Studio 2017 version 15.9, Visual Studio 2019 version 16.9, Visual Studio 2019

   version 16.11, Microsoft Visual Studio 2022 version 17.0, and Visual Studio 2019 for

   Mac version 8.10. In addition, Visual Studio 2022 for Mac version 17.0 has been added

   to the Security Updates table as it is also affected by this vulnerability. Microsoft

   strongly recommends that customers install these updates to be fully protected from

   the vulnerability.

 - Originally posted: April 12, 2022

 - Updated: June 14, 2022

 - Aggregate CVE Severity Rating: Important

 - CVE-2022-24527 | Microsoft Endpoint Configuration Manager Elevation of Privilege

   Vulnerability

 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24527

 - Version: 2.0

 - Reason for Revision: The following revisions have been made: 1) Added Microsoft

   Endpoint Configuration Manager to the Security Updates table as it is affected by this

   vulnerability. 2) Removed all versions of Windows from the Security Updates table,

   because the update to address this vulnerability is not available via the Windows

   security updates. 3) Updated the FAQs to provide information about how customers can

   get the hotfix for Microsoft Endpoint Configuration Manager that addresses this

   vulnerability. 4) Corrected the CVE title.

 - Originally posted: April 12, 2022

 - Updated: June 14, 2022

 - Aggregate CVE Severity Rating: Important

 - CVE-2022-26832 | .NET Framework Denial of Service Vulnerability

 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26832

 - Version: 3.0

 - Reason for Revision: In the Security Updates table, added .NET Framework

   4.6.2/4.7/4.7.1/4.7.2 installed on Windows 10 version 1607, Windows Server 2016, and

   Windows Server 2016 (Server Core installation) as these versions of Window 10 and Windows

   Server with .NET Framework 4.6.2/4.7/4.7.1/4.7.2 installed are affected by this

   vulnerability. Customers running these versions of .NET Framework should install the

   April 2022 security updates to be protected from this vulnerability.

 - Originally posted: April 12, 2022

 - Updated: June 14, 2022

 - Aggregate CVE Severity Rating: Important

 - CVE-2022-30190 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code

   Execution Vulnerability

 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190

 - Version: 2.0

 - Reason for Revision: The update for this vulnerability is in the June 2022

   cumulative Windows Updates. Microsoft strongly recommends that customers install

   the updates to be fully protected from the vulnerability. Customers whose systems are

   configured to receive automatic updates do not need to take any further action.

 - Originally posted: May 30, 2022

 - Updated: June 14, 2022

 - Aggregate CVE Severity Rating: Important

Other Information

=================

Recognize and avoid fraudulent email to Microsoft customers:

=============================================================

If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.