Critical security update for millions of Windows 10, 11 and Server users

In addition to fixing the previously attacked Follina zero-day exploit, Microsoft has just confirmed three critical vulnerabilities affecting millions of Windows and Windows Server users.

In the collection of 55 new Microsoft security updates, yes it’s Patch Tuesday again, there are three that are considered critical. The good news is that none of these vulnerabilities, in fact none of the 55 listed vulnerabilities, are currently being exploited in the wild. I can say that despite the distribution of the CVE-2022-30190 Follina patch because, strangely, Microsoft did not list it among the vulnerabilities fixed.

MORE FORBESAct Now to Fix Under Attack Microsoft Windows 0-Day Hack

The three critical security flaws are:

CVE-2022-30136

CVE-2022-30136 affects Windows Server (2012, 2016, 2019) users and is a Remote Code Execution (RCE) threat that could be exploited on the network using a malicious call to a network file system (NFS) service. According to Mike Walters, cybersecurity manager and co-founder of Action1, it is believed that “an exploit for this vulnerability has been developed, although this information has not been confirmed”. It also warns that “this June patch should only be applied after the May patch has been installed,” referring to last month’s CVE-2022-26937 patch.

CVE-2022-30139

CVE-2022-30139 affects Windows (10 and 11) and Windows Server (2016, 2019, 20H2, 2022) users and is another RCE, but this time impacts Windows Lightweight Directory Access Protocol (LDAP) where default policy values ​​have been changed. According to Vulnerability Database, although all the technical details are still unknown, “a simple authentication is required for exploitation”. While confirming that no public exploit is available, the site suggests that an exploit could be worth between $5,000 and $25,000.

CVE-2022-30163

CVE-2022-30163 affects Windows (7, 8.1, 10, and 11) and Windows Server (2008, 2012, 2016, 2019, 20H2, and 2022) users and is another arbitrary remote code execution vulnerability. This time it targets Windows Hyper-V host by using malicious application on Hyper-V guest. According to the Trend Micro Zero Day Initiative, “Microsoft notes that attack complexity is high because an attacker is expected to win a race condition. However, we have seen many demonstrated reliable exploits that involve race conditions, so take action appropriate to test and deploy this update.”

Do you need to update your Windows or Windows Server platform immediately?

Obviously, as always, the point to remember is to update as soon as possible in order to consolidate these security flaws. Well, for consumers at least. The situation becomes more complex for organizations. “Companies are generally slow to patch, but I bet vulnerabilities are still the most common reason organizations are compromised,” said Mark Lamb, CEO of HighGround.io. “Security standards, including the UK’s Cyber ​​Essentials presentation standard, encourage the deployment of patches within 14 days of release for operating systems and applications, but it is not uncommon for organizations take months to deploy their patches.” Lamb recommends, where possible, that organizations be “diligent in approving and deploying patches on a weekly basis because,” he says, “you don’t know what the next vulnerability will be and if it will could have been mitigated with consistent patching and diligent patching.”