It has been known since May and is already being actively exploited. Bugs in SharePoint Server, Hyper-V and Windows Kerberos also pose a particularly high risk. In total, Microsoft plugs 55 holes in its products.
Microsoft hat die June security updates released for download. The monthly patch day brings fixes for 55 vulnerabilities. Below is one gap known since May in the Microsoft Windows Support Diagnostics Tool (MSDT), which is already being actively exploited by hackers. An attacker may be able to remotely inject malicious code and install programs or view and delete data.
The company also classifies a vulnerability in the Windows Network File System as particularly serious. Remote code execution is apparently also possible here, which is why the vulnerability is rated 9.8 points in the ten-level Common Vulnerability Scoring System. All supported versions of Windows and Windows Server are affected, including Windows 11 and Windows Server 2022.
A specially crafted application in a Hyper-V guest session is also capable of remotely executing malicious code. The vulnerability in Hyper-V received a CVSS score of 8.5 points. The developers gave errors in SharePoint Server and Windows Kerberos 8.8 points each. While SharePoint Server allows remote code execution, Kerberos allows unauthorized escalation of user privileges. In addition, it is possible to bypass a security feature of Kerberos AppContainer.
Microsoft also provides patches for Edge, Office, Excel, Azure Real Time Operating System, SQL Server and Codecs Library. Windows components such as App Store, Autopilot, Defender, Encrypting File System, Installer, iSCSI, Kernel, LDAP, Media, Network Address Translation, PowerShell and SMB are also vulnerable.
The Zero Day Initiative also points out that the June patch day is the first patch day in months that has no updates for the print queue.
Not only users of Microsoft products should keep an eye out for the latest security updates. Adobe, SAP, VMware and Intel have also released new patches.