Microsoft windows office edge hypervosbornezdnet report is regarding the patch update which has been covered by zdnet’s writer Charlie Osborne. It is all about the security updates where a number bugs have been fixed by the Microsoft team in their different products.
As we know the Microsoft owns products like Windows, Office, Edge and Hyper-V. So here, time tot time, Microsoft releases the updates to optimize the performance and also to fix the existing bugs or compatibility issues.
Microsoft windows office edge hypervosbornezdnet report si regarding the same bugs which has been fixed by MS team in one shot. It has been speculated that, over 100+ bugs have been fixed simultaneously.
Many of the vulnerabilities patched this month relate to remote code execution, but Microsoft says that there are no reports of active exploitation in the wild with the exception of an update to CVE-2022-30190, a Microsoft Windows Support Diagnostic Tool (MSDT) vulnerability made public in May.
Some of the most severe vulnerabilities resolved in this update are:
- CVE-2022-30136: CVSS 9.8, Windows Network File System RCE vulnerability. Attackers need to make an unauthenticated, crafted call to a Network File System (NFS) service to trigger the bug.
- CVE-2022-30163: CVSS 8.5, A Windows Hyper-V RCE vulnerability exploitable through a specially crafted application on a Hyper-V guest session.
- CVE-2022-30139: CVSS 7.5, A Windows Lightweight Directory Access Protocol (LDAP) RCE vulnerability but only if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value.
- CVE-2022-30164: CVSS 8.4, Kerberos AppContainer security feature bypass. It was possible to circumvent the service ticketing feature which performs user access control checks.
- CVE-2022-30157: CVSS 8.8, Microsoft SharePoint Server RCE vulnerability. Attackers must be authenticated and have page creation permissions,
- CVE-2022-30165: CVSS 8.8, Windows Kerberos EoP security flaw. It was possible to spoof the Kerberos log on process when a remote credential guard connection was made via CredSSP.
As noted by the Zero Day Initiative (ZDI), this is the first patch release in a long time that has not featured updates for the Print Spooler. That’s all regarding the Microsoft windows office edge hypervosbornezdnet.
If you would like to know more then please share your feedback in the comments and don’t forget to share the patch report of Microsoft windows office edge hypervosbornezdnet with others on social media websites!