Security News > 2022 > June > Microsoft fixes Follina and 55 other CVEs

June 2022 Patch Tuesday has been marked by Microsoft with the release of fixes for 55 new CVEs, as well as security updates that fix Follina, the Microsoft Windows Support Diagnostic Tool RCE that is being widely exploited by attackers.

"The update for is in the June 2022 cumulative Windows Updates. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action," the company noted.

A quick reminder for Azure Synapse and Data Factory customers.

As a side note unrelated to the Patch Tuesday fixes but still relevant for certain Microsoft customers, Orca Security researcher Tzah Pahima has released a post explaining the technical details of SynLapse, a critical vulnerability in Microsoft Azure that also affected Azure Data Factory, and allowed attackers to bypass tenant separation.

As noted by Pahima, a successful exploitation of SynLapse could have allowed attackers to obtain credentials to other Azure Synapse customer accounts, control their Azure Synapse workspaces, execute code on targeted customer machines inside the Azure Synapse Analytics service, and leak customer credentials to data sources external to Azure.

Since it affected Azure Data Factory or Azure Synapse pipeline customers hosted in the Azure cloud and those hosted on-premises, the researchers waited with the release of the technical details until the latter had a chance to patch their on-premises versions.

News URL

https://www.helpnetsecurity.com/2022/06/14/microsoft-fixes-follina-and-55-other-cves/