Flexis June 2022 Patch Recommendation

• KB5014692: 2022-06 Cumulative Update for Windows Server 2019 for x64-based Systems
• KB5014702: 2022-06 Cumulative Update for Windows Server 2016 for x64-based Systems
• KB5014738: 2022-06 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems

Impacted Products:

• Microsoft Windows
• Microsoft Windows
• Microsoft Edge (Edge HTML-based)
• Microsoft Edge (Chromium-based)
• Internet Explorer
• Microsoft Office and Microsoft Office Services and Web Apps
• Windows Defender
• Visual Studio
• ASP.NET Core
• Chakra Core
• Online Services
• Microsoft Dynamics
• .NET Framework
• .NET Core

Please note the following information regarding the security updates:

• For information regarding enabling Windows 10, version 1809 features and later, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs. There is no change to the cumulative monthly security update
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

Known Issues:

KB5014692: Applies to: Windows 10 Enterprise 2019 LTSC Windows 10 IoT Enterprise 2019 LTSC Windows 10 IoT Core 2019 LTSC

https://support.microsoft.com/en-au/topic/june-14-2022-kb5014692-os-build-17763-3046-62fe56c1-a8c0-40e8-a901-677ab9538bf8

Improvements and fixes

This security update includes improvements that were a part of update KB5014022 (released May 24, 2022) and also addresses the following issues:

Addresses an elevation of privilege (EOP) vulnerability under CVE-2022-30154 for the Microsoft File Server Shadow Copy Agent Service. To become protected and functional, you must install the June 14, 2022 or later Windows update on both the application server and the file server. The application server runs the Volume Shadow Copy Service (VSS)-aware application that stores data on the remote Server Message Block 3.0 (or higher) shares on a file server. The file server hosts the file shares. If you don’t install the update on both machine roles, backup operations carried out by applications, which previously worked, might fail. For such failure scenarios, the Microsoft File Server Shadow Copy Agent Service will log FileShareShadowCopyAgent event 1013 on the file server. For more information, see KB5015527.

KB5014702: Applies to Windows 10, version 1607, all editions Windows Server 2016, all editions

https://support.microsoft.com/en-us/topic/june-14-2022-kb5014702-os-build-14393-5192-e60ac0e1-44a4-49f9-871f-7c25eb0e5bb1

This security update includes quality improvements. Key changes include:

Provides a Group Policy that administrators can use to enable customers to use the Ctrl+S (Save As) keyboard shortcut in Microsoft Edge IE Mode.

Addresses an issue that prevents printing from operating properly for some low integrity process apps.

Addresses an issue that causes print failures when a low integrity level (LowIL) application prints to a null port.

Addresses an issue that prevents you from signing in to Citrix servers that have enabled the Interactive logon: Require smart card security policy setting.

Addresses an issue that causes a mismatch between a Remote Desktop session’s keyboard and the Remote Desktop Protocol (RDP) client when signing in.

Addresses an issue that prevents the file system control code (FSCTL_SET_INTEGRITY_INFORMATION_EX) from handling its input parameter correctly.

Addresses an elevation of privilege (EOP) vulnerability under CVE-2022-30154 for the Microsoft File Server Shadow Copy Agent Service. To become protected and functional, you must install the June 14, 2022 or later Windows update on both the application server and the file server. The application server runs the Volume Shadow Copy Service (VSS)-aware application that stores data on the remote Server Message Block 3.0 (or higher) shares on a file server. The file server hosts the file shares. If you don’t install the update on both machine roles, backup operations carried out by applications, which previously worked, might fail. For such failure scenarios, the Microsoft File Server Shadow Copy Agent Service will log FileShareShadowCopyAgent event 1013 on the file server. For more information, see KB5015527.

KB5014738: Applies to: Windows Server 2012; Windows Embedded 8 Standard

https://support.microsoft.com/en-us/topic/june-14-2022-kb5014738-monthly-rollup-54e9b3f2-2353-4e73-acbb-5458f38e161e

Summary

Learn more about this cumulative security update, including improvements, any known issues, and how to get the update.

IMPORTANT On May 19, 2022, we released an out-of-band (OOB) update to address an issue that might cause machine certificate authentication failures on domain controllers. If you haven’t installed the May 19, 2022 or later releases, then installing this June 14, 2022 update will also address that issue. For more information, see the Before installing this update section in this article.

Improvements

This cumulative security update includes improvements that are part of update KB5014011 (released May 10, 2022) and includes new improvements for the following issue:

Printing to a NUL port from a Low Integrity Level (LowIL) process application could cause printing failures.

Addresses an elevation of privilege (EOP) vulnerability under CVE-2022-30154 for the Microsoft File Server Shadow Copy Agent Service. To become protected and functional, you must install the June 14, 2022 or later Windows update on both the application server and the file server. The application server runs the Volume Shadow Copy Service (VSS)-aware application that stores data on the remote Server Message Block 3.0 (or higher) shares on a file server. The file server hosts the file shares. If you don’t install the update on both machine roles, backup operations carried out by applications, which previously worked, might fail. For such failure scenarios, the Microsoft File Server Shadow Copy Agent Service will log FileShareShadowCopyAgent event 1013 on the file server. For more information, see KB5015527.

Symptom

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

After installing this update, Windows devices might be unable to use the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the Internet after a client device connects.

Next step

Do one of the following:

Perform the operation from a process that has administrator privilege.

Perform the operation from a node that doesn’t have CSV ownership.

We are working on a resolution and will provide an update in an upcoming release.

To mitigate the issue and restore Internet access on the host device, you can disable the Wi-Fi hotspot feature. For instructions, please see Use your Windows PC as a mobile hotspot.

We are presently investigating and will provide an update in an upcoming release.