Was Follina (CVE-2022-30190) not actually addressed in the June 2022 Security Patch?

Question

Hello,

I have an issue with Server 2019 and the flow of information when using the MSRC Portal, as the Follina CVE (CVE-2022-30190) is not showing as part of the CVE's addressed in the June 2022 patch, even though it does say that the June 2022 Security Patch fixes the Vulnerability.

Please follow my steps:

• MSRC's Follina CVE page https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
• Navigate to the bottom and select the KB Article for Server 2019 (this applies to all other KB Articles, but this is my example)
• https://support.microsoft.com/en-gb/topic/june-14-2022-kb5014692-os-build-17763-3046-62fe56c1-a8c0-40e8-a901-677ab9538bf8
• In this article, follow the link under Improvements -> "June 2022 Security Updates."
• This brings you back to an MSRC page: https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun
• These release notes DO NOT say that the CVE-2022-30190 was addressed in the June patching...?

Can someone please help here and confirm if the Follina CVE (CVE-2022-30190) patch was actually applied in the June Patch Tuesday release?

Answer 1

Yes, the OOB June 14, 2022—KB5014692 (OS Build 17763.3046) patches it. They apparently just forgot to mention it in the KB

Microsoft also patched the CVE-2022-30190 (Follina) vulnerability with the June 14, 2022 Windows security updates, but did not mention this in the KB articles in question
https://borncity.com/win/2022/06/15/microsoft-schliet-follina-schwachstelle-cve-2022-30190-in-windows-mit-juni-2022-updates/

--please don't forget to upvote and Accept as answer if the reply is helpful--