19th Ave New York, NY 95822, USA

Microsoft May 2022 Patch Tuesday fixes 75 vulnerabilities

patch tuesday

Today is Microsoft’s May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws.

Of the 75 vulnerabilities fixed in today’s update, eight are classified as ‘Critical’ as they allow remote code execution or elevation of privileges.

The number of bugs in each vulnerability category is listed below:

  • 21 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 26 Remote Code Execution Vulnerabilities
  • 17 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability
  • 0 Edge – Chromium Vulnerabilities
Patch Tuesday

Three zero-days fixed, two actively exploited

This month’s Patch Tuesday includes fixes for three zero-day vulnerabilities, with one actively exploited and the others publicly disclosed.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The actively exploited zero-day vulnerability fixed today is for a new NTLM Relay Attack using an LSARPC flaw tracked as ‘CVE-2022-26925 – Windows LSA Spoofing Vulnerability.’

“An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it,” explains Microsoft in an advisory published today.

Using this attack, threat actors can intercept legitimate authentication requests and use them to gain elevated privileges, even as far as assuming the identity of a domain controller.

Microsoft recommends admins read the PetitPotam NTLM Relay advisory for information on how to mitigate these types of attacks.

The two publicly exposed zero-days are a denial of service vulnerability in Hyper-V and a new remote code execution vulnerability in Azure Synapse and Azure Data Factory.

  • CVE-2022-22713 – Windows Hyper-V Denial of Service Vulnerability
  • CVE-2022-29972 – Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver

Now that Microsoft has issued patches for these vulnerabilities, admins should expect that threat actors will analyze the security updates to see what has changed. Then, using this information, they will create their own exploits to use in attacks

Therefore, it is strongly advised to install today’s security updates as soon as possible.

Recent updates from other companies

Other vendors who released updates in May 2022 include:

The May 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the May 2022 Patch Tuesday updates.

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2022-29117.NET and Visual Studio Denial of Service VulnerabilityImportant
.NET and Visual StudioCVE-2022-23267.NET and Visual Studio Denial of Service VulnerabilityImportant
.NET and Visual StudioCVE-2022-29145.NET and Visual Studio Denial of Service VulnerabilityImportant
.NET FrameworkCVE-2022-30130.NET Framework Denial of Service VulnerabilityLow
Azure SHIRADV220001Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972Critical
Microsoft Exchange ServerCVE-2022-21978Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-26934Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-22011Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-29112Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-26927Windows Graphics Component Remote Code Execution VulnerabilityImportant
Microsoft Local Security Authority Server (lsasrv)CVE-2022-26925Windows LSA Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2022-29107Microsoft Office Security Feature Bypass VulnerabilityImportant
Microsoft Office ExcelCVE-2022-29109Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2022-29110Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-29108Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Windows ALPCCVE-2022-23279Windows ALPC Elevation of Privilege VulnerabilityImportant
Remote Desktop ClientCVE-2022-26940Remote Desktop Protocol Client Information Disclosure VulnerabilityImportant
Remote Desktop ClientCVE-2022-22017Remote Desktop Client Remote Code Execution VulnerabilityCritical
Role: Windows Fax ServiceCVE-2022-29115Windows Fax Service Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-22713Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-24466Windows Hyper-V Security Feature Bypass VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-29106Windows Hyper-V Shared Virtual Disk Elevation of Privilege VulnerabilityImportant
Self-hosted Integration RuntimeCVE-2022-29972Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC DriverCritical
Tablet Windows User InterfaceCVE-2022-29126Tablet Windows User Interface Application Core Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2022-29148Visual Studio Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2022-30129Visual Studio Code Remote Code Execution VulnerabilityImportant
Windows Active DirectoryCVE-2022-26923Active Directory Domain Services Elevation of Privilege VulnerabilityCritical
Windows Address BookCVE-2022-26926Windows Address Book Remote Code Execution VulnerabilityImportant
Windows Authentication MethodsCVE-2022-26913Windows Authentication Security Feature Bypass VulnerabilityImportant
Windows BitLockerCVE-2022-29127BitLocker Security Feature Bypass VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-29122Windows Clustered Shared Volume Information Disclosure VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-29135Windows Cluster Shared Volume (CSV) Elevation of Privilege VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-29138Windows Clustered Shared Volume Elevation of Privilege VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-29134Windows Clustered Shared Volume Information Disclosure VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-29120Windows Clustered Shared Volume Information Disclosure VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-29151Windows Cluster Shared Volume (CSV) Elevation of Privilege VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-29123Windows Clustered Shared Volume Information Disclosure VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-29150Windows Cluster Shared Volume (CSV) Elevation of Privilege VulnerabilityImportant
Windows Failover Cluster Automation ServerCVE-2022-29102Windows Failover Cluster Information Disclosure VulnerabilityImportant
Windows KerberosCVE-2022-26931Windows Kerberos Elevation of Privilege VulnerabilityCritical
Windows KernelCVE-2022-29142Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-29116Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2022-29133Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-29141Windows LDAP Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-22014Windows LDAP Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-29137Windows LDAP Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-29139Windows LDAP Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-22013Windows LDAP Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-22012Windows LDAP Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-29128Windows LDAP Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-29129Windows LDAP Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-29130Windows LDAP Remote Code Execution VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2022-29131Windows LDAP Remote Code Execution VulnerabilityImportant
Windows MediaCVE-2022-29105Microsoft Windows Media Foundation Remote Code Execution VulnerabilityImportant
Windows MediaCVE-2022-29113Windows Digital Media Receiver Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2022-22016Windows PlayToManager Elevation of Privilege VulnerabilityImportant
Windows Network File SystemCVE-2022-26937Windows Network File System Remote Code Execution VulnerabilityCritical
Windows NTFSCVE-2022-26933Windows NTFS Information Disclosure VulnerabilityImportant
Windows Point-to-Point Tunneling ProtocolCVE-2022-23270Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Point-to-Point Tunneling ProtocolCVE-2022-21972Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Print Spooler ComponentsCVE-2022-29104Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-29132Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-29140Windows Print Spooler Information Disclosure VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-29114Windows Print Spooler Information Disclosure VulnerabilityImportant
Windows Push NotificationsCVE-2022-29125Windows Push Notifications Apps Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-29103Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-26930Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote DesktopCVE-2022-22015Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-22019Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Server ServiceCVE-2022-26936Windows Server Service Information Disclosure VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2022-26932Storage Spaces Direct Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2022-26939Storage Spaces Direct Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2022-26938Storage Spaces Direct Elevation of Privilege VulnerabilityImportant
Windows WLAN Auto Config ServiceCVE-2022-29121Windows WLAN AutoConfig Service Denial of Service VulnerabilityImportant
Windows WLAN Auto Config ServiceCVE-2022-26935Windows WLAN AutoConfig Service Information Disclosure VulnerabilityImportant

Source: www.bleepingcomputer.com

Related Posts