You are currently viewing Microsoft May 2022 Patch Tuesday Addresses 75 Vulnerabilities Including 3 Zero-Days

Microsoft May 2022 Patch Tuesday Addresses 75 Vulnerabilities Including 3 Zero-Days

  • Post author:
  • Reading time:14 mins read

Microsoft May 2022 Patch Tuesday has released security updates addressing a total of 75 detected vulnerabilities. On the other hand, 8 are classified as critical, 66 as important, and 1 as low severity. Microsoft may 2022 patch Tuesday products covered in the May security update include Remote Desktop Client, Windows Active Directory, Windows Cluster Shared Volume (CSV), Windows Failover Cluster Automation Server, Windows Kerberos, Windows Kernel, Windows LDAP – Lightweight Directory Access Protocol and  Windows Network File System, etc.

Further, the Microsoft Local Security Authority Server (CVE-2022-26925) vulnerability has been exploited in the wild as a zero-day and is recommended to patch immediately. This can be done with an efficient patch management software.


Microsoft May 2022 Patch Tuesday Zero-day Vulnerability Fixed

CVE-2022-26925Windows LSA Spoofing Vulnerability. Furthermore, this flaw has received a CVSSv3 score of 8.1. According to Microsoft, “An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. Besides this security update, it detects anonymous connection attempts in LSARPC and disallows it”. Nevertheless, successful exploitation will allow threat actors to intercept legitimate authentication requests and use them to gain elevated privileges. Microsoft recommends reading the PetitPotam NTLM Relay advisory to mitigate these attacks.

CVE-2022-22713Windows Hyper-V Denial of Service Vulnerability. However, this flaw has received a CVSSv3 score of 5.6. Successful exploitation requires an attacker to win a race condition. In fact, this flaw has been publicly disclosed, and exploitation is told to be complicated. That is, this flaw can be exploited remotely.

CVE-2022-29972Azure Data Factory and Azure Synapse pipelines Remote Code Execution Vulnerability. This flaw could let attackers execute remote commands in the Integration Runtime Infrastructure. This flaw exists in the Magnitude Simba Amazon Redshift ODBC Driver component. According to Microsoft, “IR is a compute infrastructure utilized by Azure Data Factory and Azure Synapse pipelines that provide data integration capabilities across network environments.”


Microsoft May 2022 patch Tuesday Critical Vulnerabilities Fixed

CVE-2022-22017Remote Desktop Client Remote Code Execution Vulnerability. Therefore, this flaw has received a CVSSv3 score of 8.8 and requires user interaction by the victim as an attacker needs to convince a targeted user to connect to a malicious RDP server. In brief, successful exploitation could lead the malicious server to execute code on the victim’s system in the context of the targeted user. Moreover, this flaw can be exploited remotely and need no form of authentication.

CVE-2022-26923Active Directory Domain Services Elevation of Privilege Vulnerability. Therefore, this flaw has received a CVSSv3 score of 8.8. and allows a low-privileged user to escalate their privileges to a domain administrator in a default Active Directory environment with the Active Directory Certificate Services (AD CS) server role installed.

CVE-2022-26931Windows Kerberos Elevation of Privilege Vulnerability. This vulnerability can be exploited remotely and requires simple authentication, but the flaw exists because the application does not correctly impose security restrictions in Windows Kerberos, bypassing security restrictions and allowing privilege escalation.

CVE-2022-26937Windows Network File System Remote Code Execution Vulnerability. Moreover, this flaw has received a CVSSv3 score of 9.8. Meanwhile, successful exploitation needs an unauthenticated attacker to make a specially crafted call to a Network File System (NFS) that leads to Remote Code Execution. Finally, this flaw can’t be exploited in NFSV4.1.

CVE-2022-23270, CVE-2022-21972Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability where successful exploitation requires an attacker to win a race condition, furthermore increasing complexity.


Microsoft Security Bulletin Summary For May 2022

  • .NET and Visual Studio
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Local Security Authority Server (lsasrv)
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Windows ALPC
  • Remote Desktop Client
  • Role: Windows Fax Service
  • Role: Windows Hyper-V
  • Self-hosted Integration Runtime
  • Tablet Windows User Interface
  • Visual Studio
  • Visual Studio Code
  • Windows Active Directory
  • Windows Address Book
  • Windows Authentication Methods
  • Windows BitLocker
  • Windows Cluster Shared Volume (CSV)
  • Windows Failover Cluster Automation Server
  • Windows Kerberos
  • Windows Kernel
  • Windows LDAP – Lightweight Directory Access Protocol
  • Windows Media
  • Windows Network File System
  • Windows NTFS
  • Windows Point-to-Point Tunneling Protocol
  • Windows Print Spooler Components
  • Windows Push Notifications
  • Windows Remote Access Connection Manager
  • Windows Remote Desktop
  • Windows Remote Procedure Call Runtime
  • Windows Server Service
  • Windows Storage Spaces Controller
  • Windows WLAN Auto Config Service

Affected products in Microsoft May 2022 Patch Tuesday


Product
: Microsoft Windows

CVEs/Advisory: CVE-2022-21972, CVE-2022-22011, CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-22015, CVE-2022-22016, CVE-2022-22017, CVE-2022-22019, CVE-2022-22713, CVE-2022-23270, CVE-2022-23279, CVE-2022-24466, CVE-2022-26913, CVE-2022-26923, CVE-2022-26925, CVE-2022-26926, CVE-2022-26927, CVE-2022-26930, CVE-2022-26931, CVE-2022-26932, CVE-2022-26933, CVE-2022-26934, CVE-2022-26935, CVE-2022-26936, CVE-2022-26937, CVE-2022-26938, CVE-2022-26939, CVE-2022-26940, CVE-2022-29102, CVE-2022-29103, CVE-2022-29104, CVE-2022-29105, CVE-2022-29106, CVE-2022-29112, CVE-2022-29113, CVE-2022-29114, CVE-2022-29115, CVE-2022-29116, CVE-2022-29120, CVE-2022-29121, CVE-2022-29122, CVE-2022-29123, CVE-2022-29125, CVE-2022-29126, CVE-2022-29127, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29132, CVE-2022-29133, CVE-2022-29134, CVE-2022-29135, CVE-2022-29137, CVE-2022-29138, CVE-2022-29139, CVE-2022-29140, CVE-2022-29141, CVE-2022-29142, CVE-2022-29150, CVE-2022-29151

Impact
: Denial of Service Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass and then Spoofing.

KBs
: 5013941, 5013942, 5013943, 5013944, 5013945, 5013952, 5013963, 5014001, 5014011, 5014017, 5014018, 5014025



Product
: Microsoft Office

CVEs/Advisory: CVE-2022-29107, CVE-2022-29108, CVE-2022-29109, CVE-2022-29110

Impact
: Remote Code Execution and Security Feature Bypass

KBs
: 4484347, 4493152, 5002184, 5002187, 5002194, 5002195, 5002196, 5002199, 5002203, 5002204, 5002205, 5002207


Product: Visual Studio Code

CVEs/Advisory
: CVE-2022-30129

Impact
: Remote Code Execution



However SanerNow VM and SanerNow PM detect these vulnerabilities and automatically fix them by applying security updates. Moreover, use SanerNow and keep your systems updated and secure.

Share this article

This Post Has One Comment

  1. Mutakiu Hassan

    Excellent!

Comments are closed.