Microsoft has released Patch Tuesday security updates for May addressing a total of 75 detected vulnerabilities. 8 are classified as critical, 66 as important, and 1 as low severity. The products covered in the May security update include Remote Desktop Client, Windows Active Directory, Windows Cluster Shared Volume (CSV), Windows Failover Cluster Automation Server, Windows Kerberos, Windows Kernel, Windows LDAP – Lightweight Directory Access Protocol, Windows Network File System, etc.
Zero-day Vulnerability Fixed
CVE-2022-26925 – Windows LSA Spoofing Vulnerability. This flaw has received a CVSSv3 score of 8.1. According to Microsoft, “An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it”. Successful exploitation will allow threat actors to intercept legitimate authentication requests and use them to gain elevated privileges. Microsoft recommends reading the PetitPotam NTLM Relay advisory to mitigate these attacks.
CVE-2022-22713 – Windows Hyper-V Denial of Service Vulnerability. This flaw has received a CVSSv3 score of 5.6. Successful exploitation requires an attacker to win a race condition. This flaw has been publicly disclosed, and exploitation is told to be complicated. This flaw can be exploited remotely.
CVE-2022-29972 – Azure Data Factory and Azure Synapse pipelines Remote Code Execution Vulnerability. This flaw could let attackers execute remote commands in the Integration Runtime Infrastructure. This flaw exists in the Magnitude Simba Amazon Redshift ODBC Driver component. According to Microsoft, “IR is a compute infrastructure utilized by Azure Data Factory and Azure Synapse pipelines that provide data integration capabilities across network environments.”
Critical Vulnerabilities Fixed
CVE-2022-22017 – Remote Desktop Client Remote Code Execution Vulnerability. This flaw has received a CVSSv3 score of 8.8. This flaw requires user interaction by the victim as an attacker needs to convince a targeted user to connect to a malicious RDP server. Successful exploitation could lead the malicious server to execute code on the victim’s system in the context of the targeted user. This flaw can be exploited remotely and need no form of authentication.
CVE-2022-26923 – Active Directory Domain Services Elevation of Privilege Vulnerability. This flaw has received a CVSSv3 score of 8.8. This vulnerability allows a low-privileged user to escalate their privileges to a domain administrator in a default Active Directory environment with the Active Directory Certificate Services (AD CS) server role installed.
CVE-2022-26931 – Windows Kerberos Elevation of Privilege Vulnerability. This vulnerability can be exploited remotely and requires simple authentication. The flaw exists because the application does not correctly impose security restrictions in Windows Kerberos, bypassing security restrictions and allowing privilege escalation.
CVE-2022-26937 – Windows Network File System Remote Code Execution Vulnerability. This flaw has received a CVSSv3 score of 9.8. Successful exploitation needs an unauthenticated attacker to make a specially crafted call to a Network File System (NFS) that leads to Remote Code Execution. This flaw can’t be exploited in NFSV4.1.
Microsoft Security Bulletin Summary for May 2022
- .NET and Visual Studio
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Local Security Authority Server (lsasrv)
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Windows ALPC
- Remote Desktop Client
- Role: Windows Fax Service
- Role: Windows Hyper-V
- Self-hosted Integration Runtime
- Tablet Windows User Interface
- Visual Studio
- Visual Studio Code
- Windows Active Directory
- Windows Address Book
- Windows Authentication Methods
- Windows BitLocker
- Windows Cluster Shared Volume (CSV)
- Windows Failover Cluster Automation Server
- Windows Kerberos
- Windows Kernel
- Windows LDAP – Lightweight Directory Access Protocol
- Windows Media
- Windows Network File System
- Windows NTFS
- Windows Point-to-Point Tunneling Protocol
- Windows Print Spooler Components
- Windows Push Notifications
- Windows Remote Access Connection Manager
- Windows Remote Desktop
- Windows Remote Procedure Call Runtime
- Windows Server Service
- Windows Storage Spaces Controller
- Windows WLAN Auto Config Service
Product: Microsoft Windows
CVEs/Advisory: CVE-2022-21972, CVE-2022-22011, CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-22015, CVE-2022-22016, CVE-2022-22017, CVE-2022-22019, CVE-2022-22713, CVE-2022-23270, CVE-2022-23279, CVE-2022-24466, CVE-2022-26913, CVE-2022-26923, CVE-2022-26925, CVE-2022-26926, CVE-2022-26927, CVE-2022-26930, CVE-2022-26931, CVE-2022-26932, CVE-2022-26933, CVE-2022-26934, CVE-2022-26935, CVE-2022-26936, CVE-2022-26937, CVE-2022-26938, CVE-2022-26939, CVE-2022-26940, CVE-2022-29102, CVE-2022-29103, CVE-2022-29104, CVE-2022-29105, CVE-2022-29106, CVE-2022-29112, CVE-2022-29113, CVE-2022-29114, CVE-2022-29115, CVE-2022-29116, CVE-2022-29120, CVE-2022-29121, CVE-2022-29122, CVE-2022-29123, CVE-2022-29125, CVE-2022-29126, CVE-2022-29127, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29132, CVE-2022-29133, CVE-2022-29134, CVE-2022-29135, CVE-2022-29137, CVE-2022-29138, CVE-2022-29139, CVE-2022-29140, CVE-2022-29141, CVE-2022-29142, CVE-2022-29150, CVE-2022-29151
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
KBs: 5013941, 5013942, 5013943, 5013944, 5013945, 5013952, 5013963, 5014001, 5014011, 5014017, 5014018, 5014025
Product: Microsoft Office
CVEs/Advisory: CVE-2022-29107, CVE-2022-29108, CVE-2022-29109, CVE-2022-29110
Impact: Remote Code Execution, Security Feature Bypass
KBs: 4484347, 4493152, 5002184, 5002187, 5002194, 5002195, 5002196, 5002199, 5002203, 5002204, 5002205, 5002207
Product: Visual Studio Code
Impact: Remote Code Execution