Today is Microsoft's May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws.
Of the 75 vulnerabilities fixed in today's update, eight are classified as 'Critical' as they allow remote code execution or elevation of privileges.
The number of bugs in each vulnerability category is listed below:
- 21 Elevation of Privilege Vulnerabilities
- 4 Security Feature Bypass Vulnerabilities
- 26 Remote Code Execution Vulnerabilities
- 17 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 1 Spoofing Vulnerability
- 0 Edge - Chromium Vulnerabilities
For information about the non-security Windows updates, you can read about today's Windows 10 KB5013942 and KB5013945 updates and the Windows 11 KB5013943 update.
Three zero-days fixed, two actively exploited
This month's Patch Tuesday includes fixes for three zero-day vulnerabilities, with one actively exploited and the others publicly disclosed.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
The actively exploited zero-day vulnerability fixed today is for a new NTLM Relay Attack using an LSARPC flaw tracked as 'CVE-2022-26925 - Windows LSA Spoofing Vulnerability.'
"An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it," explains Microsoft in an advisory published today.
Using this attack, threat actors can intercept legitimate authentication requests and use them to gain elevated privileges, even as far as assuming the identity of a domain controller.
Microsoft recommends admins read the PetitPotam NTLM Relay advisory for information on how to mitigate these types of attacks.
The two publicly exposed zero-days are a denial of service vulnerability in Hyper-V and a new remote code execution vulnerability in Azure Synapse and Azure Data Factory.
- CVE-2022-22713 - Windows Hyper-V Denial of Service Vulnerability
- CVE-2022-29972 - Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver
Now that Microsoft has issued patches for these vulnerabilities, admins should expect that threat actors will analyze the security updates to see what has changed. Then, using this information, they will create their own exploits to use in attacks
Therefore, it is strongly advised to install today's security updates as soon as possible.
Recent updates from other companies
Other vendors who released updates in May 2022 include:
- Google released Android's May security updates, as well as updates for ChromOS and Chrome.
- Cisco released security updates for numerous products this month.
- F5 released BIG-IP security updates to fix an actively exploited critical vulnerability.
The May 2022 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities and released advisories in the May 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visual Studio | CVE-2022-29117 | .NET and Visual Studio Denial of Service Vulnerability | Important |
| .NET and Visual Studio | CVE-2022-23267 | .NET and Visual Studio Denial of Service Vulnerability | Important |
| .NET and Visual Studio | CVE-2022-29145 | .NET and Visual Studio Denial of Service Vulnerability | Important |
| .NET Framework | CVE-2022-30130 | .NET Framework Denial of Service Vulnerability | Low |
| Azure SHIR | ADV220001 | Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972 | Critical |
| Microsoft Exchange Server | CVE-2022-21978 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-26934 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-22011 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-29112 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-26927 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
| Microsoft Local Security Authority Server (lsasrv) | CVE-2022-26925 | Windows LSA Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2022-29107 | Microsoft Office Security Feature Bypass Vulnerability | Important |
| Microsoft Office Excel | CVE-2022-29109 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2022-29110 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2022-29108 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows ALPC | CVE-2022-23279 | Windows ALPC Elevation of Privilege Vulnerability | Important |
| Remote Desktop Client | CVE-2022-26940 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important |
| Remote Desktop Client | CVE-2022-22017 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Role: Windows Fax Service | CVE-2022-29115 | Windows Fax Service Remote Code Execution Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2022-22713 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2022-24466 | Windows Hyper-V Security Feature Bypass Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2022-29106 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | Important |
| Self-hosted Integration Runtime | CVE-2022-29972 | Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver | Critical |
| Tablet Windows User Interface | CVE-2022-29126 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2022-29148 | Visual Studio Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2022-30129 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Windows Active Directory | CVE-2022-26923 | Active Directory Domain Services Elevation of Privilege Vulnerability | Critical |
| Windows Address Book | CVE-2022-26926 | Windows Address Book Remote Code Execution Vulnerability | Important |
| Windows Authentication Methods | CVE-2022-26913 | Windows Authentication Security Feature Bypass Vulnerability | Important |
| Windows BitLocker | CVE-2022-29127 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows Cluster Shared Volume (CSV) | CVE-2022-29122 | Windows Clustered Shared Volume Information Disclosure Vulnerability | Important |
| Windows Cluster Shared Volume (CSV) | CVE-2022-29135 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | Important |
| Windows Cluster Shared Volume (CSV) | CVE-2022-29138 | Windows Clustered Shared Volume Elevation of Privilege Vulnerability | Important |
| Windows Cluster Shared Volume (CSV) | CVE-2022-29134 | Windows Clustered Shared Volume Information Disclosure Vulnerability | Important |
| Windows Cluster Shared Volume (CSV) | CVE-2022-29120 | Windows Clustered Shared Volume Information Disclosure Vulnerability | Important |
| Windows Cluster Shared Volume (CSV) | CVE-2022-29151 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | Important |
| Windows Cluster Shared Volume (CSV) | CVE-2022-29123 | Windows Clustered Shared Volume Information Disclosure Vulnerability | Important |
| Windows Cluster Shared Volume (CSV) | CVE-2022-29150 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | Important |
| Windows Failover Cluster Automation Server | CVE-2022-29102 | Windows Failover Cluster Information Disclosure Vulnerability | Important |
| Windows Kerberos | CVE-2022-26931 | Windows Kerberos Elevation of Privilege Vulnerability | Critical |
| Windows Kernel | CVE-2022-29142 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-29116 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2022-29133 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-29141 | Windows LDAP Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-22014 | Windows LDAP Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-29137 | Windows LDAP Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-29139 | Windows LDAP Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-22013 | Windows LDAP Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-22012 | Windows LDAP Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-29128 | Windows LDAP Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-29129 | Windows LDAP Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-29130 | Windows LDAP Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2022-29131 | Windows LDAP Remote Code Execution Vulnerability | Important |
| Windows Media | CVE-2022-29105 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important |
| Windows Media | CVE-2022-29113 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2022-22016 | Windows PlayToManager Elevation of Privilege Vulnerability | Important |
| Windows Network File System | CVE-2022-26937 | Windows Network File System Remote Code Execution Vulnerability | Critical |
| Windows NTFS | CVE-2022-26933 | Windows NTFS Information Disclosure Vulnerability | Important |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-23270 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-21972 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Print Spooler Components | CVE-2022-29104 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2022-29132 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2022-29140 | Windows Print Spooler Information Disclosure Vulnerability | Important |
| Windows Print Spooler Components | CVE-2022-29114 | Windows Print Spooler Information Disclosure Vulnerability | Important |
| Windows Push Notifications | CVE-2022-29125 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2022-29103 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2022-26930 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Desktop | CVE-2022-22015 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2022-22019 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Server Service | CVE-2022-26936 | Windows Server Service Information Disclosure Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2022-26932 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2022-26939 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2022-26938 | Storage Spaces Direct Elevation of Privilege Vulnerability | Important |
| Windows WLAN Auto Config Service | CVE-2022-29121 | Windows WLAN AutoConfig Service Denial of Service Vulnerability | Important |
| Windows WLAN Auto Config Service | CVE-2022-26935 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability | Important |
Comments
Qitonia - 1 year ago
Perhaps these patches were necessary and perhaps not. All I know is that after I installed the patches on Patch Tuesday (May 10, 2022), I was unable to connect to my credit union to do online banking. I tried it using 5 different web browsers. I disabled all extensions and add-ons and my antivirus program, and I was still unable to connect until I eventually uninstalled the patches. I spent over an hour online with second-level tech support at my credit union and together we determined that the only thing that changed since I accessed their secure website yesterday was these patches. As an afterthought, I tried accessing their online banking website using my Linux Mint computer and my MacBook Air and both attempts were immediately successful. That left me with only one conclusion: the latest Windows 10 Home patches had destroyed my ability to make a secure connection to their online banking website regardless of which web browser I used on Windows 10 Home. After I uninstalled as many of the patches as I could, I was able to resume online baking again on my Windows computer. Since then, I have paused Windows Updates for the next 7 days. I will not enable them again until I know for certain that these patches are actually safe to use.
johnd0e8 - 1 year ago
No issues here. Everything still works.