Patch Tuesday, May 2022
May 2022 Patch Tuesday update, including an important-rated zero-day bug that’s being actively exploited in the wild and several that are likely widely present across enterprises.
It also patched 7 critical flaws, 65 other important-rated bugs, and one low-severity issue. The fixes run the gamut of the computing giant’s portfolio, including Windows and Windows Components, .NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Methods, BitLocker, Windows Cluster Shared Volume (CSV), Remote Desktop Client, Windows Network File System, NTFS, and Windows Point-to-Point Tunneling Protocol.
The actively exploited zero-day vulnerability fixed today is for a new NTLM Relay Attack using an LSARPC flaw tracked as ‘CVE-2022-26925 – Windows LSA Spoofing Vulnerability.’
“An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it,” explains Microsoft in an advisory published today.
Using this attack, threat actors can intercept legitimate authentication requests and use them to gain elevated privileges, even as far as assuming the identity of a domain controller.
Microsoft recommends admins read the PetitPotam NTLM Relay advisory for information on how to mitigate these types of attacks. The two publicly exposed zero-days are a denial of service vulnerability in Hyper-V and a new remote code execution Azure flaw.
Critical CVE Summary
- CVE-2022-26925 – Windows LSA Spoofing Vulnerability.
- CVE-2022-22713 – Windows Hyper-V Denial of Service Vulnerability
- CVE-2022-29972 – Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver
Complete Summary
Azure vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? |
|---|---|---|---|---|---|
| CVE-2022-29972 | Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver | No | Yes | N/A | Yes |
Developer Tools vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? |
|---|---|---|---|---|---|
| CVE-2022-29148 | Visual Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2022-30129 | Visual Studio Code Remote Code Execution Vulnerability | No | No | 8.8 | Yes |
| CVE-2022-23267 | .NET and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No |
| CVE-2022-29117 | .NET and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No |
| CVE-2022-29145 | .NET and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No |
| CVE-2022-30130 | .NET Framework Denial of Service Vulnerability | No | No | 3.3 | No |
ESU Windows vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? |
|---|---|---|---|---|---|
| CVE-2022-26935 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2022-29121 | Windows WLAN AutoConfig Service Denial of Service Vulnerability | No | No | 6.5 | Yes |
| CVE-2022-26936 | Windows Server Service Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2022-22015 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2022-29103 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2022-29132 | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2022-26937 | Windows Network File System Remote Code Execution Vulnerability | No | No | 9.8 | Yes |
| CVE-2022-26925 | Windows LSA Spoofing Vulnerability | Yes | Yes | 8.1 | Yes |
| CVE-2022-22012 | Windows LDAP Remote Code Execution Vulnerability | No | No | 9.8 | Yes |
| CVE-2022-29130 | Windows LDAP Remote Code Execution Vulnerability | No | No | 9.8 | Yes |
| CVE-2022-22013 | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2022-22014 | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2022-29128 | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | Yes |
| CVE-2022-29129 | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | Yes |
| CVE-2022-29137 | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2022-29139 | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | Yes |
| CVE-2022-29141 | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | No |
| CVE-2022-26931 | Windows Kerberos Elevation of Privilege Vulnerability | No | No | 7.5 | Yes |
| CVE-2022-26934 | Windows Graphics Component Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2022-29112 | Windows Graphics Component Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2022-22011 | Windows Graphics Component Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2022-29115 | Windows Fax Service Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2022-26926 | Windows Address Book Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2022-22019 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | Yes |
| CVE-2022-21972 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 | Yes |
| CVE-2022-23270 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 | Yes |
| CVE-2022-29105 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2022-29127 | BitLocker Security Feature Bypass Vulnerability | No | No | 4.2 | Yes |
Exchange Server vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? |
|---|---|---|---|---|---|
| CVE-2022-21978 | Microsoft Exchange Server Elevation of Privilege Vulnerability | No | No | 8.2 | Yes |
Microsoft Office vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? |
|---|---|---|---|---|---|
| CVE-2022-29108 | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes |
| CVE-2022-29107 | Microsoft Office Security Feature Bypass Vulnerability | No | No | 5.5 | Yes |
| CVE-2022-29109 | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2022-29110 | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
Windows vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? |
|---|---|---|---|---|---|
| CVE-2022-26930 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2022-29125 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | No | No | 7 | Yes |
| CVE-2022-29114 | Windows Print Spooler Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2022-29140 | Windows Print Spooler Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2022-29104 | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2022-22016 | Windows PlayToManager Elevation of Privilege Vulnerability | No | No | 7 | Yes |
| CVE-2022-26933 | Windows NTFS Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2022-29131 | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | Yes |
| CVE-2022-29116 | Windows Kernel Information Disclosure Vulnerability | No | No | 4.7 | Yes |
| CVE-2022-29133 | Windows Kernel Elevation of Privilege Vulnerability | No | No | 8.8 | Yes |
| CVE-2022-29142 | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7 | Yes |
| CVE-2022-29106 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | No | No | 7 | Yes |
| CVE-2022-24466 | Windows Hyper-V Security Feature Bypass Vulnerability | No | No | 4.1 | Yes |
| CVE-2022-22713 | Windows Hyper-V Denial of Service Vulnerability | No | Yes | 5.6 | Yes |
| CVE-2022-26927 | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 8.8 | Yes |
| CVE-2022-29102 | Windows Failover Cluster Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2022-29113 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | No | No | 7.8 | Yes |
| CVE-2022-29134 | Windows Clustered Shared Volume Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2022-29120 | Windows Clustered Shared Volume Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2022-29122 | Windows Clustered Shared Volume Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2022-29123 | Windows Clustered Shared Volume Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2022-29138 | Windows Clustered Shared Volume Elevation of Privilege Vulnerability | No | No | 7 | Yes |
| CVE-2022-29135 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | No | No | 7 | Yes |
| CVE-2022-29150 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | No | No | 7 | Yes |
| CVE-2022-29151 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | No | No | 7 | Yes |
| CVE-2022-26913 | Windows Authentication Security Feature Bypass Vulnerability | No | No | 7.4 | Yes |
| CVE-2022-23279 | Windows ALPC Elevation of Privilege Vulnerability | No | No | 7 | Yes |
| CVE-2022-29126 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | No | No | 7 | Yes |
| CVE-2022-26932 | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 8.2 | Yes |
| CVE-2022-26938 | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 7 | Yes |
| CVE-2022-26939 | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 7 | Yes |
| CVE-2022-26940 | Remote Desktop Protocol Client Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2022-22017 | Remote Desktop Client Remote Code Execution Vulnerability | No | No | 8.8 | Yes |
| CVE-2022-26923 | Active Directory Domain Services Elevation of Privilege Vulnerability | No | No | 8.8 | Yes |