Microsoft May 2022 Patch Tuesday
This month we got patches for 75 vulnerabilities. Of these, 8 are critical, 3 were previously disclosed, and one is already being exploited according to Microsoft.
The already exploited vulnerability is a spoofing vulnerability affecting Windows LSA (CVE-2022-26925) with a CVSS score of 8.1. According to the advisory, “An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it.” Additionally, Microsoft advises that further actions, detailed in KB5005413, are needed to protect the system after applying the patch. Microsoft also advises prioritizing domain controllers when applying patches. Regarding attack complexity, the advisory says it is “Complex” given that the attacker must inject themselves into the logical network path between the target and the resource requested by the victim in order to read or modify network communications (MITM attack).
The highest CVSS score this month (9.8) is associated with a Remote Code Execution (RCE) Vulnerability affecting Windows Network File System (CVE-2022-26937). The vulnerability does not affect version NFSV4.1. So, as temporary mitigation, disabling versions NFSV2 and NFSV3 might be helpful. A similar vulnerability affecting NFS, discovered by the same researchers, was patched last month (CVE-2022-24497).
There is also an RCE CVSS 9.8 affecting Windows LDAP (CVE-2022-22012). According to the advisory, "this vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable".
It's also worth mentioning an elevation of privilege vulnerability affecting Active Directory Domain Services (CVE-2022-26923). The vulnerability is present only on systems Active Directory Certificate Services on the domain. According to the advisory, “An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege”. The CVSS for this vulnerability is 8.8.
May 2022 Security Updates
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET Framework Denial of Service Vulnerability | |||||||
| CVE-2022-30130 | No | No | - | - | Low | 3.3 | 2.9 |
| .NET and Visual Studio Denial of Service Vulnerability | |||||||
| CVE-2022-23267 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| CVE-2022-29117 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| CVE-2022-29145 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||||
| CVE-2022-26923 | No | No | More Likely | More Likely | Critical | 8.8 | 7.7 |
| BitLocker Security Feature Bypass Vulnerability | |||||||
| CVE-2022-29127 | No | No | Less Likely | Less Likely | Important | 4.2 | 3.7 |
| Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver | |||||||
| CVE-2022-29972 | Yes | No | More Likely | More Likely | Critical | ||
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2022-29109 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-29110 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||||
| CVE-2022-21978 | No | No | Less Likely | Less Likely | Important | 8.2 | 7.1 |
| Microsoft Office Security Feature Bypass Vulnerability | |||||||
| CVE-2022-29107 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
| CVE-2022-29108 | No | No | More Likely | More Likely | Important | 8.8 | 7.7 |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||||
| CVE-2022-29105 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||||
| CVE-2022-21972 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
| CVE-2022-23270 | No | No | More Likely | More Likely | Critical | 8.1 | 7.1 |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||||
| CVE-2022-22017 | No | No | More Likely | More Likely | Critical | 8.8 | 7.7 |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | |||||||
| CVE-2022-26940 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||||
| CVE-2022-22019 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Storage Spaces Direct Elevation of Privilege Vulnerability | |||||||
| CVE-2022-26932 | No | No | Less Likely | Less Likely | Important | 8.2 | 7.1 |
| CVE-2022-26938 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| CVE-2022-26939 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29126 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972 | |||||||
| ADV220001 | No | No | - | - | Critical | ||
| Visual Studio Code Remote Code Execution Vulnerability | |||||||
| CVE-2022-30129 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2022-29148 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows ALPC Elevation of Privilege Vulnerability | |||||||
| CVE-2022-23279 | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
| Windows Address Book Remote Code Execution Vulnerability | |||||||
| CVE-2022-26926 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Authentication Security Feature Bypass Vulnerability | |||||||
| CVE-2022-26913 | No | No | Less Likely | Less Likely | Important | 7.4 | 6.4 |
| Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29135 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| CVE-2022-29150 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| CVE-2022-29151 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Clustered Shared Volume Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29138 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Clustered Shared Volume Information Disclosure Vulnerability | |||||||
| CVE-2022-29134 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| CVE-2022-29120 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| CVE-2022-29122 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| CVE-2022-29123 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29113 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Failover Cluster Information Disclosure Vulnerability | |||||||
| CVE-2022-29102 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Fax Service Remote Code Execution Vulnerability | |||||||
| CVE-2022-29115 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Graphics Component Information Disclosure Vulnerability | |||||||
| CVE-2022-26934 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| CVE-2022-22011 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| CVE-2022-29112 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||||
| CVE-2022-26927 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2022-22713 | Yes | No | Less Likely | Less Likely | Important | 5.6 | 5.1 |
| Windows Hyper-V Security Feature Bypass Vulnerability | |||||||
| CVE-2022-24466 | No | No | Less Likely | Less Likely | Important | 4.1 | 3.6 |
| Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29106 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||||
| CVE-2022-26931 | No | No | Less Likely | Less Likely | Critical | 7.5 | 6.5 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29133 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29142 | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| CVE-2022-29116 | No | No | Less Likely | Less Likely | Important | 4.7 | 4.1 |
| Windows LDAP Remote Code Execution Vulnerability | |||||||
| CVE-2022-22012 | No | No | Less Likely | Less Likely | Important | 9.8 | 8.5 |
| CVE-2022-22013 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-22014 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29128 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29129 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29130 | No | No | Less Likely | Less Likely | Important | 9.8 | 8.5 |
| CVE-2022-29131 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29137 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29139 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29141 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Windows LSA Spoofing Vulnerability | |||||||
| CVE-2022-26925 | Yes | Yes | Detected | Detected | Important | 8.1 | 7.1 |
| Windows NTFS Information Disclosure Vulnerability | |||||||
| CVE-2022-26933 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Network File System Remote Code Execution Vulnerability | |||||||
| CVE-2022-26937 | No | No | More Likely | More Likely | Critical | 9.8 | 8.5 |
| Windows PlayToManager Elevation of Privilege Vulnerability | |||||||
| CVE-2022-22016 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29104 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
| CVE-2022-29132 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
| Windows Print Spooler Information Disclosure Vulnerability | |||||||
| CVE-2022-29114 | No | No | More Likely | More Likely | Important | 5.5 | 4.8 |
| CVE-2022-29140 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Push Notifications Apps Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29125 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29103 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | |||||||
| CVE-2022-26930 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |||||||
| CVE-2022-22015 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows Server Service Information Disclosure Vulnerability | |||||||
| CVE-2022-26936 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows WLAN AutoConfig Service Denial of Service Vulnerability | |||||||
| CVE-2022-29121 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows WLAN AutoConfig Service Information Disclosure Vulnerability | |||||||
| CVE-2022-26935 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago