Microsoft May 2022 Patch Tuesday
This month we got patches for 75 vulnerabilities. Of these, 8 are critical, 3 were previously disclosed, and one is already being exploited according to Microsoft.
The already exploited vulnerability is a spoofing vulnerability affecting Windows LSA (CVE-2022-26925) with a CVSS score of 8.1. According to the advisory, “An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it.” Additionally, Microsoft advises that further actions, detailed in KB5005413, are needed to protect the system after applying the patch. Microsoft also advises prioritizing domain controllers when applying patches. Regarding attack complexity, the advisory says it is “Complex” given that the attacker must inject themselves into the logical network path between the target and the resource requested by the victim in order to read or modify network communications (MITM attack).
The highest CVSS score this month (9.8) is associated with a Remote Code Execution (RCE) Vulnerability affecting Windows Network File System (CVE-2022-26937). The vulnerability does not affect version NFSV4.1. So, as temporary mitigation, disabling versions NFSV2 and NFSV3 might be helpful. A similar vulnerability affecting NFS, discovered by the same researchers, was patched last month (CVE-2022-24497).
There is also an RCE CVSS 9.8 affecting Windows LDAP (CVE-2022-22012). According to the advisory, "this vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable".
It's also worth mentioning an elevation of privilege vulnerability affecting Active Directory Domain Services (CVE-2022-26923). The vulnerability is present only on systems Active Directory Certificate Services on the domain. According to the advisory, “An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege”. The CVSS for this vulnerability is 8.8.
May 2022 Security Updates
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET Framework Denial of Service Vulnerability | |||||||
| CVE-2022-30130 | No | No | - | - | Low | 3.3 | 2.9 |
| .NET and Visual Studio Denial of Service Vulnerability | |||||||
| CVE-2022-23267 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| CVE-2022-29117 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| CVE-2022-29145 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||||
| CVE-2022-26923 | No | No | More Likely | More Likely | Critical | 8.8 | 7.7 |
| BitLocker Security Feature Bypass Vulnerability | |||||||
| CVE-2022-29127 | No | No | Less Likely | Less Likely | Important | 4.2 | 3.7 |
| Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver | |||||||
| CVE-2022-29972 | Yes | No | More Likely | More Likely | Critical | ||
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2022-29109 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-29110 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||||
| CVE-2022-21978 | No | No | Less Likely | Less Likely | Important | 8.2 | 7.1 |
| Microsoft Office Security Feature Bypass Vulnerability | |||||||
| CVE-2022-29107 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
| CVE-2022-29108 | No | No | More Likely | More Likely | Important | 8.8 | 7.7 |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||||
| CVE-2022-29105 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||||
| CVE-2022-21972 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
| CVE-2022-23270 | No | No | More Likely | More Likely | Critical | 8.1 | 7.1 |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||||
| CVE-2022-22017 | No | No | More Likely | More Likely | Critical | 8.8 | 7.7 |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | |||||||
| CVE-2022-26940 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||||
| CVE-2022-22019 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Storage Spaces Direct Elevation of Privilege Vulnerability | |||||||
| CVE-2022-26932 | No | No | Less Likely | Less Likely | Important | 8.2 | 7.1 |
| CVE-2022-26938 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| CVE-2022-26939 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29126 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972 | |||||||
| ADV220001 | No | No | - | - | Critical | ||
| Visual Studio Code Remote Code Execution Vulnerability | |||||||
| CVE-2022-30129 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2022-29148 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows ALPC Elevation of Privilege Vulnerability | |||||||
| CVE-2022-23279 | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
| Windows Address Book Remote Code Execution Vulnerability | |||||||
| CVE-2022-26926 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Authentication Security Feature Bypass Vulnerability | |||||||
| CVE-2022-26913 | No | No | Less Likely | Less Likely | Important | 7.4 | 6.4 |
| Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29135 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| CVE-2022-29150 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| CVE-2022-29151 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Clustered Shared Volume Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29138 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Clustered Shared Volume Information Disclosure Vulnerability | |||||||
| CVE-2022-29134 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| CVE-2022-29120 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| CVE-2022-29122 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| CVE-2022-29123 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29113 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Failover Cluster Information Disclosure Vulnerability | |||||||
| CVE-2022-29102 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Fax Service Remote Code Execution Vulnerability | |||||||
| CVE-2022-29115 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Graphics Component Information Disclosure Vulnerability | |||||||
| CVE-2022-26934 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| CVE-2022-22011 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| CVE-2022-29112 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||||
| CVE-2022-26927 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2022-22713 | Yes | No | Less Likely | Less Likely | Important | 5.6 | 5.1 |
| Windows Hyper-V Security Feature Bypass Vulnerability | |||||||
| CVE-2022-24466 | No | No | Less Likely | Less Likely | Important | 4.1 | 3.6 |
| Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29106 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||||
| CVE-2022-26931 | No | No | Less Likely | Less Likely | Critical | 7.5 | 6.5 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29133 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29142 | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| CVE-2022-29116 | No | No | Less Likely | Less Likely | Important | 4.7 | 4.1 |
| Windows LDAP Remote Code Execution Vulnerability | |||||||
| CVE-2022-22012 | No | No | Less Likely | Less Likely | Important | 9.8 | 8.5 |
| CVE-2022-22013 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-22014 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29128 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29129 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29130 | No | No | Less Likely | Less Likely | Important | 9.8 | 8.5 |
| CVE-2022-29131 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29137 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29139 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2022-29141 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Windows LSA Spoofing Vulnerability | |||||||
| CVE-2022-26925 | Yes | Yes | Detected | Detected | Important | 8.1 | 7.1 |
| Windows NTFS Information Disclosure Vulnerability | |||||||
| CVE-2022-26933 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Network File System Remote Code Execution Vulnerability | |||||||
| CVE-2022-26937 | No | No | More Likely | More Likely | Critical | 9.8 | 8.5 |
| Windows PlayToManager Elevation of Privilege Vulnerability | |||||||
| CVE-2022-22016 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29104 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
| CVE-2022-29132 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
| Windows Print Spooler Information Disclosure Vulnerability | |||||||
| CVE-2022-29114 | No | No | More Likely | More Likely | Important | 5.5 | 4.8 |
| CVE-2022-29140 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Push Notifications Apps Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29125 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||||
| CVE-2022-29103 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | |||||||
| CVE-2022-26930 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |||||||
| CVE-2022-22015 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows Server Service Information Disclosure Vulnerability | |||||||
| CVE-2022-26936 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows WLAN AutoConfig Service Denial of Service Vulnerability | |||||||
| CVE-2022-29121 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows WLAN AutoConfig Service Information Disclosure Vulnerability | |||||||
| CVE-2022-26935 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments