Skip to main content
Patch ManagementPatch Tuesday

May Patch Tuesday 2022 Addresses 74 Critical Issues

By May 10, 2022June 22nd, 2022No Comments
|

Watch our May Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 7 Rated Critical and 66 are rated Important with the remaining 1 marked as Low.  Microsoft Windows and Windows Components, .NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Methods, BitLocker, Windows Cluster Shared Volume (CSV), Remote Desktop Client, Windows Network File System, NTFS, and Windows Point-to-Point Tunnelling Protocol have all been updated.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “One of the most serious characteristics of a vulnerability is the Scope; which we call the Jump Point.  It suggests that should a hacker expose a specific vulnerability, they would be able to jump from that specific technology and hop into another, which is exactly what they did with the Solar Winds hack.  In this release Microsoft is resolving 11 vulnerabilities which have an exposed Jump Point.”

Top May 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2022-26925: Windows LSA Spoofing Vulnerability

An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.  This security update detects anonymous connection attempts in LSARPC and disallows it.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.1
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-22713: Windows Hyper-V Denial of Service Vulnerability

Successful exploitation of this vulnerability requires an attacker to win a race condition.

Syxscore

  • Vendor Severity: Important
  • CVSS: 5.6
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

3. CVE-2022-26937: Windows Network File System Remote Code Execution Vulnerability

This bug could allow remote, unauthenticated attackers to execute code in the context of the Network File System (NFS) service on affected systems.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: Yes – This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV2 and NFSV3.

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

Reference Description Vendor Severity CVSS Score Public Aware Weaponised Countermeasure Syxsense Recommended
CVE-2022-26925 Windows LSA Spoofing Vulnerability Important 8.1 Yes Yes No Yes
CVE-2022-29972 Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver Critical N/A Yes No No Yes
CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability Important 5.6 Yes No No Yes
CVE-2022-26937 Windows Network File System Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2022-22012 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2022-29130 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No Yes – This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. Yes
CVE-2022-26923 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No Yes – A system is vulnerable only if Active Directory Certificate Services is running on the domain. Yes
CVE-2022-22017 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-29108 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22019 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-30129 Visual Studio Code Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-26927 Windows Graphics Component Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29133 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2022-22013 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22014 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29128 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29129 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29131 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29137 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29139 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29141 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21978 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-26932 Storage Spaces Direct Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-21972 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-23270 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-29109 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29110 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29105 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29148 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-26926 Windows Address Book Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29113 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-29115 Windows Fax Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29104 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29132 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29103 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-26931 Windows Kerberos Elevation of Privilege Vulnerability Critical 7.5 No No No
CVE-2022-23267 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29117 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29145 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-26913 Windows Authentication Security Feature Bypass Vulnerability Important 7.4 No No No
CVE-2022-26938 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26939 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29126 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29135 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29150 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29151 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29138 Windows Clustered Shared Volume Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29106 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29142 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-22016 Windows Play To Manager Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29125 Windows Push Notifications Apps Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26940 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29120 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29122 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29123 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29134 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26934 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29112 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-22015 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26936 Windows Server Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29121 Windows WLAN AutoConfig Service Denial of Service Vulnerability Important 6.5 No No No
CVE-2022-26935 Windows WLAN AutoConfig Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29107 Microsoft Office Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2022-29102 Windows Failover Cluster Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-22011 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26933 Windows NTFS Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29114 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29140 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26930 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29116 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No No
CVE-2022-29127 BitLocker Security Feature Bypass Vulnerability Important 4.2 No No No
CVE-2022-24466 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.1 No No No
CVE-2022-30130 .NET Framework Denial of Service Vulnerability Low 3.3 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Start a Free Trial

Leave a Reply