MICROSOFT PATCH TUESDAY MAY 2022
Windows 10 21H2
Windows 10 v21H1
Windows 10 20H2 & Windows Server v20H2
Windows 10 1909
Windows Server 2022
Windows Server 2019
Windows Server 2016
Windows 8.1 & Server 2012 R2
Windows Server 2012
Microsoft Exchange Server
Microsoft Visual Studio
Microsoft Remote Desktop Client
For more exhaustive information consult the release notes on: https://msrc.microsoft.com/update-guide/releaseNote/2022-May
Several types, ranging from spoofing to privilege escalation and remote code execution.
7 vulnerabilities are rated as critical and 66 vulnerabilities are rated as important, including one zero-day being actively exploited.
Remote code execution (RCE) accounted for 32.4% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 28.3%. In the minor categories, we have information disclosure with 22.9% followed by denial of service (DoS) 8.1%.
This month’s Patch Tuesday includes 7 critical, 66 important and 1 low severity vulnerabilities for a wide range of Microsoft products, impacting Microsoft Server and Workstations.
It includes one publicly disclosed zero-day being actively exploited in the wild.
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday”, and contain security fixes for Microsoft devices and software.
This month’s release covers 74 vulnerabilities. Seven vulnerabilities are marked as critical (see below for a quick selection of the most concerning ones, critical vulnerabilities should always be considered as concerning). Some are more likely to be exploited in the near future and urgent patching is advised.
CVE-2022-26925 is a Spoofing vulnerability affecting Windows LSA. It received a CVSSv3.1 score of 8.1 and exploitation of this zero-day was detected in the wild. An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM.
CVE-2022-21978 is an EoP vulnerability affecting Microsoft Exchange Server. It received a CVSSv3.1 score of 8.2. Successful exploitation of this vulnerability requires the attacker to be authenticated to the Exchange Server as a member of a high privileged group.
CVE-2022-22012 and CVE-2022-29130 are RCE vulnerabilities affecting Windows LDAP. It received a CVSSv3.1 score of 9.8. An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker’s code running in the context of the SYSTEM account. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. For more information, please see Microsoft’s LDAP policies.
CVE-2022-22017 is a RCE vulnerability affecting the Remote Desktop Client. It received a CVSSv3.1 score of 8.8 and a rating of « Exploitation More Likely ». An attacker could convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim’s system in the context of the targeted user.
CVE-2022-26913 is a Windows Authentication Security Feature Bypass vulnerability. It received a CVSSv3.1 score of 7.4. An attacker who successfully exploited this vulnerability could carry out a Man-in-the-Middle attack and could decrypt and read or modify TLS traffic between the client and server. There is no impact to the availability of the attacked machine.
CVE-2022-26923 is an EoP vulnerability affecting Active Directory Domain Services. It received a CVSSv3.1 score of 8.8 and a rating of « Exploitation More Likely ». An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow EoP.
CVE-2022-26937 is a RCE vulnerability affecting Windows Network File System. It received a CVSSv3.1 score of 9.8 and a rating of « Exploitation More Likely ». This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a NFS service to trigger a RCE. This vulnerability is not exploitable in NFSV4.1.
CVE-2022-29108 is a RCE vulnerability affecting Microsoft SharePoint Server. It received a CVSSv3.1 score of 8.8 and a rating of « Exploitation More Likely ». The attacker must be authenticated and have the permissions for page creation to be able to exploit this vulnerability.
CVE-2022-29133 is an EoP vulnerability affecting Windows Kernel. It received a CVSSv3.1 score of 8.8. A successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.
The CCB recommends installing updates for vulnerable devices with the highest priority, after thorough testing.