Microsoft Patch Tuesday – May 2022

Microsoft addresses 73 CVEs in its May 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild.

This month’s update includes patches for:

• .NET and Visual Studio
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Local Security Authority Server (lsasrv)
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Windows ALPC
• Remote Desktop Client
• Role: Windows Fax Service
• Role: Windows Hyper-V
• Self-hosted Integration Runtime
• Tablet Windows User Interface
• Visual Studio
• Visual Studio Code
• Windows Active Directory
• Windows Address Book
• Windows Authentication Methods
• Windows BitLocker
• Windows Cluster Shared Volume (CSV)
• Windows Failover Cluster Automation Server
• Windows Kerberos
• Windows Kernel
• Windows LDAP – Lightweight Directory Access Protocol
• Windows Media
• Windows Network File System
• Windows NTFS
• Windows Point-to-Point Tunnelling Protocol
• Windows Print Spooler Components
• Windows Push Notifications
• Windows Remote Access Connection Manager
• Windows Remote Desktop
• Windows Remote Procedure Call Runtime
• Windows Server Service
• Windows Storage Spaces Controller
• Windows WLAN Auto Config Service

Windows LSA Spoofing Vulnerability

CVE-2022-26925 is a spoofing vulnerability in the Windows Local Security Authority (LSA) that received a CVSSv3 score of 8.1. Once it is chained with a new technology LAN Manager (NTLM) relay attack, the combined CVSSv3 score for the attack chain is 9.8. An unauthenticated attacker could coerce domain controllers to authenticate to an attacker-controller server using NTLM. Microsoft provides two pieces of documentation for further protecting systems against these attacks. Microsoft recommends patching domain controllers for this vulnerability since it’s been exploited in a wild like a Zero Day like Pettipottam attack chain

Windows NFS RCE Vulnerability

CVE-2022-26937 is an RCE vulnerability with a CVSSv3 score of 9.8 impacting the Windows Network File System (NFS) which can be exploited by a remote, unauthenticated attacker using a specially crafted call to an NFS service to achieve code execution and rated as Exploitation More Likely. NFS version 4.1 is not impacted by this vulnerability and recommended to disable NFS versions 2 & 3 as an immediate workaround

 LDAP RCE’s

Microsoft patched 10 vulnerabilities in Windows LDAP.

• CVE-2022-22012
• CVE-2022-22013
• CVE-2022-22014
• CVE-2022-29128
• CVE-2022-29129
• CVE-2022-29130
• CVE-2022-29131
• CVE-2022-29137
• CVE-2022-29139
• CVE-2022-29141

CVE-2022-29130 and CVE-2022-22012 received CVSSv3 scores of 9.8 and the remainder of the flaws each was scored at 8.8 and rated as Exploitation Less Likely. Except for CVE-2022-29130, CVE-2022-22012, and CVE-2022-29139, the vulnerabilities each require authentication to exploit. The exploitation of CVE-2022-29139 requires an attacker to convince a vulnerable LDAP client machine to connect to a malicious LDAP server.

Windows Hyper-V Denial of Service Vulnerability

CVE-2022-22713 is a DoS vulnerability impacting Windows Hyper-V. The exploitation of the vulnerability requires an attacker to win a race condition giving it a high complexity rating and a CVSSv3 score of 5.6. While it’s extremely unlikely that this vulnerability will see exploitation in the wild, Microsoft does note that the vulnerability was publicly disclosed.

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE-2022-21978 is an EoP vulnerability in the Exchange Server that received a CVSSv3 score of 8.2 and was rated Exploitation Less Likely. An attacker must already be authenticated to a vulnerable Exchange Server as a member of a highly privileged group to exploit this vulnerability but could use it to elevate themselves to domain administrator access. While these prerequisites might make it less likely for attackers to adopt this vulnerability.

Windows Print Spooler Elevation of Privilege Vulnerabilities

CVE-2022-29132 and CVE-2022-29104 are EoP vulnerabilities in Windows Print Spooler that received a CVSSv3 score of 7.8 and were rated Exploitation More Likely. These are just the latest in a long line of EoP vulnerabilities Microsoft has addressed in Print Spooler over the last year, several of which have been exploited in attacks.

Microsoft also patched two information disclosure vulnerabilities in Print Spooler this month: CVE-2022-29140 and CVE-2022-29114.

Along with this month’s patch releases, Windows 10 version 20H2 has reached the end of servicing and will no longer receive security updates. Users are urged to update to more recent versions to ensure they continue receiving important security updates.

For more information, please visit the link