The latest edition of Patch Tuesday offers fixes for 7 critical flaws, including 5 RCE (remote code execution) bugs and 2 EoP (elevation of privilege) flaws, and 67 other relatively minor flaws.
Microsoft has released its May 2022 Patch Tuesday update. This time, the company has released fixes for 74 new security flaws, including a Windows LSA Spoofing Vulnerability.
According to the Redmond-based tech giant Microsoft, this vulnerability was being actively exploited in the wild. It is worth noting that Microsoft releases patches for its products on every month’s second Tuesday, hence the name Patch Tuesday.
Which Products Received Patches?
May’s security update involves patches for several components of the Windows OS such as the Visual Studio platform, the .NET platform, MS Office, Exchange Server, Remote Desktop Client, Windows Hyper-V, Windows Authentication Methods, BitLocker, Windows Point-to-Point Tunneling Protocol, MS Edge, and NTFS. A Beijing-based cybersecurity firm Cyber-Kunlun reported 30 out of the 74 vulnerabilities.
Details of the Fixes
Apart from the abovementioned vulnerability, the latest edition of Patch Tuesday offers fixes for seven critical flaws, including 5 RCE (remote code execution) bugs and 2 EoP (elevation of privilege) flaws, and 67 other relatively minor flaws. Furthermore, the tech giant has fixed issues related to Denial of Service, security feature bypasses, information exposure, and spoofing.
“This wave of patches from Microsoft contains some highly concerning vulnerabilities individually, but also in a broader context. Consider that in April-May 2022, more than one-in-three vulnerabilities Microsoft identified (1,330 or 36%) are remote code execution vulnerabilities.”
“This of course represents a massive opportunity for malicious actors to compromise nearly any customer. In total, several of these vulnerabilities represent a Log4J level of exposure, particularly if you consider what it would take to patch millions of servers.”Satya Gupta – Virsec CTO and Co-founder
Critical Flaws Fixed in May 2022 Patch Tuesday
Here is a detailed analysis of the most ‘important’ and ‘critical’ flaws patched by Microsoft in its latest update.
This is the only actively exploited flaw in this list. It lets threat actors perform a Man-in-the-Middle attack by infusing a method on the LSARPC interface and forcing the domain controller to authenticate the attacker using NTLM.
The flaw was identified in a central component of the Windows Local Security Authority process and impacted Windows 7 to 10 and Windows Server OS 2008 to 2022. Microsoft gave it a CVSS severity score of 8.1, noting that if used in combination with NTLM, the CVSS score will climb to 9.8.
This critical vulnerability inserts crafted data into an original certificate request to exploit certificate issuance and lets the attack obtain a certificate to authenticate a domain controller with elevated privileges and become a domain admin. This flaw was given a CVSS score of 8.8.
CVE-2022-26937 and CVE-2022-29972
These vulnerabilities (1 & 2) are noteworthy since the first one is an RCE flaw in the Windows NFS (network file system) and targets methods used in mixed OS environments. In contrast, the second flaw is identified in the Magnitude Simba Amazon Redshift ODBC Driver.
It is given a CVSS score of 5.6 and according to Microsoft, it is a Windows Hyper-V Denial-of-Service issue. Successful exploitation of this vulnerability requires an attacker to win a race condition.
Additionally, several RCE bugs were also patched in this update. These include CVE-2022-22012, CVE-2022-29130 in Windows LDAP, CVE-2022-26927 in Windows Graphics, CVE-2022-29133 in Windows Kernel, CVE-2022-22019 in Remote Procedure Call Runtime, and CVE-2022-30129 in Visual Studio Code.
More Microsoft Security News
- Attackers exploiting Windows Installer vulnerability despite patching
- Attackers bypass Microsoft security patch to drop Formbook malware
- Microsoft Patches 85 Flaws, One Allowed FinFisher Spyware Installation
- Microsoft warns of Azure vulnerability which exposed users to data theft
- Unpatched Microsoft Exchange Servers abused in a new phishing campaign