logo
DATABASE RESOURCES PRICING ABOUT US

Patch Tuesday - May 2022

Description

![Patch Tuesday - May 2022](https://blog.rapid7.com/content/images/2022/05/patches-2.jpg) This month is par for the course in terms of both number and severity of vulnerabilities being patched by Microsoft. That means there’s plenty of work to be done by system and network administrators, as usual. There is one 0-day this month: [CVE-2022-26925](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26925>), a Spoofing vulnerability in the Windows Local Security Authority (LSA) subsystem, which allows attackers able to perform a man-in-the-middle attack to force domain controllers to authenticate to the attacker using NTLM authentication. This is very bad news when used in conjunction with an [NTLM relay attack](<https://www.rapid7.com/blog/post/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/>), potentially leading to remote code execution (RCE). This bug affects all supported versions of Windows, but Domain Controllers should be patched on a priority basis before updating other servers. Two other CVEs were also publicly disclosed before today’s releases, though they have not yet been seen exploited in the wild. [CVE-2022-22713](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22713>) is a denial-of-service vulnerability that affects Hyper-V servers running relatively recent versions of Windows (20H2 and later). [CVE-2022-29972](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29972>) is a Critical RCE that affects the Amazon Redshift ODBC driver used by Microsoft’s Self-hosted Integration Runtime (a client agent that enables on-premises data sources to exchange data with cloud services such as Azure Data Factory and Azure Synapse Pipelines). This vulnerability also prompted Microsoft to publish their first guidance-based advisory of the year, ADV220001, indicating their plans to strengthen tenant isolation in their cloud services without actually providing any specific details or actions to be taken by customers. All told, 74 CVEs were fixed this month, the vast majority of which affect functionality within the Windows operating system. Other notable vulnerabilities include [CVE-2022-21972](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21972>) and [CVE-2022-23270](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23270>), critical RCEs in the Point-to-Point Tunneling Protocol. Exploitation requires attackers to win a race condition, which increases the complexity, but if you have any RAS servers in your environment, patch sooner rather than later. [CVE-2022-26937](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26937>) carries a CVSSv3 score of 9.8 and affects services using the Windows Network File System (NFS). This can be mitigated by disabling NFSV2 and NFSV3 on the server; however, this may cause compatibility issues, and upgrading is highly recommended. [CVE-2022-22017](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22017>) is yet another client-side Remote Desktop Protocol (RDP) vulnerability. While not as worrisome as when an RCE affects RDP servers, if a user can be enticed to connect to a malicious RDP server via social engineering tactics, an attacker will gain RCE on their system. Sharepoint Server administrators should be aware of [CVE-2022-29108](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29108>), a post-authentication RCE fixed today. Exchange admins have [CVE-2022-21978](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21978>) to worry about, which could allow an attacker with elevated privileges on an Exchange server to gain the rights of a Domain Administrator. A host of Lightweight Directory Access Protocol (LDAP) vulnerabilities were also addressed this month, including [CVE-2022-22012](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22012>) and [CVE-2022-29130](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29130>) – both RCEs that, thankfully, are only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Although there are no browser vulnerabilities this month, two RCEs affecting Excel ([CVE-2022-29109](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29109>) and [CVE-2022-29110](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29110>)) and one Security Feature Bypass affecting Office ([CVE-2022-29107](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29107>)) mean there is still some endpoint application patching to do. ## Summary charts ![Patch Tuesday - May 2022](https://blog.rapid7.com/content/images/2022/05/2022-05-vuln_count_severity.png)![Patch Tuesday - May 2022](https://blog.rapid7.com/content/images/2022/05/2022-05-vuln_count_impact.png)![Patch Tuesday - May 2022](https://blog.rapid7.com/content/images/2022/05/2022-05-cvssv3_hist.png)![Patch Tuesday - May 2022](https://blog.rapid7.com/content/images/2022/05/2022-05-vuln_count_component.png) ## Summary tables ### Azure vulnerabilities CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? ---|---|---|---|---|--- [CVE-2022-29972](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29972>) | Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver | No | Yes | N/A | Yes ### Developer Tools vulnerabilities CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? ---|---|---|---|---|--- [CVE-2022-29148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29148>) | Visual Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes [CVE-2022-30129](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30129>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 8.8 | Yes [CVE-2022-23267](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267>) | .NET and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No [CVE-2022-29117](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117>) | .NET and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No [CVE-2022-29145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29145>) | .NET and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No [CVE-2022-30130](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30130>) | .NET Framework Denial of Service Vulnerability | No | No | 3.3 | No ### ESU Windows vulnerabilities CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? ---|---|---|---|---|--- [CVE-2022-26935](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26935>) | Windows WLAN AutoConfig Service Information Disclosure Vulnerability | No | No | 6.5 | Yes [CVE-2022-29121](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29121>) | Windows WLAN AutoConfig Service Denial of Service Vulnerability | No | No | 6.5 | Yes [CVE-2022-26936](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26936>) | Windows Server Service Information Disclosure Vulnerability | No | No | 6.5 | Yes [CVE-2022-22015](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22015>) | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | No | No | 6.5 | Yes [CVE-2022-29103](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29103>) | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | No | No | 7.8 | No [CVE-2022-29132](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29132>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No [CVE-2022-26937](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26937>) | Windows Network File System Remote Code Execution Vulnerability | No | No | 9.8 | Yes [CVE-2022-26925](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26925>) | Windows LSA Spoofing Vulnerability | Yes | Yes | 8.1 | Yes [CVE-2022-22012](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22012>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 9.8 | Yes [CVE-2022-29130](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29130>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 9.8 | Yes [CVE-2022-22013](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22013>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | No [CVE-2022-22014](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22014>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | No [CVE-2022-29128](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29128>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | Yes [CVE-2022-29129](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29129>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | Yes [CVE-2022-29137](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29137>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | No [CVE-2022-29139](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29139>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | Yes [CVE-2022-29141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29141>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | No [CVE-2022-26931](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26931>) | Windows Kerberos Elevation of Privilege Vulnerability | No | No | 7.5 | Yes [CVE-2022-26934](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26934>) | Windows Graphics Component Information Disclosure Vulnerability | No | No | 6.5 | Yes [CVE-2022-29112](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29112>) | Windows Graphics Component Information Disclosure Vulnerability | No | No | 6.5 | Yes [CVE-2022-22011](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22011>) | Windows Graphics Component Information Disclosure Vulnerability | No | No | 5.5 | Yes [CVE-2022-29115](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29115>) | Windows Fax Service Remote Code Execution Vulnerability | No | No | 7.8 | Yes [CVE-2022-26926](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26926>) | Windows Address Book Remote Code Execution Vulnerability | No | No | 7.8 | Yes [CVE-2022-22019](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22019>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | Yes [CVE-2022-21972](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21972>) | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 | Yes [CVE-2022-23270](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23270>) | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 | Yes [CVE-2022-29105](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29105>) | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | No | No | 7.8 | No [CVE-2022-29127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29127>) | BitLocker Security Feature Bypass Vulnerability | No | No | 4.2 | Yes ### Exchange Server vulnerabilities CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? ---|---|---|---|---|--- [CVE-2022-21978](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21978>) | Microsoft Exchange Server Elevation of Privilege Vulnerability | No | No | 8.2 | Yes ### Microsoft Office vulnerabilities CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? ---|---|---|---|---|--- [CVE-2022-29108](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29108>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes [CVE-2022-29107](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29107>) | Microsoft Office Security Feature Bypass Vulnerability | No | No | 5.5 | Yes [CVE-2022-29109](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29109>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes [CVE-2022-29110](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29110>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes ### Windows vulnerabilities CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? ---|---|---|---|---|--- [CVE-2022-26930](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26930>) | Windows Remote Access Connection Manager Information Disclosure Vulnerability | No | No | 5.5 | Yes [CVE-2022-29125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29125>) | Windows Push Notifications Apps Elevation of Privilege Vulnerability | No | No | 7 | Yes [CVE-2022-29114](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29114>) | Windows Print Spooler Information Disclosure Vulnerability | No | No | 5.5 | Yes [CVE-2022-29140](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29140>) | Windows Print Spooler Information Disclosure Vulnerability | No | No | 5.5 | Yes [CVE-2022-29104](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29104>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No [CVE-2022-22016](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22016>) | Windows PlayToManager Elevation of Privilege Vulnerability | No | No | 7 | Yes [CVE-2022-26933](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26933>) | Windows NTFS Information Disclosure Vulnerability | No | No | 5.5 | Yes [CVE-2022-29131](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29131>) | Windows LDAP Remote Code Execution Vulnerability | No | No | 8.8 | Yes [CVE-2022-29116](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29116>) | Windows Kernel Information Disclosure Vulnerability | No | No | 4.7 | Yes [CVE-2022-29133](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29133>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 8.8 | Yes [CVE-2022-29142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29142>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7 | Yes [CVE-2022-29106](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29106>) | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | No | No | 7 | Yes [CVE-2022-24466](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24466>) | Windows Hyper-V Security Feature Bypass Vulnerability | No | No | 4.1 | Yes [CVE-2022-22713](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22713>) | Windows Hyper-V Denial of Service Vulnerability | No | Yes | 5.6 | Yes [CVE-2022-26927](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26927>) | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 8.8 | Yes [CVE-2022-29102](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29102>) | Windows Failover Cluster Information Disclosure Vulnerability | No | No | 5.5 | Yes [CVE-2022-29113](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29113>) | Windows Digital Media Receiver Elevation of Privilege Vulnerability | No | No | 7.8 | Yes [CVE-2022-29134](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29134>) | Windows Clustered Shared Volume Information Disclosure Vulnerability | No | No | 6.5 | Yes [CVE-2022-29120](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29120>) | Windows Clustered Shared Volume Information Disclosure Vulnerability | No | No | 6.5 | Yes [CVE-2022-29122](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29122>) | Windows Clustered Shared Volume Information Disclosure Vulnerability | No | No | 6.5 | Yes [CVE-2022-29123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29123>) | Windows Clustered Shared Volume Information Disclosure Vulnerability | No | No | 6.5 | Yes [CVE-2022-29138](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29138>) | Windows Clustered Shared Volume Elevation of Privilege Vulnerability | No | No | 7 | Yes [CVE-2022-29135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29135>) | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | No | No | 7 | Yes [CVE-2022-29150](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29150>) | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | No | No | 7 | Yes [CVE-2022-29151](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29151>) | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | No | No | 7 | Yes [CVE-2022-26913](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26913>) | Windows Authentication Security Feature Bypass Vulnerability | No | No | 7.4 | Yes [CVE-2022-23279](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23279>) | Windows ALPC Elevation of Privilege Vulnerability | No | No | 7 | Yes [CVE-2022-29126](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29126>) | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | No | No | 7 | Yes [CVE-2022-26932](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26932>) | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 8.2 | Yes [CVE-2022-26938](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26938>) | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 7 | Yes [CVE-2022-26939](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26939>) | Storage Spaces Direct Elevation of Privilege Vulnerability | No | No | 7 | Yes [CVE-2022-26940](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26940>) | Remote Desktop Protocol Client Information Disclosure Vulnerability | No | No | 6.5 | Yes [CVE-2022-22017](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22017>) | Remote Desktop Client Remote Code Execution Vulnerability | No | No | 8.8 | Yes [CVE-2022-26923](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26923>) | Active Directory Domain Services Elevation of Privilege Vulnerability | No | No | 8.8 | Yes #### NEVER MISS A BLOG Get the latest stories, expertise, and news about security today. Subscribe


Related