Microsoft has released the new set of security patches in the Patch Tuesday, May 2022 edition. This Patch Tuesday security advisory addressed 75 vulnerabilities including one advisory (ADV220001) for Azure in response to CVE-2022-29972, a publicly exposed Zero-Day Remote Code Execution (RCE) Vulnerability. Out of these 75 vulnerabilities, eight are classified as Critical.
This month’s Patch Tuesday release includes fixes for two other zero-days as well – one known to be actively exploited (CVE-2022-26925) and the other for being publicly exposed (CVE-2022-22713).
The advisory covers multiple Microsoft product families, including Azure, Developer Tools, Extended Security Update (ESU), Exchange Server, Microsoft Office, and Windows. A total of 97 unique Microsoft products/versions are affected.
Downloads include Monthly Rollup, Security Only, Security Update, and ServicingStackUpdate.
The vulnerabilities are classified as follows:
- Spoofing Vulnerability: 1
- Denial of Service Vulnerability: 6
- Elevation of Privilege Vulnerability: 21
- Information Disclosure Vulnerability: 17
- Security Feature Bypass Vulnerability: 4
- Remote Code Execution Vulnerability: 26
Three zero-day vulnerabilities fixed this month
CVE-2022-26925 – Windows LSA Spoofing Vulnerability
An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows them.
CVE-2022-22713 – Windows Hyper-V Denial of Service Vulnerability
A race condition in Microsoft Hyper-V could lead to a denial of service. Based on the security guidance only Windows 10 20H2, 21H1, and 21H2, along with Windows Server 20H2 are impacted by this vulnerability.
CVE-2022-29972 – Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver
The flaw affects the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a whole. The vulnerability could allow attackers to execute remote commands across the Integration Runtime infrastructure.
Important Microsoft vulnerabilities patched this month
CVE-2022-21978 – Microsoft Exchange Server Elevation of Privilege Vulnerability
Successful exploitation of this vulnerability requires the attacker to be authenticated to the Exchange Server as a member of a highly privileged group.
CVE-2022-22012 and CVE-2022-29130 – Windows LDAP Remote Code Execution (RCE) Vulnerability
An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker’s code running in the context of the SYSTEM account.
This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. For more information, please see Microsoft’s LDAP policies.
CVE-2022-22017 – Remote Desktop Client Remote Code Execution Vulnerability
An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim’s system in the context of the targeted user.
CVE-2022-26913 – Windows Authentication Security Feature Bypass Vulnerability
An attacker who successfully exploited this vulnerability could carry out a Man-in-the-Middle (MITM) attack and could decrypt and read or modify TLS traffic between the client and server. There is no impact on the availability of the attacked machine.
CVE-2022-26923 – Active Directory Domain Services Elevation of Privilege Vulnerability
An authenticated user could manipulate attributes on computer accounts they own or manage and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege.
CVE-2022-26937 – Windows Network File System Remote Code Execution Vulnerability
This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).
This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV2 and NFSV3. This may adversely affect your ecosystem and should only be used as temporary mitigation.
CVE-2022-29108 – Microsoft SharePoint Server Remote Code Execution Vulnerability
The attacker must be authenticated and possess permissions for page creation to be able to exploit this vulnerability.
CVE-2022-29133 – Windows Kernel Elevation of Privilege Vulnerability
In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could gain more privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.
Visit the May 2022 Security Updates page to access the full description of each vulnerability and the systems that it affects.
Customers can scan their network with QIDs 110408, 110407, 376584, 50120, 91894, 91895, 91896, 91897, 91898, 91899, 91900, 91901, 91903, 91904, 91905, 91906 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.
References:
https://msrc.microsoft.com/update-guide/releaseNote/2022-May
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2022-patch-tuesday-fixes-3-zero-days-75-flaws/