Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Today is Microsoft's May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws.

Of the 75 vulnerabilities fixed in today's update, eight are classified as 'Critical' as they allow remote code execution or elevation of privileges.

The number of bugs in each vulnerability category is listed below:
  • 21 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 26 Remote Code Execution Vulnerabilities
  • 17 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability
  • 0 Edge - Chromium Vulnerabilities
For information about the non-security Windows updates, you can read about today's Windows 10 KB5013942 and KB5013945 updates.

Three zero-days fixed, two actively exploited

This month's Patch Tuesday includes fixes for three zero-day vulnerabilities, with one actively exploited and the others publicly disclosed.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The actively exploited zero-day vulnerability fixed today is a new NTLM relay attack tracked as 'CVE-2022-26925 - Windows LSA Spoofing Vulnerability.'

"An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it," explains Microsoft in their advisory.

Using this attack, threat actors can intercept legitimate authentication requests and use them to gain elevated privileges, even as far as assuming the identity of a domain controller.

The two publicly exposed zero-days are a denial of service vulnerability in Hyper-V and a new remote code execution vulnerability in Azure Synapse and Azure Data Factory.
  • CVE-2022-22713 - Windows Hyper-V Denial of Service Vulnerability
  • CVE-2022-29972 - Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver
Now that Microsoft has issued patches for these vulnerabilities, admins should expect that threat actors will analyze the security updates to see what has changed. Then, using this information, they will create their own exploits to use in attacks

Therefore, it is strongly advised to install today's security updates as soon as possible.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
ZDI: The May 2022 Security Update Review
It’s the fifth second Tuesday of 2022, which also means it’s the also the fifth Patch Tuesday of the year, and it brings with it the latest security updates from Adobe and Microsoft. This is also the last release before Pwn2Own Vancouver, which means multiple participants will be holding their breath to see if their exploits still work or were patched out. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.

Adobe Patches for May 2022

For May, Adobe released five bulletins addressing 18 CVEs in Adobe CloudFusion, InCopy, Framemaker, InDesign, and Adobe Character Animator. A total of 17 of these CVEs were reported by ZDI vulnerability researcher Mat Powell. The largest of these patches is the fix for Framemaker with 10 CVEs in total. Nine of these are Critical-rated bugs that could lead to code execution, mostly due to Out-of-Bounds (OOB) Write vulnerabilities. The patch for InDesign addresses three Critical-rated bugs that could lead to code execution. Two of these are due to OOB Writes while one is an OOB Read. The patch for InCopy also fixes three Critical-rated code execution bugs. In this case, it’s two OOB Writes plus a Use-After-Free (UAF). The patch for Character Animator fixes a single, Critical-rated OOB Write code execution bug. Finally, the ColdFusion patch corrects an Important-rated reflected cross-site scripting (XSS) bug.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes all of these updates as priority 3.

Microsoft Patches for May 2022

For May, Microsoft released 74 new patches addressing CVEs in Microsoft Windows and Windows Components, .NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Methods, BitLocker, Windows Cluster Shared Volume (CSV), Remote Desktop Client, Windows Network File System, NTFS, and Windows Point-to-Point Tunneling Protocol. This is in addition to the 36 CVEs patched by Microsoft Edge (Chromium-based) in late April.

Of the 74 CVEs released today, seven are rated Critical, 66 are rated Important, and one is rated Low in severity. A total of seven of these bugs came through the ZDI program. Historically speaking, this volume is in line with May releases in the past, with 19 more than May 2021, but 5 less than May 2019. The entire 2020 release volume was somewhat of an anomaly, so comparisons there aren’t as useful.

One of the bugs released today is listed as publicly known and under active attack, while two others are listed as publicly known at the time of release.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Ghacks: Microsoft Windows Security Updates May 2022 overview
Microsoft released security and non-security updates for its Windows operating system and for other company products on the May 2022 Patch Day.

Updates are available for all client and server versions of Windows that Microsoft supports. These updates are already released via Windows Update and other update management products and services. Updates are also available as direct downloads.

Our guide acts as a reference for home users and administrators. It lists important information about the updates, links to Microsoft support pages, has a list of known issues as reported by Microsoft, links to direct downloads, and a lot more.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
After updating windows a few minutes ago, I'm getting this when I try to open Terminal or Powershell 😒
1652208008586.png
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Odd, I just checked and it worked for me. Wonder what happened?
Found the reason. Microsoft is at fault for pushing the update without first fixing known issues.
This is the reason:
Microsoft: Windows 11 KB5012643 update will break some apps
Looks like the cumulative preview update was installed on my device. I don't remember installing it. Maybe I did, by mistake. My PC shows it was installed on April 27.
The workaround is to enable .NET 3.5 which I just did, and the error is gone now.
1652209275897.png

Waiting for Microsoft to release a fix so that I can disable it again.
I just realized you’re on W10 aren’t you? I don’t have a W10 machine left to check.
No, it's Windows 11.
 
Last edited:

Numeriku

Level 2
Verified
Mar 13, 2022
65
Found the reason. Microsoft is at fault for pushing the update without first fixing known issues.
This is the reason:
Microsoft: Windows 11 KB5012643 update will break some apps
Looks like the cumulative preview update was installed on my device. I don't remember installing it. Maybe I did, by mistake. My PC shows it was installed on April 27.
The workaround is to enable .NET 3.5 which I just did, and the error is gone now.
View attachment 266532
Waiting for Microsoft to release a fix so that I can disable it again.

No, it's Windows 11.

Oh god, you saved my life, i was wondering why some of my apps failed to start. 😀
 

Trooper

Level 16
Verified
Top Poster
Well-known
Aug 28, 2015
772
Found the reason. Microsoft is at fault for pushing the update without first fixing known issues.
This is the reason:
Microsoft: Windows 11 KB5012643 update will break some apps
Looks like the cumulative preview update was installed on my device. I don't remember installing it. Maybe I did, by mistake. My PC shows it was installed on April 27.
The workaround is to enable .NET 3.5 which I just did, and the error is gone now.
View attachment 266532
Waiting for Microsoft to release a fix so that I can disable it again.

No, it's Windows 11.

Just ran into the same issue here. Thanks MS.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
It’s odd, I feel like I installed the preview, but I am not having an issue.

Edit: yep I did install the .net preview. So it’s not 100% breakage. Definitely avoiding preview updates for now.
 

Brahman

Level 16
Verified
Top Poster
Well-known
Aug 22, 2013
799
Maybe next time don't install preview updates instead of blaming Microsoft, this is a known bug and the update was never pushed to the wild.
I know that windows is not safe only backups are but the update previews should be limited to beta testers..even if it's a preview most people will install an update as soon as it gets available.
 

Sorrento

Level 9
Verified
Well-known
Dec 7, 2021
402
Maybe next time don't install preview updates instead of blaming Microsoft, this is a known bug and the update was never pushed to the wild.
Well it is pushed, it comes up on Windows Update & looks to some as a legitimate update - I've had to warn several who install previews thinking they should - Maybe it's Apple's fault?
 
  • Like
Reactions: M4RT1NE2

kC77

Level 5
Verified
Well-known
Aug 16, 2021
230
Well it is pushed, it comes up on Windows Update & looks to some as a legitimate update - I've had to warn several who install previews thinking they should - Maybe it's Apple's fault?
it would show in windows update if you are a "seeker" e.g if you are manually searching for updates

and it would of been labelled clearly as "preview" and you would of then needed to click install
if you just leave systems to auto update as per policies it wouldn't of been pushed

im a "seeker" and did install the preview but didnt have any issues after installing this latest updates...
 
  • Like
Reactions: M4RT1NE2

Sorrento

Level 9
Verified
Well-known
Dec 7, 2021
402
You mean 'click on 'Windows Update' ? To check for updates? What a dreadful thing to do? On a personal basis & not talking about Previews here, I like to update Windows at a time of my choosing, not wait until MS decided to install updates when I'm doing something important as in Patch Tuesday for example.
 

kC77

Level 5
Verified
Well-known
Aug 16, 2021
230
You mean 'click on 'Windows Update' ? To check for updates? What a dreadful thing to do? On a personal basis & not talking about Previews here, I like to update Windows at a time of my choosing, not wait until MS decided to install updates when I'm doing something important as in Patch Tuesday for example.
certainly not a bad thing to regularly check for updates!
yeh click on windows update means you are a "seeker" and will get offered previews..... its then up to you if you want to install or not, in this case you clicked yes, you accepted a preview, as with everything on the internet its always a good idea to read what it is before clicking accept/download/install.
you could always change your preferences in gpedit
gp.jpg
 
Last edited:
  • Like
Reactions: M4RT1NE2

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top