Issued: Tuesday, 17 May, 2022 |
Last Revision: Tuesday, 17 May, 2022 |
Vendor: |
Product: |
Severity Level: |
Microsoft has released patches for 75 vulnerabilities with eight classified as critical including three zerodays and rest are classified as important. One of the zero-day vulnerability (CVE-2022-26925) have been actively exploited.
In May 2022 Microsoft has fixed problems of Privilege Elevation, Security Feature Bypass, Remote Code Execution, Information Disclosure, Denial of Service and Spoofing Vulnerability.
Products patched in this month security update includes- Windows OS and several of its components; the .NET and Visual Studio platforms; Office and its components; Exchange Server; BitLocker; Remote Desktop Client; NTFS; and Microsoft Edge.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-21972 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
CVE-2022-21978 | Microsoft Exchange Server Elevation of Privilege Vulnerability | 8.2 |
CVE-2022-22012 | Windows LDAP Remote Code Execution Vulnerability | 9.8 |
CVE-2022-22017 | Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
CVE-2022-22713 | Windows Hyper-V Denial of Service Vulnerability | 5.6 |
CVE-2022-23270 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
CVE-2022-26923 | Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
CVE-2022-26925 | Windows LSA Spoofing Vulnerability | 8.1 |
CVE-2022-26931 | Windows Kerberos Elevation of Privilege Vulnerability | 7.5 |
CVE-2022-26937 | Windows Network File System Remote Code Execution Vulnerability | 9.8 |
CVE-2022-29104 | Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
CVE-2022-29130 | Windows LDAP Remote Code Execution Vulnerability | 9.8 |
CVE-2022-29132 | Windows Print Spooler Elevation of Privilege Vulnerabilities | 7.8 |
CVE-2022-29972 | Insight Software: Magnitude Simba Amazon Redshift ODBC Drive | N/A |
CVE-2022-30138 | Windows Print Spooler Elevation of Privilege Vulnerability
| 7.8 |
Table 1: Vulnerability details
Security Update Types | Affected Product(s) |
Security Updates | .NET and Visual Studio Microsoft Edge (Chromium-based) Microsoft Exchange Server Microsoft Graphics Component Microsoft Local Security Authority Server (lsasrv) Microsoft Office Microsoft Office Excel Microsoft Office SharePoint Microsoft Windows ALPC Remote Desktop Client Role: Windows Fax Service Role: Windows Hyper-V Self-hosted Integration Runtime Tablet Windows User Interface Visual Studio Visual Studio Code Windows Active Directory Windows Address Book Windows Authentication Methods Windows BitLocker Windows Cluster Shared Volume (CSV) Windows Failover Cluster Automation Server Windows Kerberos Windows Kernel Windows LDAP - Lightweight Directory Access Protocol Windows Media Windows Network File System Windows NTFS Windows Point-to-Point Tunneling Protocol Windows Print Spooler Components Windows Push Notifications Windows Remote Access Connection Manager Windows Remote Desktop Windows Remote Procedure Call Runtime Windows Server Service Windows Storage Spaces Controller Windows WLAN Auto Config Service |
Table 2: Vulnerable versions
Microsoft has released patches to address these vulnerabilities, organizations are encouraged to apply patches as soon as possible.