Microsoft has released patches for 75 vulnerabilities with eight classified as critical including three zerodays and rest are classified as important. One of the zero-day vulnerability (CVE-2022-26925) have been actively exploited.  

In May 2022 Microsoft has fixed problems of Privilege Elevation, Security Feature Bypass, Remote Code Execution, Information Disclosure, Denial of Service and Spoofing Vulnerability.

In the month of May 22, the F5 resolved a total of 43 vulnerabilities, the most serious of which is a critical vulnerability identified as CVE-2022-1388 (CVSS score of 9.8). Unauthenticated attackers with network access to the F5 BIG-IP system via the management port and/or self IP addresses can use the CVE-20221388 flaw to run arbitrary system commands, create or delete files, and disable services. In other words, the attacker can take complete control over the affected device. This weakness is being actively exploited.

Oracle has released its Critical Patch Update (CPU) for the month of Apr 2022. This CPU contains 520 patches, fixes for 221 vulnerabilities including 77 critical patches, spanning 31 Oracle product families. 

Among the vulnerabilities addressed in this CPU, CVE-2022-22947 and CVE-2022-21431 are given highest CVSS3 scoring of 10. Both can be exploited without authentication through network access. Exploitation of CVE-2022-21431 could impact additional products. 

Microsoft has released patches for 128 vulnerabilities (excluding 26 Microsoft Edge vulnerabilities) with ten classified as critical including two zero-days and rest are classified as important. One of the zero-day vulnerability (CVE-2022-24521) has been actively exploited.  

In Apr 2022 Microsoft has fixed problems of Elevation of Privilege, Security Feature Bypass, Remote code execution (RCE), Information Disclosure, Denial of Service, and Spoofing Vulnerabilities.

VMware has released security update for- VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, vRealize Suite Lifecycle Manager, and VMware Horizon Client for Linux to address the multiple critical vulnerabilities.

These security flaws could result in a variety of negative effects, including remote code execution, authentication bypass, cross site request forgery, privilege escalation to root, and information disclosure.

Mozilla has released critical security updates for Firefox, Firefox ESR, and Thunderbird, addressing multiple vulnerabilities. Most severe of discovered vulnerabilities could allow remote code execution on successful exploitation. 

Other discovered vulnerabilities, may allow attacker to install applications, edit or delete data, or create new accounts with full user rights.

Google has released Chrome version 100.0.4896.60. Which, among other things, addresses 28 security flaws. None of the 28 vulnerabilities have been classified as critical, although nine have been classified as having a high severity.

With this release, a number of fixes and improvements have been made, including the safety check, enhanced safe browsing, and the ability to control how websites access your location and device.

Microsoft has released patches for 71 vulnerabilities (excluding 21 Microsoft Edge vulnerabilities) with three classified as critical and rest sixty eight are classified as important including three zero-days. Fortunately, none of these (zero-days) vulnerabilities have been actively exploited. Though, public exploit code for two of them (CVE-2022-21990 and CVE-2022-24459) is available.

VMware has released a critical security update for its ESXi, Fusion, Workstation products, and VMware Cloud Foundation versions to address the multiple vulnerabilities. Attackers could gain access to workloads inside virtual environments by exploiting the vulnerability.

These security flaws could result in a variety of negative effects, including command execution, escalate privilege, misuse the service settingsd as a high-privileged user and denial-of-service attacks.