Press Release

Microsoft’s May 2022 Patch Tuesday Comment addresses 73 CVEs

“This month’s Patch Tuesday release includes fixes for 73 CVEs — six that are rated critical, 66 rated important and one rated low.

 

“Microsoft patched CVE-2022-26925, a spoofing vulnerability in Windows Local Security Authority (LSA). According to Microsoft, this vulnerability has been exploited in the wild as a zero-day. While the flaw is rated as important and was assigned a CVSSv3 score of 8.1, if this vulnerability is chained with other NTLM Relay attacks like PetitPotam, the CVSSv3 score would increase to 9.8, elevating the severity of this flaw to critical. The complexity of exploiting this flaw is considered high because exploitation requires an attacker to be seated as an attacker-in-the-middle. In addition to patching this flaw, organizations should refer to KB5005413 for ways to mitigate NTLM Relay Attacks against Active Directory Certificate Services (AD CS). 

“Additionally, there were several Windows Print Spooler vulnerabilities patched this month, including two information disclosure flaws (CVE-2022-29114, CVE-2022-29140) and two elevation of privilege flaws (CVE-2022-29104, CVE-2022-29132). All of the flaws are rated as important, and two of the three are considered more likely to be exploited. Windows Print Spooler continues to remain a valuable target for attackers since PrintNightmare was disclosed nearly a year ago. Elevation of Privilege flaws in particular should be carefully prioritized, as we’ve seen ransomware groups like Conti favor them as part of its playbook.”– Satnam Narang, staff research engineer at Tenable

Leave a Response