SOCRadar® Cyber Intelligence Inc. | Microsoft May 2022 Patch Tuesday: Three Zero-Days Total 75 Vulnerabilities Fixed
Table Of Content
Home

Resources

Blog
May 11, 2022
3 Mins Read

Microsoft May 2022 Patch Tuesday: Three Zero-Days Total 75 Vulnerabilities Fixed

Microsoft has released the May 2022 Patch Tuesday. The patches fix three zero-day vulnerabilities, one of which is actively exploited, and 75 vulnerabilities. According to the released security update, eight vulnerabilities are rated as “critical” and sixty-six as “important.”

The categories of some of the vulnerabilities fixed in the May 2022 Patch Tuesday are as follows:

  • 26 Remote Code Execution vulnerability
  • 21 Privilege Escalation vulnerability
  • 17 Information Disclosure vulnerability
  • 6 Denial of Service vulnerability

Through SOCRadar’s easy-to-use Vulnerability Intelligence dashboard, obtain insights into which vulnerabilities are being used by threat actors and get a threat landscape-centric picture of global vulnerability trends to better prioritize patching.

One of the Zero-Days is Actively Exploited

One of the zero-day vulnerabilities fixed with May 2022 Patch Tuesday is the Windows LSA Spoofing vulnerability with code CVE-2022-26925. In its security advisory, Microsoft states that threat actors can exploit this vulnerability to block authentication requests and use them to gain privilege escalation, assuming the identity of a domain controller.

Other fixed zero-day vulnerabilities are CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability and SynLapse alias CVE-2022-29972 Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver Vulnerability.

Some of the vulnerabilities considered “critical,” and “important” are:

  • CVE-2022-26937 (CVSS 9.8): Windows Network File System RCE Vulnerability
  • CVE-2022-22012 (CVSS: 9.8): Windows LDAP RCE Vulnerability
  • CVE-2022-26927 (CVSS 8.8): Windows Graphics Component RCE Vulnerability
  • CVE-2022-29133 (CVSS 8.8): Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2022-22019 (CVSS 8.8): Remote Procedure Call Runtime RCE Vulnerability
  • CVE-2022-30129 (CVSS 8.8): Visual Studio RCE Vulnerability
  • CVE-2022-29108 (CVSS 8.8): Microsoft SharePoint Server RCE Vulnerability

Update Immediately

Cybersecurity experts state that, following Microsoft’s release of May 2022 Patch Tuesday, threat actors will also begin to develop new exploit methods by analyzing updates. That’s why the immediate application of patches is of great importance.

Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.
Get free access.

Related Articles
SOCRadar® Cyber Intelligence Inc. | Financial Software Company Finastra Investigates Recent Security Incident
Financial Software Company Finastra Investigates Recent Security Incident
Nov 21, 2024
SOCRadar® Cyber Intelligence Inc. | Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems; OSS-Fuzz Finds 26 Hidden Flaws
Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems; OSS-Fuzz Finds 26 Hidden Flaws
Nov 21, 2024
SOCRadar® Cyber Intelligence Inc. | Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities
Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities
Nov 20, 2024
SOCRadar® Cyber Intelligence Inc. | Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474)
Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474)
Nov 19, 2024
SOCRadar® Cyber Intelligence Inc. | Google’s Cybersecurity Forecast 2025 (Key Insights and Trends for the Year Ahead)
Google’s Cybersecurity Forecast 2025 (Key Insights and Trends for the Year Ahead)
Nov 14, 2024