Login
Get a Demo
Become a Partner
SOCRadar® Cyber Intelligence Inc. | Microsoft May 2022 Patch Tuesday: Three Zero-Days Total 75 Vulnerabilities Fixed
Table Of Content
Home

Resources

Blog
May 11, 2022
3 Mins Read

Microsoft May 2022 Patch Tuesday: Three Zero-Days Total 75 Vulnerabilities Fixed

Microsoft has released the May 2022 Patch Tuesday. The patches fix three zero-day vulnerabilities, one of which is actively exploited, and 75 vulnerabilities. According to the released security update, eight vulnerabilities are rated as “critical” and sixty-six as “important.”

The categories of some of the vulnerabilities fixed in the May 2022 Patch Tuesday are as follows:

  • 26 Remote Code Execution vulnerability
  • 21 Privilege Escalation vulnerability
  • 17 Information Disclosure vulnerability
  • 6 Denial of Service vulnerability

Through SOCRadar’s easy-to-use Vulnerability Intelligence dashboard, obtain insights into which vulnerabilities are being used by threat actors and get a threat landscape-centric picture of global vulnerability trends to better prioritize patching.

One of the Zero-Days is Actively Exploited

One of the zero-day vulnerabilities fixed with May 2022 Patch Tuesday is the Windows LSA Spoofing vulnerability with code CVE-2022-26925. In its security advisory, Microsoft states that threat actors can exploit this vulnerability to block authentication requests and use them to gain privilege escalation, assuming the identity of a domain controller.

Other fixed zero-day vulnerabilities are CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability and SynLapse alias CVE-2022-29972 Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver Vulnerability.

Some of the vulnerabilities considered “critical,” and “important” are:

  • CVE-2022-26937 (CVSS 9.8): Windows Network File System RCE Vulnerability
  • CVE-2022-22012 (CVSS: 9.8): Windows LDAP RCE Vulnerability
  • CVE-2022-26927 (CVSS 8.8): Windows Graphics Component RCE Vulnerability
  • CVE-2022-29133 (CVSS 8.8): Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2022-22019 (CVSS 8.8): Remote Procedure Call Runtime RCE Vulnerability
  • CVE-2022-30129 (CVSS 8.8): Visual Studio RCE Vulnerability
  • CVE-2022-29108 (CVSS 8.8): Microsoft SharePoint Server RCE Vulnerability

Update Immediately

Cybersecurity experts state that, following Microsoft’s release of May 2022 Patch Tuesday, threat actors will also begin to develop new exploit methods by analyzing updates. That’s why the immediate application of patches is of great importance.

Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.
Get free access.

Related Articles
SOCRadar® Cyber Intelligence Inc. | Major Cyber Attacks in Review: March 2024
Major Cyber Attacks in Review: March 2024
Nis 16, 2024
SOCRadar® Cyber Intelligence Inc. | Cyber Reflections of Iran's Attack on Israel
Cyber Reflections of Iran's Attack on Israel
Nis 15, 2024
SOCRadar® Cyber Intelligence Inc. | Critical PHP Vulnerabilities: Update Now to Prevent Takeovers and Command Injection (CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, CVE-2024-2757)
Critical PHP Vulnerabilities: Update Now to Prevent Takeovers and Command Injection (CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, CVE-2024-2757)
Nis 15, 2024
SOCRadar® Cyber Intelligence Inc. | Critical OS Command Injection Vulnerability in Palo Alto's GlobalProtect Gateway: CVE-2024-3400. The patch is not available yet.
Critical OS Command Injection Vulnerability in Palo Alto's GlobalProtect Gateway: CVE-2024-3400. The patch is not available yet.
Nis 12, 2024
SOCRadar® Cyber Intelligence Inc. | Microsoft’s April 2024 Patch Tuesday, 149 Vulnerabilities Patched, Including 2 Zero-Day Vulnerabilities
Microsoft’s April 2024 Patch Tuesday, 149 Vulnerabilities Patched, Including 2 Zero-Day Vulnerabilities
Nis 10, 2024