- Get four Apple AirTags for just $73 with this Black Friday deal
- I tested Beats' new Pill speaker and it delivered gloriously smooth sound (and it's on sale for Black Friday)
- These Sony headphones are a fan favorite - and $150 off for Black Friday
- I tested a 'luxury' nugget ice maker, and it's totally worth it - plus it's $150 off for Black Friday
- The Dyson Airwrap is $120 off ahead of Black Friday - finally
Tripwire Patch Priority Index for May 2022 | The State of Security
Tripwire’s May 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
First on the patch priority list this month are 2 remote code execution vulnerabilities for Excel and a security feature bypass vulnerability for Office.
Up next are patches that affect components of the Windows operating systems. These patches resolve over 40 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, Media Center, Print Spooler, LSA, Remote Desktop, Graphics, Storage Spaces Direct, Network File System, Point-to-Point Tunneling Protocol, RPC, Kerberos, Bitlocker, ALPC, Fax, WLAN AutoConfig, and others.
Next are patches for the .NET, Visual Studio, and Visual Studio Code that resolve denial of service and remote code execution vulnerabilities.
Lastly, administrators should focus on server-side patches for Hyper-V, LDAP, Windows Cluster Shared Volume (CSV), SharePoint, Active Directory, and Exchange. These patches resolve remote code execution, spoofing, elevation of privilege, information disclosure, and denial of service vulnerabilities.
| BULLETIN | CVE |
| Microsoft Office Excel | CVE-2022-29110, CVE-2022-29109 |
| Microsoft Office | CVE-2022-29107 |
| Windows | CVE-2022-29126, CVE-2022-29105, CVE-2022-29113, CVE-2022-22016, CVE-2022-26925, CVE-2022-22017, CVE-2022-26940, CVE-2022-26938, CVE-2022-26939, CVE-2022-26932, CVE-2022-26937, CVE-2022-26936, CVE-2022-26934, CVE-2022-29112, CVE-2022-22011, CVE-2022-26927, CVE-2022-29142, CVE-2022-29133, CVE-2022-29116, CVE-2022-21972, CVE-2022-23270, CVE-2022-22019, CVE-2022-22015, CVE-2022-29972, CVE-2022-26926, CVE-2022-26913, CVE-2022-26931, CVE-2022-29125, CVE-2022-29132, CVE-2022-29104, CVE-2022-29140, CVE-2022-29114, CVE-2022-29127, CVE-2022-29103, CVE-2022-26930, CVE-2022-23279, CVE-2022-29115, CVE-2022-29121, CVE-2022-26935, CVE-2022-26933 |
| Visual Studio Code | CVE-2022-30129 |
| Visual Studio | CVE-2022-29148 |
| .NET Framework | CVE-2022-30130 |
| .NET and Visual Studio | CVE-2022-29145, CVE-2022-29117, CVE-2022-23267 |
| Windows Cluster Shared Volume (CSV) | CVE-2022-29151, CVE-2022-29135, CVE-2022-29150, CVE-2022-29138, CVE-2022-29134, CVE-2022-29120, CVE-2022-29122, CVE-2022-29123 |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29141, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-22012, CVE-2022-29129, CVE-2022-29139, CVE-2022-29128, CVE-2022-22013, CVE-2022-22014 |
| Role: Windows Hyper-V | CVE-2022-22713, CVE-2022-24466, CVE-2022-29106 |
| Windows Active Directory | CVE-2022-26923 |
| Microsoft Office SharePoint | CVE-2022-29108 |
| Microsoft Exchange Server | CVE-2022-21978 |
