VERT Threat Alert: May 2022 Patch Tuesday Analysis | The State of Security


Today’s VERT Alert addresses Microsoft’s May 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1002 on Wednesday, May 11th.

CVE-2022-26925

In-The-Wild & Disclosed CVEs

Based on Microsoft’s limited documentation, this appears to be a resurgence and/or improved version of PetitPotam. This month’s security guidance links to both the advisory and KB previously released for PetitPotam. Microsoft has described this as a man-in-the-middle attack, which makes the CVSS Attack Complexity metric High, lowering the CVSS score to 8.1.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2022-29972

This vulnerability exists within a third-party Open Database Connectivity (ODBC) driver that is used within Azure Data Factory and Azure Synapse pipelines. Microsoft has released a blog post detailing the issue and the mitigations they applied as well as providing the detections they have made available via Microsoft Defender for Endpoint and Microsoft Defender Antivirus. In addition to the blog post, Microsoft also released an advisory about upcoming improvements.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE-2022-22713

A race condition in Microsoft Hyper-V could lead to a denial of service. Based on the security guidance only Windows 10 20H2, 21H1, and 21H2, along with Windows Server 20H2 are impacted by this vulnerability.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be bold.
Tag CVE Count CVEs
Tablet Windows User Interface 1 CVE-2022-29126
Windows Push Notifications 1 CVE-2022-29125
Windows Media 3 CVE-2022-22016, CVE-2022-29105, CVE-2022-29113
Microsoft Local Security Authority Server (lsasrv) 1 CVE-2022-26925
Remote Desktop Client 2 CVE-2022-26940, CVE-2022-22017
Visual Studio 1 CVE-2022-29148
Windows Storage Spaces Controller 3 CVE-2022-26932, CVE-2022-26938, CVE-2022-26939
Windows Network File System 1 CVE-2022-26937
Microsoft Office SharePoint 1 CVE-2022-29108
Visual Studio Code 1 CVE-2022-30129
Microsoft Office Excel 2 CVE-2022-29109, CVE-2022-29110
Microsoft Graphics Component 4 CVE-2022-26927, CVE-2022-26934, CVE-2022-22011, CVE-2022-29112
Windows Remote Access Connection Manager 2 CVE-2022-26930, CVE-2022-29103
Microsoft Exchange Server 1 CVE-2022-21978
Windows Server Service 1 CVE-2022-26936
Microsoft Office 1 CVE-2022-29107
Windows Remote Procedure Call Runtime 1 CVE-2022-22019
Windows Remote Desktop 1 CVE-2022-22015
Windows Failover Cluster Automation Server 1 CVE-2022-29102
Windows Active Directory 1 CVE-2022-26923
Self-hosted Integration Runtime 1 CVE-2022-29972
Windows Address Book 1 CVE-2022-26926
.NET Framework 1 CVE-2022-30130
.NET and Visual Studio 3 CVE-2022-23267, CVE-2022-29117, CVE-2022-29145
Windows Authentication Methods 1 CVE-2022-26913
Windows Kerberos 1 CVE-2022-26931
Windows Point-to-Point Tunneling Protocol 2 CVE-2022-21972, CVE-2022-23270
Windows Print Spooler Components 4 CVE-2022-29104, CVE-2022-29114, CVE-2022-29132, CVE-2022-29140
Role: Windows Hyper-V 3 CVE-2022-22713, CVE-2022-24466, CVE-2022-29106
Windows BitLocker 1 CVE-2022-29127
Windows Kernel 3 CVE-2022-29133, CVE-2022-29142, CVE-2022-29116
Microsoft Windows ALPC 1 CVE-2022-23279
Role: Windows Fax Service 1 CVE-2022-29115
Windows WLAN Auto Config Service 2 CVE-2022-26935, CVE-2022-29121
Windows LDAP – Lightweight Directory Access Protocol 10 CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141
Windows Cluster Shared Volume (CSV) 8 CVE-2022-29134, CVE-2022-29135, CVE-2022-29138, CVE-2022-29120, CVE-2022-29122, CVE-2022-29123, CVE-2022-29150, CVE-2022-29151
Windows NTFS 1 CVE-2022-26933

Other Information

There were no new advisories included with the May Security Guidance.



Source link