Zero-day Vulnerabilities – Microsoft May Patch Day

May month’s Patch Tuesday updates have arrived. We look at the key zero-day threats you ought to be aware of.

Zero-day Vulnerabilities for May 2022 from Microsoft

CVE-2022-22713 – Windows Hyper-V Denial of Service Vulnerability

CVSS score of this vulnerability is 5.6. The attack complexity for this threat is rated as AC:H or high. It requires an attacker to win race condition. The vulnerability affects the following Windows installations:

  • Windows 10 version 21H2 for x64 systems
  • Windows Server 20H2 Server Core Installation
  • Windows 10 version 20H2 for x64 systems
  • Windows 10 version 21H1 for x64 systems

KB5013942 resolves the vulnerability on affected Windows 10 and Windows Server 20H2 Server Core Installation.

CVE-2022-26925 – Windows LSA Spoofing Vulnerability

This vulnerability has a CVSS score of 8.1. When you combine it with the NTLM Relay vulnerability, the combined CVSS score becomes 9.8. It leads to critical severity for the infrastructure. You need to be aware of the following salient points about CVE-2022-26925:

  • CVE-2022-26925 is a zero-day vulnerability with a critical impact.
  • Domain controllers are prone to this attack. All domain controllers on the network ought to be patched on a priority basis.
  • The vulnerability can lead to man-in-the-middle attack. The attacker needs to position himself between the target and the source.
  • Attack complexity is AC: H or high since it requires a man in the middle situation.

CVE-2022-26925 affects the following Windows versions:

  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows RT 8.1
  • Windows 8.1 for x64-based systems
  • Windows 8.1 for 32-bit systems
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows Server 2016  (Server Core installation)
  • Windows Server 2016
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 for 32-bit Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 11 for ARM64-based Systems
  • Windows 11 for x64-based Systems
  • Windows Server, version 20H2 (Server Core Installation)
  • Windows 10 Version 20H2 for ARM64-based Systems
  • Windows 10 Version 20H2 for 32-bit Systems
  • Windows 10 Version 20H2 for x64-based Systems
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems
  • Windows 10 Version 21H1 for ARM64-based Systems
  • Windows 10 Version 21H1 for x64-based Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows Server 2019  (Server Core installation)
  • Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems

Another zero-day vulnerability affects the Insight Software. The vulnerability is CVE-2022-29972 – Magnitude Simba Amazon Redshift ODBC Driver. It has a critical impact on the infrastructure.

Other vulnerabilities in May Updates for Microsoft

There are, in all, 75 vulnerabilities that have been listed by Microsoft. The full list of 76 vulnerabilities is mentioned below for ready reference on the Microsoft update website. You should be also aware of the 24 Remote Code Execution vulnerabilities that have been shared as part of the May updates by Microsoft. These RCE vulnerabilities are mentioned below:

  • CVE-2022-22012 Windows LDAP Remote Code Execution Vulnerability
  • CVE-2022-22013 Windows LDAP Remote Code Execution Vulnerability
  • CVE-2022-22014 Windows LDAP Remote Code Execution Vulnerability
  • CVE-2022-22017 Remote Desktop Client Remote Code Execution Vulnerability
  • CVE-2022-22019 Remote Procedure Call Runtime Remote Code Execution Vulnerability
  • CVE-2022-26926 Windows Address Book Remote Code Execution Vulnerability
  • CVE-2022-26927 Windows Graphics Component Remote Code Execution Vulnerability
  • CVE-2022-26937 Windows Network File System Remote Code Execution Vulnerability
  • CVE-2022-29105 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  • CVE-2022-29108 Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2022-29109 Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2022-29110 Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2022-29115 Windows Fax Service Remote Code Execution Vulnerability
  • CVE-2022-29128 Windows LDAP Remote Code Execution Vulnerability
  • CVE-2022-29129 Windows LDAP Remote Code Execution Vulnerability
  • CVE-2022-29130 Windows LDAP Remote Code Execution Vulnerability
  • CVE-2022-29131 Windows LDAP Remote Code Execution Vulnerability
  • CVE-2022-29137 Windows LDAP Remote Code Execution Vulnerability
  • CVE-2022-29139 Windows LDAP Remote Code Execution Vulnerability
  • CVE-2022-29141 Windows LDAP Remote Code Execution Vulnerability
  • CVE-2022-29148 Visual Studio Remote Code Execution Vulnerability
  • CVE-2022-30129 Visual Studio Code Remote Code Execution Vulnerability
  • CVE-2022-21972 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
  • CVE-2022-23270 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Summary

Out of these two zero-day vulnerabilities, CVE-2022-26925 is more significant and can impact the domain controllers and other servers. It is advised to patch the servers with the corresponding security updates released as part of the ‘Patch Tuesday’ for May 2022.