Microsoft May 2022 Patch Tuesday fixes three zero-days, 75 flaws

As part of its May monthly update round, Microsoft has issued fixes for three zero-day vulnerabilities and 75 flaws. Of the 75 vulnerabilities fixed in the update, eight are classified as ‘Critical’ as they allow remote code execution or elevation of privileges.

 

The Patch Tuesday includes fixes for three zero-day vulnerabilities, with one actively exploited and the others publicly disclosed. Microsoft classifies a vulnerability as a zero-day if publicly disclosed or actively exploited with no official fix.

 

The actively exploited zero-day vulnerability, tracked as ‘CVE-2022-26925 - Windows LSA Spoofing Vulnerability,’ can be used by an unauthenticated attacker for a new NTLM Relay Attack using an LSARPC flaw to coerce the domain controller and authenticate to the attacker using NTLM. The security update will detect anonymous connection attempts in LSARPC and disallows them.

 

Using this attack, threat actors can intercept legitimate authentication requests and use them to gain elevated privileges, even assuming the identity of a domain controller. Microsoft recommends admins read the PetitPotam NTLM Relay advisory for information on mitigating these types of attacks. Microsoft also urged companies to patch all domain controllers as soon as possible.

 

The other two publicly disclosed flaws are CVE-2022-29972, a critical remote code execution (RCE) vulnerability in Insight Software’s Magnitude Simba Amazon Redshift ODBC Driver, and CVE-2022-22713, a denial of service vulnerability in Hyper-V.