• Home
  • About
  • Contact us
  • Submit a News Releases
Tech News, Magazine & Review WordPress Theme 2017
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
Technovanguard — Be at the forefront of technology news
No Result
View All Result

Microsoft Patch Tuesday, May 2022 Edition

Justin Rowell by Justin Rowell
30.05.2022
Home Security

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows.

By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925, a weakness in a central component of Windows security (the “Local Security Authority” process within Windows). CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild. The flaw affects Windows 7 through 10 and Windows Server 2008 through 2022.

Greg Wiseman, product manager for Rapid7, said Microsoft has rated this vulnerability as important and assigned it a CVSS (danger) score of 8.1 (10 being the worst), although Microsoft notes that the CVSS score can be as high as 9.8 in certain situations.

“This allows attackers to perform a man-in-the-middle attack to force domain controllers to authenticate to the attacker using NTLM authentication,” Wiseman said. “This is very bad news when used in conjunction with an NTLM relay attack, potentially leading to remote code execution. This bug affects all supported versions of Windows, but Domain Controllers should be patched on a priority basis before updating other servers.”

Wiseman said the most recent time Microsoft patched a similar vulnerability — last August in CVE-2021-36942 — it was also being exploited in the wild under the name “PetitPotam.”

“CVE-2021-36942 was so bad it made CISA’s catalog of Known Exploited Vulnerabilities,” Wiseman said.

Seven of the flaws fixed today earned Microsoft’s most-dire “critical” label, which it assigns to vulnerabilities that can be exploited by malware or miscreants to remotely compromise a vulnerable Windows system without any help from the user.

Among those is CVE-2022-26937, which carries a CVSS score of 9.8, and affects services using the Windows Network File System (NFS). Trend Micro’s Zero Day Initiative notes that this bug could allow remote, unauthenticated attackers to execute code in the context of the Network File System (NFS) service on affected systems.

“NFS isn’t on by default, but it’s prevalent in environment where Windows systems are mixed with other OSes such as Linux or Unix,” ZDI’s Dustin Childs wrote. “If this describes your environment, you should definitely test and deploy this patch quickly.”

Once again, this month’s Patch Tuesday is sponsored by Windows Print Spooler, a core Windows service that keeps spooling out the security hits. May’s patches include four fixes for Print Spooler, including two information disclosure and two elevation of privilege flaws.

“All of the flaws are rated as important, and two of the three are considered more likely to be exploited,” said Satnam Narang, staff research engineer at Tenable. “Windows Print Spooler continues to remain a valuable target for attackers since PrintNightmare was disclosed nearly a year ago. Elevation of Privilege flaws in particular should be carefully prioritized, as we’ve seen ransomware groups like Conti favor them as part of its playbook.”

Other Windows components that received patches this month include .NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office, Windows Hyper-V, Windows Authentication Methods, BitLocker, Remote Desktop Client, and Windows Point-to-Point Tunneling Protocol.

Also today, Adobe issued five security bulletins to address at least 18 flaws in Adobe CloudFusion, Framemaker, InCopy, InDesign, and Adobe Character Animator. Adobe said it is not aware of any exploits in the wild for any of the issues addressed in today’s updates.

For a more granular look at the patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the skinny on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these patches, please drop a note about it here in the comments.


Next Post
How to keep your kids safer at summer camp

How to keep your kids safer at summer camp

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

My experience with DuckDuckGo’s App Tracking Protection feature

My experience with DuckDuckGo’s App Tracking Protection feature

31.12.2021
Don’t Look Up Isn’t About Climate Change. It’s About Us

Don’t Look Up Isn’t About Climate Change. It’s About Us

15.12.2021

Trending.

LANL Publishes Guide to Quantum Computer Programming

LANL Publishes Guide to Quantum Computer Programming

15.06.2022
A Global Ocean Biogeochemical Observatory Becomes a Reality

A Global Ocean Biogeochemical Observatory Becomes a Reality

21.03.2022
ROCK5 Model B : une carte de dev sous RK3588

ROCK5 Model B : une carte de dev sous RK3588

13.01.2022
Pokemon Brilliant Diamond and Shining Pearl: All version-exclusive Pokemon and differences

Pokemon Brilliant Diamond and Shining Pearl: All version-exclusive Pokemon and differences

15.12.2021
7 Essentials You Need to Complete Your Twitch Streaming Setup

7 Essentials You Need to Complete Your Twitch Streaming Setup

15.12.2021
Technovanguard — Be at the forefront of technology news

Technovanguard - The latest news from the world of IT and modern technologies.

Categories

  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
  • Без рубрики

Tags

FEATUREDNEWS

Recent News

Free AI-powered skills and career service to help workers find their path

Free AI-powered skills and career service to help workers find their path

25.06.2022
Smile is the first horror movie in a long time with a genuinely scary trailer

Smile is the first horror movie in a long time with a genuinely scary trailer

25.06.2022
  • Home
  • About
  • Contact us
  • Submit a News Releases

© 2021 technovanguard.com.

No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space

© 2021 technovanguard.com.