Patch Tuesday is once again upon us. The May 2022 edition of Patch Tuesday brings us 76 fixes, with 6 rated as critical. We’ve listed the most important changes below.
⚡ TL;DR | Go Straight to the May 2022 Patch Tuesday Audit Report
Network File System RCE Repeat
Similar to last month’s Patch Tuesday, the most critical vulnerability again lies in the Windows Network File System (NFS). A new remote code execution vulnerability, CVE-2022-26937, has been detected with a CVSS base score of 9.8. Microsoft’s exploitability assessment also mentions that exploitation of this vulnerability is «More Likely». Attackers can exploit the vulnerability over the network by making an unauthenticated, specially crafted call to an NFS service to trigger a remote code execution.
Similar to last month, if you want to get a better view of which of your server have the NFS role installed, you can get a quick overview of all Windows Servers with the NFS role installed with the audit below.
Active Directory Services Elevation of Privilege
The second most critical vulnerability this month is in the Active Directory (AD) Domain. An authenticated user can exploit the vulnerability by manipulating attributes on computer accounts they have access to and acquire a certificate from Active Directory Certificate Services that allow elevation of privilege. Important to note is that you’re only at risk if you have Active Directory Certificate Services running on your domain, again something you can easily find out by looking servers with the Active Directory Certificate Services role installed.
CVE-2022-26923 has a CVSS base score of 8.8 and, similar to the previous vulnerability, is also listed as «More Likely» to be exploited.
Remote Desktop Client RCE
Third on the list is a remote desktop client remote code execution vulnerability. Listed as CVE-2022-22017 with a CVSS base score of 8.8 this vulnerability can be exploited if an attacker convinces a user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim’s system in the user’s context. As long as your access management is in order, even when exploited, the impact should be limited.
Run the Patch Tuesday May 2022 Audit Report
To help manage your update progress, we’ve created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to Lansweeper Cloud sites. Lansweeper Cloud is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday May 2022 CVE Codes & Titles
CVE Number | CVE Title |
CVE-2022-30130 | .NET Framework Denial of Service Vulnerability |
CVE-2022-30129 | Visual Studio Code Remote Code Execution Vulnerability |
CVE-2022-29151 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability |
CVE-2022-29150 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability |
CVE-2022-29148 | Visual Studio Remote Code Execution Vulnerability |
CVE-2022-29145 | .NET and Visual Studio Denial of Service Vulnerability |
CVE-2022-29142 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2022-29141 | Windows LDAP Remote Code Execution Vulnerability |
CVE-2022-29140 | Windows Print Spooler Information Disclosure Vulnerability |
CVE-2022-29139 | Windows LDAP Remote Code Execution Vulnerability |
CVE-2022-29138 | Windows Clustered Shared Volume Elevation of Privilege Vulnerability |
CVE-2022-29137 | Windows LDAP Remote Code Execution Vulnerability |
CVE-2022-29135 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability |
CVE-2022-29134 | Windows Clustered Shared Volume Information Disclosure Vulnerability |
CVE-2022-29133 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2022-29132 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-29131 | Windows LDAP Remote Code Execution Vulnerability |
CVE-2022-29130 | Windows LDAP Remote Code Execution Vulnerability |
CVE-2022-29129 | Windows LDAP Remote Code Execution Vulnerability |
CVE-2022-29128 | Windows LDAP Remote Code Execution Vulnerability |
CVE-2022-29127 | BitLocker Security Feature Bypass Vulnerability |
CVE-2022-29126 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability |
CVE-2022-29125 | Windows Push Notifications Apps Elevation of Privilege Vulnerability |
CVE-2022-29123 | Windows Clustered Shared Volume Information Disclosure Vulnerability |
CVE-2022-29122 | Windows Clustered Shared Volume Information Disclosure Vulnerability |
CVE-2022-29121 | Windows WLAN AutoConfig Service Denial of Service Vulnerability |
CVE-2022-29120 | Windows Clustered Shared Volume Information Disclosure Vulnerability |
CVE-2022-29117 | .NET and Visual Studio Denial of Service Vulnerability |
CVE-2022-29116 | Windows Kernel Information Disclosure Vulnerability |
CVE-2022-29115 | Windows Fax Service Remote Code Execution Vulnerability |
CVE-2022-29114 | Windows Print Spooler Information Disclosure Vulnerability |
CVE-2022-29113 | Windows Digital Media Receiver Elevation of Privilege Vulnerability |
CVE-2022-29112 | Windows Graphics Component Information Disclosure Vulnerability |
CVE-2022-29110 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2022-29109 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2022-29108 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
CVE-2022-29107 | Microsoft Office Security Feature Bypass Vulnerability |
CVE-2022-29106 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability |
CVE-2022-29105 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
CVE-2022-29104 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-29103 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
CVE-2022-29102 | Windows Failover Cluster Information Disclosure Vulnerability |
CVE-2022-26940 | Remote Desktop Protocol Client Information Disclosure Vulnerability |
CVE-2022-26939 | Storage Spaces Direct Elevation of Privilege Vulnerability |
CVE-2022-26938 | Storage Spaces Direct Elevation of Privilege Vulnerability |
CVE-2022-26937 | Windows Network File System Remote Code Execution Vulnerability |
CVE-2022-26936 | Windows Server Service Information Disclosure Vulnerability |
CVE-2022-26935 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability |
CVE-2022-26934 | Windows Graphics Component Information Disclosure Vulnerability |
CVE-2022-26933 | Windows NTFS Information Disclosure Vulnerability |
CVE-2022-26932 | Storage Spaces Direct Elevation of Privilege Vulnerability |
CVE-2022-26931 | Windows Kerberos Elevation of Privilege Vulnerability |
CVE-2022-26930 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
CVE-2022-26927 | Windows Graphics Component Remote Code Execution Vulnerability |
CVE-2022-26926 | Windows Address Book Remote Code Execution Vulnerability |
CVE-2022-26925 | Windows LSA Spoofing Vulnerability |
CVE-2022-26923 | Active Directory Domain Services Elevation of Privilege Vulnerability |
CVE-2022-26913 | Windows Authentication Security Feature Bypass Vulnerability |
CVE-2022-26788 | PowerShell Elevation of Privilege Vulnerability |
CVE-2022-24513 | Visual Studio Elevation of Privilege Vulnerability |
CVE-2022-24466 | Windows Hyper-V Security Feature Bypass Vulnerability |
CVE-2022-23279 | Windows ALPC Elevation of Privilege Vulnerability |
CVE-2022-23270 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
CVE-2022-23267 | .NET and Visual Studio Denial of Service Vulnerability |
CVE-2022-22713 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2022-22019 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2022-22017 | Remote Desktop Client Remote Code Execution Vulnerability |
CVE-2022-22016 | Windows PlayToManager Elevation of Privilege Vulnerability |
CVE-2022-22015 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
CVE-2022-22014 | Windows LDAP Remote Code Execution Vulnerability |
CVE-2022-22013 | Windows LDAP Remote Code Execution Vulnerability |
CVE-2022-22012 | Windows LDAP Remote Code Execution Vulnerability |
CVE-2022-22011 | Windows Graphics Component Information Disclosure Vulnerability |
CVE-2022-21978 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
CVE-2022-21972 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
CVE-2022-1096 | Chromium: CVE-2022-1096 Type Confusion in V8 |