11 May 2022

Microsoft May 2022 Patch Tuesday fixes over 70 bugs, including Windows zero-day


Microsoft May 2022 Patch Tuesday fixes over 70 bugs, including Windows zero-day

Microsoft has released its latest round of security updates for its software products that address a total of 75 security vulnerabilities, including a bug in the Windows LSA service that was being actively exploited by hackers.

The flaw, tracked as CVE-2022-26925, exists within the Windows LSA service. A remote attacker can call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. As a result, an attacker can obtain credentials and compromise the affected system via the NTLM Relay Attack. The bug affects versions of Windows 7 through 11 21H2, Windows Server v2008 - 2022.

In addition, Microsoft has also fixed two publicly exposed vulnerabilities, a denial of service vulnerability in Hyper-V (CVE-2022-22713) and a remote code execution vulnerability in Azure Synapse and Azure Data Factory (CVE-2022-29972).

May 2022 Patch Tuesday updates include fixes for a number of high-severity vulnerabilities in Windows OS and its components, the .NET and Visual Studio platforms, Exel, Microsoft Windows Media Foundation, Remote Desktop Client, NTFS, and other software.

Back to the list

Latest Posts

Cyber security week in review: August 5, 2022

Cyber security week in review: August 5, 2022

The cybersecurity world in brief: Two crypto platforms targeted in multimillion-dollar attacks, hackers exploited an Atlassian Confluence bug to install a never-before-seen backdoor, and more.
5 August 2022
Threat actors exploit Atlassian Confluence bug to install a never-before-seen backdoor

Threat actors exploit Atlassian Confluence bug to install a never-before-seen backdoor

Ljl Backdoor is a fully-featured malware designed to gather files and user accounts, as well as system information.
4 August 2022
Thousands of Solana wallets drained in yet another multimillion exploit

Thousands of Solana wallets drained in yet another multimillion exploit

More than 8,000 wallets have been affected in the hack.
3 August 2022