11 May 2022

Microsoft May 2022 Patch Tuesday fixes over 70 bugs, including Windows zero-day


Microsoft May 2022 Patch Tuesday fixes over 70 bugs, including Windows zero-day

Microsoft has released its latest round of security updates for its software products that address a total of 75 security vulnerabilities, including a bug in the Windows LSA service that was being actively exploited by hackers.

The flaw, tracked as CVE-2022-26925, exists within the Windows LSA service. A remote attacker can call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. As a result, an attacker can obtain credentials and compromise the affected system via the NTLM Relay Attack. The bug affects versions of Windows 7 through 11 21H2, Windows Server v2008 - 2022.

In addition, Microsoft has also fixed two publicly exposed vulnerabilities, a denial of service vulnerability in Hyper-V (CVE-2022-22713) and a remote code execution vulnerability in Azure Synapse and Azure Data Factory (CVE-2022-29972).

May 2022 Patch Tuesday updates include fixes for a number of high-severity vulnerabilities in Windows OS and its components, the .NET and Visual Studio platforms, Exel, Microsoft Windows Media Foundation, Remote Desktop Client, NTFS, and other software.

Back to the list

Latest Posts

Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks

Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks

The suspect registered 240 domains, 50 of which were used as command-and-control domains for the ISRStealer, Pony, and LokiBot malware.
26 May 2022
US automaker General Motors hit with credential stuffing attack

US automaker General Motors hit with credential stuffing attack

Social Security numbers and driver’s license details weren’t compromised, the company said.
25 May 2022
Popular Python and PHP libraries altered to steal AWS keys

Popular Python and PHP libraries altered to steal AWS keys

In both cases the attacker appears to have taken over packages that have not been updated in a while.
25 May 2022