Microsoft has released its latest round of security updates for its software products that address a total of 75 security vulnerabilities, including a bug in the Windows LSA service that was being actively exploited by hackers.
The flaw, tracked as CVE-2022-26925, exists within the Windows LSA service. A remote attacker can call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. As a result, an attacker can obtain credentials and compromise the affected system via the NTLM Relay Attack. The bug affects versions of Windows 7 through 11 21H2, Windows Server v2008 - 2022.
In addition, Microsoft has also fixed two publicly exposed vulnerabilities, a denial of service vulnerability in Hyper-V (CVE-2022-22713) and a remote code execution vulnerability in Azure Synapse and Azure Data Factory (CVE-2022-29972).
May 2022 Patch Tuesday updates include fixes for a number of high-severity vulnerabilities in Windows OS and its components, the .NET and Visual Studio platforms, Exel, Microsoft Windows Media Foundation, Remote Desktop Client, NTFS, and other software.