Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Webinar Library

Latest Blogs

Recent Security Features in Active Directory You Probably Aren't Using

Active Directory security features you probably aren’t using and more in my sessions at The Experts Conference 2019

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Top Resources

Security Log

Additional Resources

May, 2022: Patch Tuesday: 3 Zero Days

Welcome to my May Patch Tuesday newsletter. The CVE count this month was much lower but we do have patches that need attention. There are three zero-day vulnerabilities addressed (highlighted in yellow in the chart). Of the three, CVE-2022-26295 is our priority one this Patch Tuesday. It is not only public but it is also being actively exploited. I'm also highlighting in blue a few CVE's in chart below. Microsoft gives these an "Exploitation More Likely" assessment so these need to be addressed as well. Affecting Windows technology in the chart below are 7 critical CVE's (CVE-2022-21972, CVE-2022-22017, CVE-2022-23270, CVE-2022-26923, CVE-2022-26931, CVE-2022-26937) and another critical affecting Azure Self-hosted Integration Runtime. These are all of our high priority CVE's for the month. We recommend anything that is highlighted in the chart below to be tested and applied as soon as possible.

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 7, 8.1, RT 8.1, 10, 11 Server 2008 SP2, 2008R2, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations Remote Desktop Client	Critical	CVE-2022-21972 CVE-2022-22011 CVE-2022-22012 CVE-2022-22013 CVE-2022-22014 CVE-2022-22015 CVE-2022-22016 CVE-2022-22017 CVE-2022-22019 CVE-2022-22713 CVE-2022-23270 CVE-2022-23279 CVE-2022-24466 CVE-2022-26913 CVE-2022-26923 CVE-2022-26925** CVE-2022-26926 CVE-2022-26927 CVE-2022-26930 CVE-2022-26931 CVE-2022-26932 CVE-2022-26933 CVE-2022-26934 CVE-2022-26935 CVE-2022-26936 CVE-2022-26937 CVE-2022-26938 CVE-2022-26939 CVE-2022-26940 CVE-2022-29102 CVE-2022-29103 CVE-2022-29104 CVE-2022-29105 CVE-2022-29106 CVE-2022-29112 CVE-2022-29113 CVE-2022-29114 CVE-2022-29115 CVE-2022-29116 CVE-2022-29120 CVE-2022-29121 CVE-2022-29122 CVE-2022-29123 CVE-2022-29125 CVE-2022-29126 CVE-2022-29127 CVE-2022-29128 CVE-2022-29129 CVE-2022-29130 CVE-2022-29131 CVE-2022-29132 CVE-2022-29133 CVE-2022-29134 CVE-2022-29135 CVE-2022-29137 CVE-2022-29138 CVE-2022-29139 CVE-2022-29140 CVE-2022-29141 CVE-2022-29142 CVE-2022-29150 CVE-2022-29151	Workaround: No Exploited: Yes Public: Yes**	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
Edge	Chromium-based	Important	CVE-2022-29144 CVE-2022-29146 CVE-2022-29147	Workaround: No Exploited: No Public: No	Elevation of Privilege Spoofing
.NET Framework	2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 Core 3.1 .NET 5.0, 6.0	Important	CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 CVE-2022-30130	Workaround: No Exploited: No Public: No	Denial of Service
Visual Studio	2017 15.9 through 15.0 2019 16.11 through 16.0 2022 17.0, 17.1 VS Code	Important	CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 CVE-2022-29148 CVE-2022-30129	Workaround: No Exploited: No Public: No	Denial of Service Remote Code Execution
Office	365 Apps for Enterprise Excel/Word 2013 RT SP1, 2013 SP1, 2016 Publisher 2013 SP1, 2016 Office 2019, Online Server Web Apps Server 2013 SP1 LTSC 2021	Important	CVE-2022-29107 CVE-2022-29109 CVE-2022-29110	Workaround: No Exploited: No Public: No	Remote Code Execution Security Feature Bypass
SharePoint Server	Enterprise Server 2016 Foundation 2013 SP1 Server 2019 Server Enterprise Subscription Edition	Important	CVE-2022-29108	Workaround: No Exploited: No Public: No	Remote Code Execution
Exchange Server	2013 CU23 2016 CU22/23 2019 CU11/12	Important	CVE-2022-21978	Workaround: No Exploited: No Public: No	Elevation of Privilege
Azure	Self-hosted Integration Runtime	Critical	CVE-2022-29972	Workaround: No Exploited: No Public: Yes	Information Disclosure Remote Code Execution

Send me this chart next Patch Tuesday.

Home

User name:
Password:
	/ Forgot?
	Register

May 2022 Patch Tuesday	"Patch Tuesday: 3 Zero Days " - sponsored by Supercharger

Follow @randyfsmith

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2022 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.