Patch Analysis for May 2022

Welcome to my May Patch Tuesday newsletter. The CVE count this month was much lower but we do have patches that need attention. There are three zero-day vulnerabilities addressed (highlighted in yellow in the chart). Of the three, CVE-2022-26295 is our priority one this Patch Tuesday. It is not only public but it is also being actively exploited. I'm also highlighting in blue a few CVE's in chart below. Microsoft gives these an "Exploitation More Likely" assessment so these need to be addressed as well. Affecting Windows technology in the chart below are 7 critical CVE's (CVE-2022-21972, CVE-2022-22017, CVE-2022-23270, CVE-2022-26923, CVE-2022-26931, CVE-2022-26937) and another critical affecting Azure Self-hosted Integration Runtime. These are all of our high priority CVE's for the month. We recommend anything that is highlighted in the chart below to be tested and applied as soon as possible.

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 7, 8.1, RT 8.1, 10, 11 Server 2008 SP2, 2008R2, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations Remote Desktop Client	Critical	CVE-2022-21972 CVE-2022-22011 CVE-2022-22012 CVE-2022-22013 CVE-2022-22014 CVE-2022-22015 CVE-2022-22016 CVE-2022-22017 CVE-2022-22019 CVE-2022-22713 CVE-2022-23270 CVE-2022-23279 CVE-2022-24466 CVE-2022-26913 CVE-2022-26923 CVE-2022-26925** CVE-2022-26926 CVE-2022-26927 CVE-2022-26930 CVE-2022-26931 CVE-2022-26932 CVE-2022-26933 CVE-2022-26934 CVE-2022-26935 CVE-2022-26936 CVE-2022-26937 CVE-2022-26938 CVE-2022-26939 CVE-2022-26940 CVE-2022-29102 CVE-2022-29103 CVE-2022-29104 CVE-2022-29105 CVE-2022-29106 CVE-2022-29112 CVE-2022-29113 CVE-2022-29114 CVE-2022-29115 CVE-2022-29116 CVE-2022-29120 CVE-2022-29121 CVE-2022-29122 CVE-2022-29123 CVE-2022-29125 CVE-2022-29126 CVE-2022-29127 CVE-2022-29128 CVE-2022-29129 CVE-2022-29130 CVE-2022-29131 CVE-2022-29132 CVE-2022-29133 CVE-2022-29134 CVE-2022-29135 CVE-2022-29137 CVE-2022-29138 CVE-2022-29139 CVE-2022-29140 CVE-2022-29141 CVE-2022-29142 CVE-2022-29150 CVE-2022-29151	Workaround: No Exploited: Yes Public: Yes**	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
Edge	Chromium-based	Important	CVE-2022-29144 CVE-2022-29146 CVE-2022-29147	Workaround: No Exploited: No Public: No	Elevation of Privilege Spoofing
.NET Framework	2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 Core 3.1 .NET 5.0, 6.0	Important	CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 CVE-2022-30130	Workaround: No Exploited: No Public: No	Denial of Service
Visual Studio	2017 15.9 through 15.0 2019 16.11 through 16.0 2022 17.0, 17.1 VS Code	Important	CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 CVE-2022-29148 CVE-2022-30129	Workaround: No Exploited: No Public: No	Denial of Service Remote Code Execution
Office	365 Apps for Enterprise Excel/Word 2013 RT SP1, 2013 SP1, 2016 Publisher 2013 SP1, 2016 Office 2019, Online Server Web Apps Server 2013 SP1 LTSC 2021	Important	CVE-2022-29107 CVE-2022-29109 CVE-2022-29110	Workaround: No Exploited: No Public: No	Remote Code Execution Security Feature Bypass
SharePoint Server	Enterprise Server 2016 Foundation 2013 SP1 Server 2019 Server Enterprise Subscription Edition	Important	CVE-2022-29108	Workaround: No Exploited: No Public: No	Remote Code Execution
Exchange Server	2013 CU23 2016 CU22/23 2019 CU11/12	Important	CVE-2022-21978	Workaround: No Exploited: No Public: No	Elevation of Privilege
Azure	Self-hosted Integration Runtime	Critical	CVE-2022-29972	Workaround: No Exploited: No Public: Yes	Information Disclosure Remote Code Execution

Receive Randy's same-day, independent analysis each Patch Tuesday

"Thank you. I am very glad I subscribed to this newsletter. Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

- Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The "Randy’s Recommendation" comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

May 2022 Patch Tuesday	"Patch Tuesday: 3 Zero Days " - sponsored by Supercharger

Follow @randyfsmith

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2022 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.