Patch Analysis for May 2022
Welcome to my May Patch Tuesday newsletter. The CVE count this month was much lower but we do have patches that need attention. There are three zero-day vulnerabilities addressed (highlighted in yellow in the chart). Of the three, CVE-2022-26295 is our priority one this Patch Tuesday. It is not only public but it is also being actively exploited. I'm also highlighting in blue a few CVE's in chart below. Microsoft gives these an "Exploitation More Likely" assessment so these need to be addressed as well. Affecting Windows technology in the chart below are 7 critical CVE's (CVE-2022-21972, CVE-2022-22017, CVE-2022-23270, CVE-2022-26923, CVE-2022-26931, CVE-2022-26937) and another critical affecting Azure Self-hosted Integration Runtime. These are all of our high priority CVE's for the month. We recommend anything that is highlighted in the chart below to be tested and applied as soon as possible.
So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.
Patch data provided by:
|

|
Technology
|
Products Affected
|
Severity
|
Reference
|
Workaround/ Exploited / Publicly Disclosed
|
Vulnerability Info
|
Windows
|
Windows 7, 8.1, RT 8.1, 10, 11
Server 2008 SP2, 2008R2, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations
Remote Desktop Client
|
Critical
|
CVE-2022-21972
CVE-2022-22011
CVE-2022-22012
CVE-2022-22013
CVE-2022-22014
CVE-2022-22015
CVE-2022-22016
CVE-2022-22017
CVE-2022-22019
CVE-2022-22713
CVE-2022-23270
CVE-2022-23279
CVE-2022-24466
CVE-2022-26913
CVE-2022-26923
CVE-2022-26925**
CVE-2022-26926
CVE-2022-26927
CVE-2022-26930
CVE-2022-26931
CVE-2022-26932
CVE-2022-26933
CVE-2022-26934
CVE-2022-26935
CVE-2022-26936
CVE-2022-26937
CVE-2022-26938
CVE-2022-26939
CVE-2022-26940
CVE-2022-29102
CVE-2022-29103
CVE-2022-29104
CVE-2022-29105
CVE-2022-29106
CVE-2022-29112
CVE-2022-29113
CVE-2022-29114
CVE-2022-29115
CVE-2022-29116
CVE-2022-29120
CVE-2022-29121
CVE-2022-29122
CVE-2022-29123
CVE-2022-29125
CVE-2022-29126
CVE-2022-29127
CVE-2022-29128
CVE-2022-29129
CVE-2022-29130
CVE-2022-29131
CVE-2022-29132
CVE-2022-29133
CVE-2022-29134
CVE-2022-29135
CVE-2022-29137
CVE-2022-29138
CVE-2022-29139
CVE-2022-29140
CVE-2022-29141
CVE-2022-29142
CVE-2022-29150
CVE-2022-29151
|
Workaround: No
Exploited: Yes
Public: Yes**
|
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Feature Bypass
Spoofing
|
Edge
|
Chromium-based
|
Important
|
CVE-2022-29144
CVE-2022-29146
CVE-2022-29147
|
Workaround: No
Exploited: No
Public: No
|
Elevation of Privilege
Spoofing
|
.NET Framework
|
2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
Core 3.1
.NET 5.0, 6.0
|
Important
|
CVE-2022-23267
CVE-2022-29117
CVE-2022-29145
CVE-2022-30130
|
Workaround: No
Exploited: No
Public: No
|
Denial of Service
|
Visual Studio
|
2017 15.9 through 15.0
2019 16.11 through 16.0
2022 17.0, 17.1
VS Code
|
Important
|
CVE-2022-23267
CVE-2022-29117
CVE-2022-29145
CVE-2022-29148
CVE-2022-30129
|
Workaround: No
Exploited: No
Public: No
|
Denial of Service
Remote Code Execution
|
Office
|
365 Apps for Enterprise
Excel/Word 2013 RT SP1, 2013 SP1, 2016
Publisher 2013 SP1, 2016
Office 2019, Online Server
Web Apps Server 2013 SP1
LTSC 2021
|
Important
|
CVE-2022-29107
CVE-2022-29109
CVE-2022-29110
|
Workaround: No
Exploited: No
Public: No
|
Remote Code Execution
Security Feature Bypass
|
SharePoint Server
|
Enterprise Server 2016
Foundation 2013 SP1
Server 2019
Server Enterprise Subscription Edition
|
Important
|
CVE-2022-29108
|
Workaround: No
Exploited: No
Public: No
|
Remote Code Execution
|
Exchange Server
|
2013 CU23
2016 CU22/23
2019 CU11/12
|
Important
|
CVE-2022-21978
|
Workaround: No
Exploited: No
Public: No
|
Elevation of Privilege
|
Azure
|
Self-hosted Integration Runtime
|
Critical
|
CVE-2022-29972
|
Workaround: No
Exploited: No
Public: Yes
|
Information Disclosure
Remote Code Execution
|
Receive Randy's same-day, independent analysis each Patch Tuesday
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The "Randy’s Recommendation" comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|