On the latest Patch Tuesday (May 10) Microsoft released updates for 74 vulnerabilities. At least one of them is already being actively exploited by attackers. Thus, it\u2019s a good idea to install patches as soon as possible.<\/p>\n
Apparently, the most dangerous vulnerability addressed in this update pack is CVE-2022-26925<\/a>, which is contained in the Windows Local Security Authority. However, the vulnerability scores 8.1 on the CVSS scale, which is relatively low. Nevertheless, Microsoft representatives believe that when this vulnerability is used in NTLM Relay attacks<\/a> on Active Directory Certificate Services, the severity level of this bundle rises to CVSS 9.8. The reason for the increased severity level is that in such a scenario CVE-2022-26925 could allow an attacker to authenticate on a domain controller.<\/p>\n The vulnerability can affect all Windows operating systems from Windows 7 (Windows Server 2008 for server systems) and later. Microsoft didn\u2019t go into the details of the exploitation of this vulnerability; however, judging by the description of the problem, unknown attackers are already actively using exploits for CVE-2022-26925 in the wild. The good news is that, according to experts, exploiting this vulnerability in real attacks is quite difficult.<\/p>\n The fix detects and denies anonymous connection attempts to the Local Security Authority Remote Protocol. However, according to the official FAQ<\/a>, installing this update on Windows Server 2008 SP2 may affect backup software.<\/p>\n In addition to CVE-2022-26925, the latest update fixes several other vulnerabilities with a \u201ccritical\u201d severity level. Among them are the CVE-2022-26937<\/a> RCE vulnerability in the Windows Network File System (NFS), as well as CVE-2022-22012<\/a>\u00a0and CVE-2022-29130<\/a> \u2013 two RCE vulnerabilities in the LDAP service.<\/p>\n Two other vulnerabilities were also already known to the public at the time the patches were published: CVE-2022-29972<\/a> \u2013 a bug in Insight Software\u2019s Magnitude Simba Amazon Redshift driver, and CVE-2022-22713<\/a> \u2013 a DoS vulnerability in Windows Hyper-V. However, no attempts to exploit them have been detected to date.<\/p>\n First and foremost, install the recent updates from Microsoft. If for some reason it\u2019s impossible in your environment, refer to the FAQs, Mitigations, and Workarounds<\/em> section of Microsoft\u2019s official May 2022 Security Updates guide<\/a>. Hopefully one of the methods described there can be used for protection from vulnerabilities that are relevant to your infrastructure.<\/p>\nOther vulnerabilities<\/h2>\n
How to stay protected<\/h2>\n