Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s May 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1002 on Wednesday, May 11th.

CVE-2022-26925

In-The-Wild & Disclosed CVEs

Based on Microsoft’s limited documentation, this appears to be a resurgence and/or improved version of PetitPotam. This month’s security guidance links to both the advisory and KB previously released for PetitPotam. Microsoft has described this as a man-in-the-middle attack, which makes the CVSS Attack Complexity metric High, lowering the CVSS score to 8.1.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2022-29972

This vulnerability exists within a third-party Open Database Connectivity (ODBC) driver that is used within Azure Data Factory and Azure Synapse pipelines. Microsoft has released a blog post detailing the issue and the mitigations they applied as well as providing the detections they have made available via Microsoft Defender for Endpoint and Microsoft Defender Antivirus. In addition to the blog post, Microsoft also released an advisory about upcoming improvements.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE-2022-22713

A race condition in Microsoft Hyper-V could lead to a denial of service. Based on the security guidance only Windows 10 20H2, 21H1, and 21H2, along with Windows Server 20H2 are impacted by this vulnerability.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be bold.
TagCVE CountCVEs
Tablet Windows User Interface1CVE-2022-29126
Windows Push Notifications1CVE-2022-29125
Windows Media3CVE-2022-22016, CVE-2022-29105, CVE-2022-29113
Microsoft Local Security Authority Server (lsasrv)1CVE-2022-26925
Remote Desktop Client2CVE-2022-26940, CVE-2022-22017
Visual Studio1CVE-2022-29148
Windows Storage Spaces Controller3CVE-2022-26932, CVE-2022-26938, CVE-2022-26939
Windows Network File System1CVE-2022-26937
Microsoft Office SharePoint1CVE-2022-29108
Visual Studio Code1CVE-2022-30129
Microsoft Office Excel2CVE-2022-29109, CVE-2022-29110
Microsoft Graphics Component4CVE-2022-26927, CVE-2022-26934, CVE-2022-22011, CVE-2022-29112
Windows Remote Access Connection Manager2CVE-2022-26930, CVE-2022-29103
Microsoft Exchange Server1CVE-2022-21978
Windows Server Service1CVE-2022-26936
Microsoft Office1CVE-2022-29107
Windows Remote Procedure Call Runtime1CVE-2022-22019
Windows Remote Desktop1CVE-2022-22015
Windows Failover Cluster Automation Server1CVE-2022-29102
Windows Active Directory1CVE-2022-26923
Self-hosted Integration Runtime1CVE-2022-29972
Windows Address Book1CVE-2022-26926
.NET Framework1CVE-2022-30130
.NET and Visual Studio3CVE-2022-23267, CVE-2022-29117, CVE-2022-29145
Windows Authentication Methods1CVE-2022-26913
Windows Kerberos1CVE-2022-26931
Windows Point-to-Point Tunneling Protocol2CVE-2022-21972, CVE-2022-23270
Windows Print Spooler Components4CVE-2022-29104, CVE-2022-29114, CVE-2022-29132, CVE-2022-29140
Role: Windows Hyper-V3CVE-2022-22713, CVE-2022-24466, CVE-2022-29106
Windows BitLocker1CVE-2022-29127
Windows Kernel3CVE-2022-29133, CVE-2022-29142, CVE-2022-29116
Microsoft Windows ALPC1CVE-2022-23279
Role: Windows Fax Service1CVE-2022-29115
Windows WLAN Auto Config Service2CVE-2022-26935, CVE-2022-29121
Windows LDAP – Lightweight Directory Access Protocol10CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141
Windows Cluster Shared Volume (CSV)8CVE-2022-29134, CVE-2022-29135, CVE-2022-29138, CVE-2022-29120, CVE-2022-29122, CVE-2022-29123, CVE-2022-29150, CVE-2022-29151
Windows NTFS1CVE-2022-26933

Other Information

There were no new advisories included with the May Security Guidance.