VERT Threat Alert: May 2022 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s May 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1002 on Wednesday, May 11th.
In-The-Wild & Disclosed CVEs
Based on Microsoft’s limited documentation, this appears to be a resurgence and/or improved version of PetitPotam. This month’s security guidance links to both the advisory and KB previously released for PetitPotam. Microsoft has described this as a man-in-the-middle attack, which makes the CVSS Attack Complexity metric High, lowering the CVSS score to 8.1.
Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.
This vulnerability exists within a third-party Open Database Connectivity (ODBC) driver that is used within Azure Data Factory and Azure Synapse pipelines. Microsoft has released a blog post detailing the issue and the mitigations they applied as well as providing the detections they have made available via Microsoft Defender for Endpoint and Microsoft Defender Antivirus. In addition to the blog post, Microsoft also released an advisory about upcoming improvements.
Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.
A race condition in Microsoft Hyper-V could lead to a denial of service. Based on the security guidance only Windows 10 20H2, 21H1, and 21H2, along with Windows Server 20H2 are impacted by this vulnerability.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be bold.
| Tag | CVE Count | CVEs |
| Tablet Windows User Interface | 1 | CVE-2022-29126 |
| Windows Push Notifications | 1 | CVE-2022-29125 |
| Windows Media | 3 | CVE-2022-22016, CVE-2022-29105, CVE-2022-29113 |
| Microsoft Local Security Authority Server (lsasrv) | 1 | CVE-2022-26925 |
| Remote Desktop Client | 2 | CVE-2022-26940, CVE-2022-22017 |
| Visual Studio | 1 | CVE-2022-29148 |
| Windows Storage Spaces Controller | 3 | CVE-2022-26932, CVE-2022-26938, CVE-2022-26939 |
| Windows Network File System | 1 | CVE-2022-26937 |
| Microsoft Office SharePoint | 1 | CVE-2022-29108 |
| Visual Studio Code | 1 | CVE-2022-30129 |
| Microsoft Office Excel | 2 | CVE-2022-29109, CVE-2022-29110 |
| Microsoft Graphics Component | 4 | CVE-2022-26927, CVE-2022-26934, CVE-2022-22011, CVE-2022-29112 |
| Windows Remote Access Connection Manager | 2 | CVE-2022-26930, CVE-2022-29103 |
| Microsoft Exchange Server | 1 | CVE-2022-21978 |
| Windows Server Service | 1 | CVE-2022-26936 |
| Microsoft Office | 1 | CVE-2022-29107 |
| Windows Remote Procedure Call Runtime | 1 | CVE-2022-22019 |
| Windows Remote Desktop | 1 | CVE-2022-22015 |
| Windows Failover Cluster Automation Server | 1 | CVE-2022-29102 |
| Windows Active Directory | 1 | CVE-2022-26923 |
| Self-hosted Integration Runtime | 1 | CVE-2022-29972 |
| Windows Address Book | 1 | CVE-2022-26926 |
| .NET Framework | 1 | CVE-2022-30130 |
| .NET and Visual Studio | 3 | CVE-2022-23267, CVE-2022-29117, CVE-2022-29145 |
| Windows Authentication Methods | 1 | CVE-2022-26913 |
| Windows Kerberos | 1 | CVE-2022-26931 |
| Windows Point-to-Point Tunneling Protocol | 2 | CVE-2022-21972, CVE-2022-23270 |
| Windows Print Spooler Components | 4 | CVE-2022-29104, CVE-2022-29114, CVE-2022-29132, CVE-2022-29140 |
| Role: Windows Hyper-V | 3 | CVE-2022-22713, CVE-2022-24466, CVE-2022-29106 |
| Windows BitLocker | 1 | CVE-2022-29127 |
| Windows Kernel | 3 | CVE-2022-29133, CVE-2022-29142, CVE-2022-29116 |
| Microsoft Windows ALPC | 1 | CVE-2022-23279 |
| Role: Windows Fax Service | 1 | CVE-2022-29115 |
| Windows WLAN Auto Config Service | 2 | CVE-2022-26935, CVE-2022-29121 |
| Windows LDAP – Lightweight Directory Access Protocol | 10 | CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141 |
| Windows Cluster Shared Volume (CSV) | 8 | CVE-2022-29134, CVE-2022-29135, CVE-2022-29138, CVE-2022-29120, CVE-2022-29122, CVE-2022-29123, CVE-2022-29150, CVE-2022-29151 |
| Windows NTFS | 1 | CVE-2022-26933 |
Other Information
There were no new advisories included with the May Security Guidance.
The post ” VERT Threat Alert: May 2022 Patch Tuesday Analysis” appeared first on TripWire
Source:TripWire – Tyler Reguly