Microsoft’s May 2022 Patch Tuesday is underway, featuring fixes for a total of 75 flaws, including three zero-day vulnerabilities, with one being actively exploited. Eight of these flaws are classified as ‘Critical’ as they allow remote code execution or elevation of privileges.
Of the 75 vulnerabilities, there are 21 elevation of privilege vulnerabilities, four security feature bypass vulnerabilities, 26 remote code execution vulnerabilities, 17 information disclosure vulnerabilities, six denial of service vulnerabilities, and one spoofing vulnerability. There are no Edge-Chromium vulnerabilities in this update.
The three zero-day vulnerabilities fixed in this update include a new NTLM Relay Attack using an LSARPC flaw, which is being actively exploited. The other two publicly exposed zero-days are a denial of service vulnerability in Hyper-V and a new remote code execution vulnerability in Azure Synapse and Azure Data Factory.
Microsoft recommends administrators read the PetitPotam NTLM Relay advisory for information on how to mitigate these types of attacks. With the issuance of these patches, it is likely that threat actors will analyze the security updates to create their own exploits to use in attacks. Therefore, it is crucial to install today’s security updates as soon as possible. Additionally, non-security Windows updates include Windows 10 KB5013942 and KB5013945 updates and the Windows 11 KB5013943 update.