Security News > 2022 > May > Actively Exploited Zero-Day Bug Patched by Microsoft

Actively Exploited Zero-Day Bug Patched by Microsoft
2022-05-11 11:12

Microsoft has revealed 73 new patches for May's monthly update of security fixes, including a patch for one flaw-a zero-day Windows LSA Spoofing Vulnerability rated as "Important"-that is currently being exploited with man-in-the-middle attacks.

The software giant's monthly update of patches that comes out every second Tuesday of the month-known as Patch Tuesday-also included fixes for seven "Critical" flaws, 65 others rated as "Important," and one rated as "Low."

The remainder of the flaws also include a high percentage of RCE and EoP bugs, with the former accounting for 32.9 percent of the flaws patched this month, while the latter accounted for 28.8 percent of fixes, according to a blog post by researchers at Tenable.

One is tracked as CVE-2022-29972 and is found in Insight Software's Magnitude Simba Amazon Redshift ODBC Driver, and would need to be patched by a cloud provider-something organizations should follow up on, Liska said.

At the same time, Microsoft characterized the ease of exploitation of these vulnerabilities as "Exploitation More Likely," as was the case with a similar vulnerability, CVE-2021-26432, an actively exploited zero day in the TCP/IP protocol stack in Windows server that was patched in August 2021.

The vulnerability, discovered by Akamai researcher Ben Barnea, takes advantage of three RPC runtime library flaws that Microsoft had patched in April-CVE-2022-26809, CVE-2022-24492 and CVE-2022-24528, he revealed in a blog post Tuesday.


News URL

https://threatpost.com/microsoft-zero-day-mays-patch-tuesday/179579/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-05-09 CVE-2022-29972 Argument Injection or Modification vulnerability in Insightsoftware Magnitude Simba Amazon Redshift Odbc Driver
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code.
local
low complexity
insightsoftware CWE-88
7.2
2022-04-15 CVE-2022-26809 Unspecified vulnerability in Microsoft products
Remote Procedure Call Runtime Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
9.8
2022-04-15 CVE-2022-24528 Unspecified vulnerability in Microsoft products
Remote Procedure Call Runtime Remote Code Execution Vulnerability
network
low complexity
microsoft
8.8
2022-04-15 CVE-2022-24492 Unspecified vulnerability in Microsoft products
Remote Procedure Call Runtime Remote Code Execution Vulnerability
network
low complexity
microsoft
8.8
2021-08-12 CVE-2021-26432 Unspecified vulnerability in Microsoft products
Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 700 776 4531 4644 3617 13568