Security News > 2022 > May > Microsoft closes Windows LSA hole under active attack
Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates.
At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code.
The bug that's being exploited in the wild is a Windows LSA spoofing vulnerability tracked as CVE-2022-26925.
While the software giant classified the attack complexity as "High," it also noted that the vuln is under active attack.
The second publicly disclosed bug, CVE-2022-22713, is a denial-of-service vulnerability in Windows Hyper-V. Microsoft says exploitation of this one is less likely and requires an attacker to win a race condition.
"The only thing that prevents this vulnerability from being tagged with a higher CVSS is the fact that an attacker must entice a victim to log on to the administration UI using a browser and that the attack is highly complex," the researchers wrote.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/05/11/microsoft_patch_tuesday/
Related news
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2022-26925 | Missing Authentication for Critical Function vulnerability in Microsoft products Windows LSA Spoofing Vulnerability | 5.9 |
| 2022-05-10 | CVE-2022-22713 | Unspecified vulnerability in Microsoft Windows 10 and Windows Server Windows Hyper-V Denial of Service Vulnerability | 0.0 |