Security News > 2022 > May > Microsoft closes Windows LSA hole under active attack
Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates.
At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code.
The bug that's being exploited in the wild is a Windows LSA spoofing vulnerability tracked as CVE-2022-26925.
While the software giant classified the attack complexity as "High," it also noted that the vuln is under active attack.
The second publicly disclosed bug, CVE-2022-22713, is a denial-of-service vulnerability in Windows Hyper-V. Microsoft says exploitation of this one is less likely and requires an attacker to win a race condition.
"The only thing that prevents this vulnerability from being tagged with a higher CVSS is the fact that an attacker must entice a victim to log on to the administration UI using a browser and that the attack is highly complex," the researchers wrote.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/05/11/microsoft_patch_tuesday/
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Microsoft is killing off the Android apps in Windows 11 feature (source)
- Microsoft says Windows 10 21H2 support is ending in June (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Microsoft again bothers Chrome users with Bing popup ads in Windows (source)
- Microsoft announces deprecation of 1024-bit RSA keys in Windows (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2022-26925 | Missing Authentication for Critical Function vulnerability in Microsoft products Windows LSA Spoofing Vulnerability | 5.9 |
| 2022-05-10 | CVE-2022-22713 | Unspecified vulnerability in Microsoft Windows 10 and Windows Server Windows Hyper-V Denial of Service Vulnerability | 5.6 |