May 11, 2022 

Microsoft Patches 3 0-Days & 24 RCEs

As part of May’s monthly security rollup updates, Microsoft has patched 3 0-Days (1 actively exploited), and 24 remote code execution vulnerabilities. 

Overall, Microsoft has patched 75 vulnerabilities across Windows, Windows Server, Hyper-V, Azure, Office and other products. 

The Zero-Day Vulnerabilities

• CVE-2022-26904 (CVSS 3.1: 8.1, High Severity) – Windows LSA spoofing vulnerability (privilege escalation) – actively exploited vulnerability. 
• CVE-2022-22713 (CVSS 3.1: 5.6, Medium Severity) – Windows Hyper-V denial of service vulnerability. 
• CVE-2022-29972 (CVSS 3.1: N/A, Critical) – Magnitude Simba Amazon Redshift ODBC driver remote code execution vulnerability. 

 For the full patched vulnerabilities list, including the 24 RCEs, visit Microsoft May 2022 Security Updates. 

 Mitigation

 CYREBRO recommends to implement the latest available Microsoft security/monthly rollup updates in all relevant systems as soon as possible. 

 References: Microsoft May 2022 Security Updates.