Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday”, and contain security fixes for Microsoft devices and software.

 

This month’s release covers 74 vulnerabilities. Seven vulnerabilities are marked as critical (see below for a quick selection of the most concerning ones, critical vulnerabilities should always be considered as concerning). Some are more likely to be exploited in the near future and urgent patching is advised.

 

CVE-2022-26925 is a Spoofing vulnerability affecting Windows LSA. It received a CVSSv3.1 score of 8.1 and exploitation of this zero-day was detected in the wild. An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM.

 

CVE-2022-21978 is an EoP vulnerability affecting Microsoft Exchange Server. It received a CVSSv3.1 score of 8.2. Successful exploitation of this vulnerability requires the attacker to be authenticated to the Exchange Server as a member of a high privileged group.

 

CVE-2022-22012 and CVE-2022-29130 are RCE vulnerabilities affecting Windows LDAP. It received a CVSSv3.1 score of 9.8. An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker’s code running in the context of the SYSTEM account. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. For more information, please see Microsoft’s LDAP policies. 

 

CVE-2022-22017 is a RCE vulnerability affecting the Remote Desktop Client. It received a CVSSv3.1 score of 8.8 and a rating of « Exploitation More Likely ». An attacker could convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim’s system in the context of the targeted user.

 

CVE-2022-26913 is a Windows Authentication Security Feature Bypass vulnerability. It received a CVSSv3.1 score of 7.4. An attacker who successfully exploited this vulnerability could carry out a Man-in-the-Middle attack and could decrypt and read or modify TLS traffic between the client and server. There is no impact to the availability of the attacked machine.

 

CVE-2022-26923 is an EoP vulnerability affecting Active Directory Domain Services. It received a CVSSv3.1 score of 8.8 and a rating of « Exploitation More Likely ». An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow EoP.

 

CVE-2022-26937 is a RCE vulnerability affecting Windows Network File System. It received a CVSSv3.1 score of 9.8 and a rating of « Exploitation More Likely ». This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a NFS service to trigger a RCE. This vulnerability is not exploitable in NFSV4.1.

 

CVE-2022-29108 is a RCE vulnerability affecting Microsoft SharePoint Server. It received a CVSSv3.1 score of 8.8 and a rating of « Exploitation More Likely ». The attacker must be authenticated and have the permissions for page creation to be able to exploit this vulnerability.

 

CVE-2022-29133 is an EoP vulnerability affecting Windows Kernel. It received a CVSSv3.1 score of 8.8. A successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.