Yesterday (May 10) was Microsoft’s “Patch Tuesday,” and it’s not one to be ignored. The new system update patches 75 Windows security vulnerabilities, including three zero-day flaws—one of which has been actively exploited, making it imperative you safeguard your computer as soon as possible.
Microsoft defines a zero-day flaw as any vulnerability that is either made public or exploited before there is a patch. If we go by that definition here, two of these zero-day flaws were previously publicized, but haven’t been taken advantage of (that we know of), since Microsoft confirmed the third has been exploited.
The exploited flaw, identified as CVE-2022-26925, is a Windows LSA spoofing vulnerability. Below is Microsoft’s description of the issue:
An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it.Essentially, the flaw allows bad actors to hijack the authentication process: Windows will think these users have properly authenticated themselves, and will grant elevated permissions to them without merit. From here, these users could take over a domain controller, giving them access to a dangerous level of access to a Windows server. Unlike the other 74 vulnerabilities identified here, including the two zero-day flaws, this exploit is not theoretical: it could be exploited on any system that doesn’t install the patch. However, now that the spotlight is on those other two zero-day vulnerabilities, they could also turn into exploited flaws at any moment. Those two flaws are identified as CVE-2022-22713, a denial of service vulnerability, and CVE-2022-29972, a remote code execution vulnerability. While 75 patches is a lot of fixes, it’s hardly record-breaking. The last time we covered a Windows patch, Microsoft had fixed 128 vulnerabilities. That’s not to undermine the importance of this update, however. To protect yourself against these three security vulnerabilities, as well as the entire list of issues Microsoft has patched, install the new update as soon as possible. There are specific updates for various versions of Windows, including 7, 8.1, 10, 11, and Windows Server.