Upcoming Webinar
Understand How Your Peer Approach AD Forest Recovery
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Essential Eight + Microsoft 365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.
UK Ransomware Guidelines + M365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.

Microsoft Releases May 2022 Patch Tuesday Updates

Microsoft has just released the May 2022 Patch Tuesday updates, which bring the usual security fixes as well as some notable quality updates on Windows 11. This month, there are no less than 74 new patches to address vulnerabilities in Windows, .NET, Visual Studio, Microsoft Edge, and more.

Serious bugs patched in May 2022

Here are the most important security fixes that Microsoft released as part of this month’s Patch Tuesday updates, including a fix for an important Windows LSA spoofing vulnerability that is already being exploited in the wild.

Windows LSA Spoofing Vulnerability: This vulnerability that’s already being exploited allows an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate the attacker using NTLM.
Insight Software: Magnitude Simba Amazon Redshift ODBC Driver: This critical vulnerability in the Redshift driver allows a locally authenticated attacker to leverage improper validation of authentication tokens to execute remote commands.
Windows Network File System Remote Code Execution Vulnerability: This critical vulnerability could allow unauthenticated attackers to make a call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).
Active Directory Domain Services Elevation of Privilege Vulnerability: This critical vulnerability could allow an authenticated user to acquire a certificate from Active Directory Certificate Services that would allow an elevation of privilege.

Quality and experience updates

Here are the notable quality updates on the KB5013943 patch for Windows 11 users:

Microsoft has addressed an issue that was causing video subtitles to be misaligned or partially cut off
An issue that was preventing users from using the minimize, maximize, and close buttons on a maximized app window has been fixed
The weather icon on the taskbar can now display temperature information when the taskbar is aligned to the left.

The Weather icon in the Windows 11 taskbar with temperature information

74 vulnerabilities fixed in this month’s Patch Tuesday

Now, let’s take a closer look at the 74 CVEs the company released today: Seven of them are rated critical, 66 are rated important, and the last one has a low severity grade. You can find below the full list of CVEs included in this month’s Patch Tuesday:

Details	Impact	Max Severity	Article
CVE-2022-29132	Elevation of Privilege	Important	5013952
CVE-2022-29134	Information Disclosure	Important	5013941
CVE-2022-30130	Denial of Service	Low	5013624
CVE-2022-30129	Remote Code Execution	Important	Release Notes
CVE-2022-22019	Remote Code Execution	Important	5014011
CVE-2022-29141	Remote Code Execution	Important	5014017
CVE-2022-29142	Elevation of Privilege	Important	5013942
CVE-2022-29139	Remote Code Execution	Important	5014012
CVE-2022-29140	Information Disclosure	Important	5013941
CVE-2022-29137	Remote Code Execution	Important	5014011
CVE-2022-29138	Elevation of Privilege	Important	5013941
CVE-2022-29135	Elevation of Privilege	Important	5014011
CVE-2022-29133	Elevation of Privilege	Important	5013943
CVE-2022-29130	Remote Code Execution	Important	5014011
CVE-2022-29131	Remote Code Execution	Important	5013942
CVE-2022-29129	Remote Code Execution	Important	5013942
CVE-2022-29128	Remote Code Execution	Important	5014011
CVE-2022-29148	Remote Code Execution	Important	Release Notes
CVE-2022-29117	Denial of Service	Important	Release Notes
CVE-2022-29145	Denial of Service	Important	Release Notes
CVE-2022-29127	Security Feature Bypass	Important	5014011
CVE-2022-29126	Elevation of Privilege	Important	5014011
CVE-2022-29125	Elevation of Privilege	Important	5014011
CVE-2022-29123	Information Disclosure	Important	5014011
CVE-2022-29122	Information Disclosure	Important	5014011
CVE-2022-29121	Denial of Service	Important	5014011
CVE-2022-29120	Information Disclosure	Important	5014011
CVE-2022-29116	Information Disclosure	Important	5013943
CVE-2022-29115	Remote Code Execution	Important	5014011
CVE-2022-29114	Information Disclosure	Important	5014011
CVE-2022-29113	Elevation of Privilege	Important	5013942
CVE-2022-29112	Information Disclosure	Important	5014011
CVE-2022-29110	Remote Code Execution	Important	5002199
CVE-2022-29107	Security Feature Bypass	Important	5002187
CVE-2022-29109	Remote Code Execution	Important	Click to Run
CVE-2022-29105	Remote Code Execution	Important	5014011
CVE-2022-29108	Remote Code Execution	Important	5002203
CVE-2022-29106	Elevation of Privilege	Important	5013952
CVE-2022-29104	Elevation of Privilege	Important	5014011
CVE-2022-29103	Elevation of Privilege	Important	5014011
CVE-2022-29102	Information Disclosure	Important	5014011
CVE-2022-22016	Elevation of Privilege	Important	5013952
CVE-2022-22017	Remote Code Execution	Critical	5013943
CVE-2022-22015	Information Disclosure	Important	5014011
CVE-2022-22014	Remote Code Execution	Important	5014011
CVE-2022-22013	Remote Code Execution	Important	5014011
CVE-2022-22012	Remote Code Execution	Important	5014011
CVE-2022-22011	Information Disclosure	Important	5014011
CVE-2022-26940	Information Disclosure	Important	5013943
CVE-2022-26939	Elevation of Privilege	Important	5013952
CVE-2022-26937	Remote Code Execution	Critical	5014011
CVE-2022-26938	Elevation of Privilege	Important	5013952
CVE-2022-26936	Information Disclosure	Important	5014011
CVE-2022-26935	Information Disclosure	Important	5014011
CVE-2022-26934	Information Disclosure	Important	5014011
CVE-2022-26933	Information Disclosure	Important	5014011
CVE-2022-26932	Elevation of Privilege	Important	5013952
CVE-2022-26930	Information Disclosure	Important	5014011
CVE-2022-26927	Remote Code Execution	Important	5013942
CVE-2022-26926	Remote Code Execution	Important	5014011
CVE-2022-26925	Spoofing	Important	5014011
CVE-2022-26913	Security Feature Bypass	Important	5013942
CVE-2022-24466	Security Feature Bypass	Important	5013952
CVE-2022-21978	Elevation of Privilege	Important	5014261
CVE-2022-26931	Elevation of Privilege	Critical	5014011
CVE-2022-26923	Elevation of Privilege	Critical	5014011
CVE-2022-23267	Denial of Service	Important	Release Notes
CVE-2022-23279	Elevation of Privilege	Important	5013942
CVE-2022-23270	Remote Code Execution	Critical	5014011
CVE-2022-22713	Denial of Service	Important	5013942
CVE-2022-21972	Remote Code Execution	Critical	5014011
CVE-2022-29151	Elevation of Privilege	Important	5014011
CVE-2022-29150	Elevation of Privilege	Important	5014011

Windows 10 version 20H2 reaches end of support

Today’s Patch Tuesday updates also mark the end of servicing for Windows 10 version 20H2, which is now out of support for the Home, Pro, Pro Education, and Pro for Workstations editions of the OS. Microsoft will continue to service the Enterprise, IoT Enterprise, Windows on Surface Hub, and Windows Server, version 20H2, but everyone else is invited to update to Windows 10 version 21H2, the latest version that is now ready for broad deployment.

Windows 11 is also another upgrade path on PCs that meet the minimum hardware requirements for the OS. As of January 2022, Microsoft said that the upgrade offer to Windows 11 had entered its final phase of availability ahead of the company’s initial plan of mid-2022.

Windows Update testing and best practices

Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.

Best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes an problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.

If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.

But that is it for another month and happy patching!

by Laurent Giret
May 11, 2022

Laurent was the Editorial Manager of the Petri IT Knowledgebase from 2022-2023. He's also the Senior News Editor of Thurrott.com.

How to Enable Auto Login on Windows 10

Jun 2, 2023
Jul 19, 2023
Troubleshooting Guide: Fixing the “User Profile Service Failed The Sign-In” Error

Jul 19, 2023
How to Configure Windows LAPS in an Azure Active Directory Scenario

May 3, 2023
Jul 17, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.