Microsoft Releases May 2022 Patch Tuesday Updates
Last Update: Nov 19, 2024 | Published: May 11, 2022
Microsoft has just released the May 2022 Patch Tuesday updates, which bring the usual security fixes as well as some notable quality updates on Windows 11. This month, there are no less than 74 new patches to address vulnerabilities in Windows, .NET, Visual Studio, Microsoft Edge, and more.
Serious bugs patched in May 2022
Here are the most important security fixes that Microsoft released as part of this month’s Patch Tuesday updates, including a fix for an important Windows LSA spoofing vulnerability that is already being exploited in the wild.
- Windows LSA Spoofing Vulnerability: This vulnerability that’s already being exploited allows an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate the attacker using NTLM.
- Insight Software: Magnitude Simba Amazon Redshift ODBC Driver: This critical vulnerability in the Redshift driver allows a locally authenticated attacker to leverage improper validation of authentication tokens to execute remote commands.
- Windows Network File System Remote Code Execution Vulnerability: This critical vulnerability could allow unauthenticated attackers to make a call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).
- Active Directory Domain Services Elevation of Privilege Vulnerability: This critical vulnerability could allow an authenticated user to acquire a certificate from Active Directory Certificate Services that would allow an elevation of privilege.
Quality and experience updates
Here are the notable quality updates on the KB5013943 patch for Windows 11 users:
- Microsoft has addressed an issue that was causing video subtitles to be misaligned or partially cut off
- An issue that was preventing users from using the minimize, maximize, and close buttons on a maximized app window has been fixed
- The weather icon on the taskbar can now display temperature information when the taskbar is aligned to the left.
74 vulnerabilities fixed in this month’s Patch Tuesday
Now, let’s take a closer look at the 74 CVEs the company released today: Seven of them are rated critical, 66 are rated important, and the last one has a low severity grade. You can find below the full list of CVEs included in this month’s Patch Tuesday:
| Details | Impact | Max Severity | Article |
| CVE-2022-29132 | Elevation of Privilege | Important | 5013952 |
| CVE-2022-29134 | Information Disclosure | Important | 5013941 |
| CVE-2022-30130 | Denial of Service | Low | 5013624 |
| CVE-2022-30129 | Remote Code Execution | Important | Release Notes |
| CVE-2022-22019 | Remote Code Execution | Important | 5014011 |
| CVE-2022-29141 | Remote Code Execution | Important | 5014017 |
| CVE-2022-29142 | Elevation of Privilege | Important | 5013942 |
| CVE-2022-29139 | Remote Code Execution | Important | 5014012 |
| CVE-2022-29140 | Information Disclosure | Important | 5013941 |
| CVE-2022-29137 | Remote Code Execution | Important | 5014011 |
| CVE-2022-29138 | Elevation of Privilege | Important | 5013941 |
| CVE-2022-29135 | Elevation of Privilege | Important | 5014011 |
| CVE-2022-29133 | Elevation of Privilege | Important | 5013943 |
| CVE-2022-29130 | Remote Code Execution | Important | 5014011 |
| CVE-2022-29131 | Remote Code Execution | Important | 5013942 |
| CVE-2022-29129 | Remote Code Execution | Important | 5013942 |
| CVE-2022-29128 | Remote Code Execution | Important | 5014011 |
| CVE-2022-29148 | Remote Code Execution | Important | Release Notes |
| CVE-2022-29117 | Denial of Service | Important | Release Notes |
| CVE-2022-29145 | Denial of Service | Important | Release Notes |
| CVE-2022-29127 | Security Feature Bypass | Important | 5014011 |
| CVE-2022-29126 | Elevation of Privilege | Important | 5014011 |
| CVE-2022-29125 | Elevation of Privilege | Important | 5014011 |
| CVE-2022-29123 | Information Disclosure | Important | 5014011 |
| CVE-2022-29122 | Information Disclosure | Important | 5014011 |
| CVE-2022-29121 | Denial of Service | Important | 5014011 |
| CVE-2022-29120 | Information Disclosure | Important | 5014011 |
| CVE-2022-29116 | Information Disclosure | Important | 5013943 |
| CVE-2022-29115 | Remote Code Execution | Important | 5014011 |
| CVE-2022-29114 | Information Disclosure | Important | 5014011 |
| CVE-2022-29113 | Elevation of Privilege | Important | 5013942 |
| CVE-2022-29112 | Information Disclosure | Important | 5014011 |
| CVE-2022-29110 | Remote Code Execution | Important | 5002199 |
| CVE-2022-29107 | Security Feature Bypass | Important | 5002187 |
| CVE-2022-29109 | Remote Code Execution | Important | Click to Run |
| CVE-2022-29105 | Remote Code Execution | Important | 5014011 |
| CVE-2022-29108 | Remote Code Execution | Important | 5002203 |
| CVE-2022-29106 | Elevation of Privilege | Important | 5013952 |
| CVE-2022-29104 | Elevation of Privilege | Important | 5014011 |
| CVE-2022-29103 | Elevation of Privilege | Important | 5014011 |
| CVE-2022-29102 | Information Disclosure | Important | 5014011 |
| CVE-2022-22016 | Elevation of Privilege | Important | 5013952 |
| CVE-2022-22017 | Remote Code Execution | Critical | 5013943 |
| CVE-2022-22015 | Information Disclosure | Important | 5014011 |
| CVE-2022-22014 | Remote Code Execution | Important | 5014011 |
| CVE-2022-22013 | Remote Code Execution | Important | 5014011 |
| CVE-2022-22012 | Remote Code Execution | Important | 5014011 |
| CVE-2022-22011 | Information Disclosure | Important | 5014011 |
| CVE-2022-26940 | Information Disclosure | Important | 5013943 |
| CVE-2022-26939 | Elevation of Privilege | Important | 5013952 |
| CVE-2022-26937 | Remote Code Execution | Critical | 5014011 |
| CVE-2022-26938 | Elevation of Privilege | Important | 5013952 |
| CVE-2022-26936 | Information Disclosure | Important | 5014011 |
| CVE-2022-26935 | Information Disclosure | Important | 5014011 |
| CVE-2022-26934 | Information Disclosure | Important | 5014011 |
| CVE-2022-26933 | Information Disclosure | Important | 5014011 |
| CVE-2022-26932 | Elevation of Privilege | Important | 5013952 |
| CVE-2022-26930 | Information Disclosure | Important | 5014011 |
| CVE-2022-26927 | Remote Code Execution | Important | 5013942 |
| CVE-2022-26926 | Remote Code Execution | Important | 5014011 |
| CVE-2022-26925 | Spoofing | Important | 5014011 |
| CVE-2022-26913 | Security Feature Bypass | Important | 5013942 |
| CVE-2022-24466 | Security Feature Bypass | Important | 5013952 |
| CVE-2022-21978 | Elevation of Privilege | Important | 5014261 |
| CVE-2022-26931 | Elevation of Privilege | Critical | 5014011 |
| CVE-2022-26923 | Elevation of Privilege | Critical | 5014011 |
| CVE-2022-23267 | Denial of Service | Important | Release Notes |
| CVE-2022-23279 | Elevation of Privilege | Important | 5013942 |
| CVE-2022-23270 | Remote Code Execution | Critical | 5014011 |
| CVE-2022-22713 | Denial of Service | Important | 5013942 |
| CVE-2022-21972 | Remote Code Execution | Critical | 5014011 |
| CVE-2022-29151 | Elevation of Privilege | Important | 5014011 |
| CVE-2022-29150 | Elevation of Privilege | Important | 5014011 |
Windows 10 version 20H2 reaches end of support
Today’s Patch Tuesday updates also mark the end of servicing for Windows 10 version 20H2, which is now out of support for the Home, Pro, Pro Education, and Pro for Workstations editions of the OS. Microsoft will continue to service the Enterprise, IoT Enterprise, Windows on Surface Hub, and Windows Server, version 20H2, but everyone else is invited to update to Windows 10 version 21H2, the latest version that is now ready for broad deployment.
Windows 11 is also another upgrade path on PCs that meet the minimum hardware requirements for the OS. As of January 2022, Microsoft said that the upgrade offer to Windows 11 had entered its final phase of availability ahead of the company’s initial plan of mid-2022.
Windows Update testing and best practices
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
Best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes an problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.
If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.
But that is it for another month and happy patching!