74 CVEs addressed through the May 2022 Patch Tuesday Release

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • A pretty busy month for a Microsoft Patch Tuesday release, with 74 CVEs.
  • Out of all the CVEs, 10 are rated Critical, 66 Important, and 1 rated as Low.
  • We've included each and everyone in this article, with direct links as well.
pt may vulnerabilities

It’s May already and everyone is looking towards Microsoft, in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve already provided the direct download links for the cumulative updates released today for Windows 10 and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again.

This month, the Redmond tech giant released 74 new patches, which is a lot more than some people were expecting right after Easter.

These software updates address CVEs in:

  • Microsoft Windows and Windows Components
  • .NET and Visual Studio
  • Microsoft Edge (Chromium-based)
  • Microsoft Exchange Server
  • Office and Office Components
  • Windows Hyper-V
  • Windows Authentication Methods
  • BitLocker
  • Windows Cluster Shared Volume (CSV)
  • Remote Desktop Client
  • Windows Network File System
  • NTFS
  • Windows Point-to-Point Tunneling Protocol

74 CVEs were identified and dealt with this month

Not the busiest but also not the lightest month for Microsoft security experts. You might like to know that, out of the 74 new CVEs released, 7 are rated Critical, 66 are rated Important, and one is rated Low in severity

CVE Title Severity CVSS Public Exploited Type
CVE-2022-26925 Windows LSA Spoofing Vulnerability Important 8.1 Yes Yes Spoofing
CVE-2022-29972 Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver Critical N/A Yes No RCE
CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability Important 5.6 Yes No DoS
CVE-2022-26923 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No EoP
CVE-2022-21972 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-23270 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-22017 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2022-26931 Windows Kerberos Elevation of Privilege Vulnerability Critical 7.5 No No EoP
CVE-2022-26937 Windows Network File System Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2022-23267 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-29117 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-29145 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-29127 BitLocker Security Feature Bypass Vulnerability Important 4.2 No No SFB
CVE-2022-29109 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-29110 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-21978 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8.2 No No EoP
CVE-2022-29107 Microsoft Office Security Feature Bypass Vulnerability Important 5.5 No No SFB
CVE-2022-29108 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-29105 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-26940 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-22019 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-26932 Storage Spaces Direct Elevation of Privilege Vulnerability Important 8.2 No No EoP
CVE-2022-26938 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-26939 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-29126 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-30129 Visual Studio Code Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-29148 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-26926 Windows Address Book Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-26913 Windows Authentication Security Feature Bypass Vulnerability Important 7.4 No No SFB
CVE-2022-29135 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-29150 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-29151 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-29138 Windows Clustered Shared Volume Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-29120 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-29122 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-29123 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-29134 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-29113 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-29102 Windows Failover Cluster Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-29115 Windows Fax Service Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-22011 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-26934 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-29112 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-26927 Windows Graphics Component Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-24466 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.1 No No SFB
CVE-2022-29106 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-29133 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2022-29142 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-29116 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No Info
CVE-2022-22012 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No RCE
CVE-2022-22013 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-22014 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-29128 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-29129 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-29130 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No RCE
CVE-2022-29131 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-29137 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-29139 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-29141 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-26933 Windows NTFS Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-22016 Windows PlayToManager Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-29104 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-29132 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-29114 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-29140 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-29125 Windows Push Notifications Apps Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-29103 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26930 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-22015 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-26936 Windows Server Service Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-29121 Windows WLAN AutoConfig Service Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2022-26935 Windows WLAN AutoConfig Service Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-30130 .NET Framework Denial of Service Vulnerability Low 3.3 No No DoS

Out of all the Critical-rated patches, there are two that affect the Windows implementation of Point-to-Point Tunneling Protocol (PPTP) that could allow an RCE.

The tech giant stated that an attacker would need to win a race condition to successfully exploit these bugs, but not every race condition is identical.

There is also a Critical-rated Elevation of Privilege (EoP) bug in Microsoft Kerberos, but no further information is provided at this moment.

The next Patch Tuesday rollout will be on May 10th, so don’t get too comfortable with the current state of affairs, as it might change sooner than you think.

Was this article helpful to you? Share your opinion in the comments section below.

This article covers:Topics: