Sunday May 15th seemed to be time to reboot, and others within the computer industry will have, or will be rebooting for application of Windows Update this month.
Our usual source, Krebs on Security, has the article titled Microsoft Patch Tuesday, May 2022 Edition for your perusal.
The most urgent for this month is CVE-2022-26925 which is a CVE talking about a weakness in the windows security component where a central component is concerned. This is known as the “Local Security Authority.”
“This allows attackers to perform a man-in-the-middle attack to force domain controllers to authenticate to the attacker using NTLM authentication,” Wiseman said. “This is very bad news when used in conjunction with an NTLM relay attack, potentially leading to remote code execution. This bug affects all supported versions of Windows, but Domain Controllers should be patched on a priority basis before updating other servers.”
The last time we had a problem like this, we talked about something called PetitPotam
.
Seven of the flaws fixed today earned Microsoft’s most-dire “critical” label, which it assigns to vulnerabilities that can be exploited by malware or miscreants to remotely compromise a vulnerable Windows system without any help from the user.
There’s plenty more. We even see in other email, Microsoft Releases May 2022 Security Updates which was sent to us by email. The JRN has not read this yet, but ill do so and try to keep up on these.
If you’ve not patched, pay attention to windows, it’ll be calling you very soon if it hasn’t already.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.