Microsoft is publishing 66 new vulnerabilities today, which is far fewer than one would expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet.
Three critical remote code execution (RCE) vulnerabilities are patched today; happily, Microsoft currently assesses all three as less likely to see exploitation. Five browser vulnerabilities and a dozen or so fixes for Azure Linux (aka Mariner) have already been published separately this month, and are not included in the total.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Microsoft patches the patch that broke Windows authentication
May 20, 2022
Microsoft has released an out-of-band patch to deal with an authentication issue that was introduced in the May 10 Windows update. Elizabeth Tyler, cyber security consultant on Microsoft’s Detection and Response Team, confirmed the fix to worried administrators early this morning. Multiple administrators complained last week that after installing the May 10 patch, they experienced authentication failures ...
- Protecting Android users from 0-Day attacks
May 19, 2022
To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks. This blog is a follow up to our July 2021 post on four 0-day vulnerabilities we discovered in 2021, ...
- Apple emergency update fixes zero-day used to hack Macs, Watches
May 16, 2022
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. Zero-days are security flaws that the software vendor is unaware of and hasn’t yet patched. In some cases, this type of vulnerability may also have publicly available proof-of-concept exploits before a patch arrives ...
- Microsoft: May Windows updates cause AD authentication failures
May 12, 2022
Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. This comes after Windows admins started sharing reports of some policies failing after installing this month’s security updates with “Authentication failed due to a user credentials mismatch. Either the user name provided does ...
- Microsoft closes Windows LSA hole under active attack
May 11, 2022
Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. That’s seven critical bugs, 66 deemed important, and one ranked low severity. At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code. After April’s astonishing 100-plus ...
- Exploits created for critical F5 BIG-IP flaw – install patch immediately
May 8, 2022
Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability. Last week, F5 disclosed a new critical remote code execution in BIG-IP networking devices tracked as CVE-2022-1388. This vulnerability affects the BIG-IP iControl REST authentication component and allows remote ...

