10 maja 2022 r. firma Microsoft opublikowała aktualizacje zabezpieczeń, które usuwają luki w wielu produktach.
Spośród 75 luk usuniętych w dzisiejszej aktualizacji osiem zostało sklasyfikowanych jako „krytyczne”, ponieważ umożliwiają zdalne wykonanie kodu lub podniesienie uprawnień.
Poniżej znajduje się pełna lista usuniętych luk w zabezpieczeniach i wydanych porad we wtorkowych aktualizacjach łatki z maja 2022 r.
Tag | NUMER CVE | CVE Opis | Krytyczność |
.NET and Visual Studio | CVE-2022-29117 | .NET and Visual Studio Denial of Service Vulnerability | Ważna |
.NET and Visual Studio | CVE-2022-23267 | .NET and Visual Studio Denial of Service Vulnerability | Ważna |
.NET and Visual Studio | CVE-2022-29145 | .NET and Visual Studio Denial of Service Vulnerability | Ważna |
.NET Framework | CVE-2022-30130 | .NET Framework Denial of Service Vulnerability | Niska |
Azure SHIR | ADV220001 | Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972 | Krytyczna |
Microsoft Exchange Server | CVE-2022-21978 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Ważna |
Microsoft Graphics Component | CVE-2022-26934 | Windows Graphics Component Information Disclosure Vulnerability | Ważna |
Microsoft Graphics Component | CVE-2022-22011 | Windows Graphics Component Information Disclosure Vulnerability | Ważna |
Microsoft Graphics Component | CVE-2022-29112 | Windows Graphics Component Information Disclosure Vulnerability | Ważna |
Microsoft Graphics Component | CVE-2022-26927 | Windows Graphics Component Remote Code Execution Vulnerability | Ważna |
Microsoft Local Security Authority Server (lsasrv) | CVE-2022-26925 | Windows LSA Spoofing Vulnerability | Ważna |
Microsoft Office | CVE-2022-29107 | Microsoft Office Security Feature Bypass Vulnerability | Ważna |
Microsoft Office Excel | CVE-2022-29109 | Microsoft Excel Remote Code Execution Vulnerability | Ważna |
Microsoft Office Excel | CVE-2022-29110 | Microsoft Excel Remote Code Execution Vulnerability | Ważna |
Microsoft Office SharePoint | CVE-2022-29108 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Ważna |
Microsoft Windows ALPC | CVE-2022-23279 | Windows ALPC Elevation of Privilege Vulnerability | Ważna |
Remote Desktop Client | CVE-2022-26940 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Ważna |
Remote Desktop Client | CVE-2022-22017 | Remote Desktop Client Remote Code Execution Vulnerability | Krytyczna |
Role: Windows Fax Service | CVE-2022-29115 | Windows Fax Service Remote Code Execution Vulnerability | Ważna |
Role: Windows Hyper-V | CVE-2022-22713 | Windows Hyper-V Denial of Service Vulnerability | Ważna |
Role: Windows Hyper-V | CVE-2022-24466 | Windows Hyper-V Security Feature Bypass Vulnerability | Ważna |
Role: Windows Hyper-V | CVE-2022-29106 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | Ważna |
Self-hosted Integration Runtime | CVE-2022-29972 | Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver | Krytyczna |
Tablet Windows User Interface | CVE-2022-29126 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | Ważna |
Visual Studio | CVE-2022-29148 | Visual Studio Remote Code Execution Vulnerability | Ważna |
Visual Studio Code | CVE-2022-30129 | Visual Studio Code Remote Code Execution Vulnerability | Ważna |
Windows Active Directory | CVE-2022-26923 | Active Directory Domain Services Elevation of Privilege Vulnerability | Krytyczna |
Windows Address Book | CVE-2022-26926 | Windows Address Book Remote Code Execution Vulnerability | Ważna |
Windows Authentication Methods | CVE-2022-26913 | Windows Authentication Security Feature Bypass Vulnerability | Ważna |
Windows BitLocker | CVE-2022-29127 | BitLocker Security Feature Bypass Vulnerability | Ważna |
Windows Cluster Shared Volume (CSV) | CVE-2022-29122 | Windows Clustered Shared Volume Information Disclosure Vulnerability | Ważna |
Windows Cluster Shared Volume (CSV) | CVE-2022-29135 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | Ważna |
Windows Cluster Shared Volume (CSV) | CVE-2022-29138 | Windows Clustered Shared Volume Elevation of Privilege Vulnerability | Ważna |
Windows Cluster Shared Volume (CSV) | CVE-2022-29134 | Windows Clustered Shared Volume Information Disclosure Vulnerability | Ważna |
Windows Cluster Shared Volume (CSV) | CVE-2022-29120 | Windows Clustered Shared Volume Information Disclosure Vulnerability | Ważna |
Windows Cluster Shared Volume (CSV) | CVE-2022-29151 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | Ważna |
Windows Cluster Shared Volume (CSV) | CVE-2022-29123 | Windows Clustered Shared Volume Information Disclosure Vulnerability | Ważna |
Windows Cluster Shared Volume (CSV) | CVE-2022-29150 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | Ważna |
Windows Failover Cluster Automation Server | CVE-2022-29102 | Windows Failover Cluster Information Disclosure Vulnerability | Ważna |
Windows Kerberos | CVE-2022-26931 | Windows Kerberos Elevation of Privilege Vulnerability | Krytyczna |
Windows Kernel | CVE-2022-29142 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows Kernel | CVE-2022-29116 | Windows Kernel Information Disclosure Vulnerability | Ważna |
Windows Kernel | CVE-2022-29133 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29141 | Windows LDAP Remote Code Execution Vulnerability | Ważna |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-22014 | Windows LDAP Remote Code Execution Vulnerability | Ważna |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29137 | Windows LDAP Remote Code Execution Vulnerability | Ważna |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29139 | Windows LDAP Remote Code Execution Vulnerability | Ważna |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-22013 | Windows LDAP Remote Code Execution Vulnerability | Ważna |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-22012 | Windows LDAP Remote Code Execution Vulnerability | Ważna |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29128 | Windows LDAP Remote Code Execution Vulnerability | Ważna |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29129 | Windows LDAP Remote Code Execution Vulnerability | Ważna |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29130 | Windows LDAP Remote Code Execution Vulnerability | Ważna |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29131 | Windows LDAP Remote Code Execution Vulnerability | Ważna |
Windows Media | CVE-2022-29105 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Ważna |
Windows Media | CVE-2022-29113 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | Ważna |
Windows Media | CVE-2022-22016 | Windows PlayToManager Elevation of Privilege Vulnerability | Ważna |
Windows Network File System | CVE-2022-26937 | Windows Network File System Remote Code Execution Vulnerability | Krytyczna |
Windows NTFS | CVE-2022-26933 | Windows NTFS Information Disclosure Vulnerability | Ważna |
Windows Point-to-Point Tunneling Protocol | CVE-2022-23270 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Krytyczna |
Windows Point-to-Point Tunneling Protocol | CVE-2022-21972 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Krytyczna |
Windows Print Spooler Components | CVE-2022-29104 | Windows Print Spooler Elevation of Privilege Vulnerability | Ważna |
Windows Print Spooler Components | CVE-2022-29132 | Windows Print Spooler Elevation of Privilege Vulnerability | Ważna |
Windows Print Spooler Components | CVE-2022-29140 | Windows Print Spooler Information Disclosure Vulnerability | Ważna |
Windows Print Spooler Components | CVE-2022-29114 | Windows Print Spooler Information Disclosure Vulnerability | Ważna |
Windows Push Notifications | CVE-2022-29125 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | Ważna |
Windows Remote Access Connection Manager | CVE-2022-29103 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Ważna |
Windows Remote Access Connection Manager | CVE-2022-26930 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Ważna |
Windows Remote Desktop | CVE-2022-22015 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Ważna |
Windows Remote Procedure Call Runtime | CVE-2022-22019 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Ważna |
Windows Server Service | CVE-2022-26936 | Windows Server Service Information Disclosure Vulnerability | Ważna |
Windows Storage Spaces Controller | CVE-2022-26932 | Storage Spaces Direct Elevation of Privilege Vulnerability | Ważna |
Windows Storage Spaces Controller | CVE-2022-26939 | Storage Spaces Direct Elevation of Privilege Vulnerability | Ważna |
Windows Storage Spaces Controller | CVE-2022-26938 | Storage Spaces Direct Elevation of Privilege Vulnerability | Ważna |
Windows WLAN Auto Config Service | CVE-2022-29121 | Windows WLAN AutoConfig Service Denial of Service Vulnerability | Ważna |
Windows WLAN Auto Config Service | CVE-2022-26935 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability | Ważna |
Źródło: