New critical security alert for Microsoft Windows 10, 11 and Server users

May 12 Update: This post was originally published on May 11

The importance of patching your Windows platforms against known vulnerabilities as soon as possible has once again collided with the risk it can present. While the Forbes Straight Talking Cyber ​​team always advises consumers to update as soon as possible, the advice for businesses should be more cautious and dependent on their specific risk profile. This has been highlighted again as reports of multiple authentication failures after installation the May 2022 Patch Tuesday updateas seen by computer beep, are being investigated by Microsoft. This follows Authentication flaws tied to the November Patch Tuesday update resulting in an emergency out-of-band fix.

The particular issue following the May 2022 update appears to be an authentication failure due to a credential mismatch where the servers are used as domain controllers and involve mapping certificates to machine accounts. Something that is very unlikely to affect consumers, but will affect businesses using this specific setting.

A user in a Reddit Patch Tuesday support group discovered that uninstalling the KB5014001 Y KB5014011 the updates worked as a short-term fix. Bleeping Computer advises that while an upcoming security release will fix the problem, Microsoft recommends manual assignment of certificates to Active Directory machine accounts. I wouldn’t be surprised if we see a similar and equally swift conclusion as was the case in November of last year with an emergency out-of-band security release within the next week or so.

The latest batch of “Patch Tuesday” security fixes for Microsoft users just came out, and it’s a big one. Among the 75 security issues addressed, there are eight that earn a critical severity rating and three zero-day vulnerabilities. Windows 10, 11 and Server users are warned that one of these is being exploited in the wild, in other words already under attack.

For a complete list of all 75 vulnerabilities, along with their respective severity ratings and affected platforms, visit the Microsoft Security Update Guide. However, this is what we know about the one that is already underway.

MORE FROM FORBESNew Google Chrome security warning for millions of smartphone users

CVE-2022-26925

CVE-2022-26925 is the zero-day vulnerability that Microsoft confirms is already being exploited. Perhaps surprisingly, despite being a zero-day exploit, it only gets a major rating from Microsoft unless, and this is where things get a bit tricky, it’s chained with New Technology LAN Manager (NTLM) relay attacks.

These PetitPotam attacks, as they are known, can be used to attack Windows domain controllers and other servers. If combined, the zero-day severity rating increases to a criticality of 9.8. Fortunately, this is far from a simple attack to pull off, although it is obviously possible as the ‘actively exploited’ label demonstrates. As a result, Windows (Server, 7, 8.1, 10, and 11) users should make sure the update is applied as soon as possible.

What security experts say

Chris Hass, director of security at Automox, says what this Patch Tuesday lacks in numbers (more than 100 vulnerabilities were disclosed in April) it makes up for in severity and infrastructure headaches. “CVE-2022-26925, a Windows LSA spoofing vulnerability, could allow an attacker to intercept or man-in-the-middle network traffic. Noting that Microsoft has confirmed the exploitation of this CVE in the wild, system administrators should put this patch near the top of their list,” he says. More generally, Hass says that Automox recommends that all critical and exploited vulnerabilities be patched within a 72-hour period.

MORE FROM FORBESApple’s impressive 2022 security pact with Google, Microsoft revealed

Satya Gupta, co-founder of Virsec, says that while this Patch Tuesday update includes “very concerning vulnerabilities” on an individual threat basis, when viewed in a broader context, that concern remains. “Consider that in April-May 2022, more than one in three vulnerabilities identified by Microsoft (1,330 or 36%) are remote code execution vulnerabilities,” he says, “this of course represents a huge opportunity for malicious actors compromise almost any customer.”

Leave a Reply

Your email address will not be published.