2022 May Patch Tuesday

Patch Tuesday Webinar
Wednesday, May 11, 2022
Hosted by Chris Goettl and Todd Schell

Agenda
May 2022 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A

Copyright © 2022 Ivanti. All rights reserved.
May Patch Tuesday 2022
May Patch Tuesday is upon us and there is a lot more than the monthly updates to be aware of. Windows 10 and Server
editions have three end-of-life events this month, Internet Explorer 11 desktop application is only a month away from its
end-of-life, Exchange Server 2019 shifts to 2 cumulative updates per year instead of quarterly, and the CVE count in the
CISA Known Exploited Vulnerabilities Catalog has increased to 659 known exploited CVEs that agencies should be looking
to plug in their environments. So, while this month’s Patch Tuesday update lineup is pretty standard fare with only one
known exploited and a couple publicly disclosed vulnerabilities, the additional activities may keep you busy.

In the News
 Exchange Server Servicing Model Changes
 https://techcommunity.microsoft.com/t5/exchange-team-blog/released-
2022-h1-cumulative-updates-for-exchange-server/ba-p/3285026
 Exchange Server 2013 and 2016 in extended support
 Exchange Server 2019 going to 2 CUs per year
 H1 in March
 H2 in September
 Next update in September
 Hotfixes still an option

In the News
 Internet 11 EOL
 https://techcommunity.microsoft.com/t5/windows-it-pro-blog/internet-
explorer-11-desktop-app-retirement-faq/ba-p/2366549
 The following will continue to get security updates until their EOL:
 Windows 8.1
 Windows 7 Extended Security Updates (ESU)
 Windows Server SAC (all versions)
 Windows 10 IoT Long-Term Servicing Channel (LTSC) (all versions)
 Windows Server LTSC (all versions)
 Windows 10 client LTSC (all versions)
 When in doubt:
 IE Mode in Microsoft Edge
 Supported until 2029

In the News
 CISA Known Exploited Vulnerabilities Catalog Continues to Grow
 Catalog is now tracking 659 known exploited vulnerabilities
 Shift to risk-based vulnerability management to get real world risk visibility
to improve prioritization
 https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Known Exploited and Publicly Disclosed Vulnerability
 CVE-2022-26925 Windows LSA Spoofing Vulnerability
 CVSS 3.1 Scores: 8.1 / 7.1
 Severity: Important
 Impacts all Windows workstation and server operating systems.
 Through vulnerability chaining CVE-2022-26925 and NTLM Relay Attacks on Active
Directory Certificate Services (AD CS) combined CVSS score becomes 9.8
 Microsoft is urging DCs to be patched sooner because of this risk
 https://msrc.microsoft.com/update-guide/vulnerability/ADV210003

Publicly Disclosed Vulnerability
 CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability
 CVSS 3.1 Scores: 5.6 / 5.1
 Severity: Important
 Impacts Windows 10 20H2, 21H1 and 21H2.

Microsoft Patch Tuesday Updates of Interest
 Advisory 990001 Latest Servicing Stack Updates (SSU)
 https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
 Updated SSUs this month
 Windows Server 2012
 Windows 8.1/Server 2012 R2
 Windows 10 (as shown)
 Windows 10 1607/Server 2016
 Development Tool and Other Updates
 .NET Core 3.1
 .NET 5.0 and 6.0
 Visual Studio 2017 - 2022 (multiple)
 Visual Studio Code
Source: Microsoft

Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
21H2 11/16/2021 6/11/2024
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/9/2023
1909 11/12/2019 5/10/2022
Windows 10 Home and Pro
21H2 11/16/2021 6/13/2023
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/10/2022
Windows Datacenter and Standard Server
2022 8/18/2021 10/13/2026
20H2 10/20/2020 5/10/2022
Windows 11 Home and Pro
21H2 10/4/2021 10/10/2023
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/faq/windows

Server 2012/2012 R2 EOL is Coming
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2

Patch Content Announcements
 Announcements Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

MS22-05-W11: Windows 11 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 11 Version 21H2 and Edge Chromium
 Description: This bulletin references KB 5013943.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, Elevation of Privilege and Information Disclosure
 Fixes 44 Vulnerabilities: CVE-2022-26925 is known exploited and publicly
disclosed. See the Security Update Guide for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slide

May Known Issues for Windows 11
 KB 5013943 – Windows 11
 [Recovery Fail] After installing the Windows updates released January 11, 2022 or
later Windows versions on an affected version of Windows, recovery discs (CD or
DVD) created by using the Backup and Restore (Windows 7) app in Control Panel
might be unable to start. Workaround: None. Microsoft is working on a resolution.
Note: No third-party backup or recovery apps are currently known to be affected by
this issue.

MS22-05-W10: Windows 10 Update
 Affected Products: Microsoft Windows 10 Versions 1607, 1809, 1909, 2004, 20H2,
21H1, 21H2, Server 2016, Server 2019, Server 2022, Server version 1909, Server
version 2004, Server version 20H2, Server 21H1, IE 11, and Edge Chromium
 Description: This bulletin references 6 KB articles. See KBs for the list of changes.
disclosed. CVE-2022-22713 is publicly disclosed. See the Security Update Guide for
the complete list of CVEs.
 Known Issues: See next slides

 KB 5013952 – Windows 10, version 1607, Windows Server 2016
 [AD Forest Trust] After installing updates released January 11, 2022 or later, apps
that use the Microsoft .NET Framework to acquire or set Active Directory Forest
Trust Information might have issues. The apps might fail or close or you might
receive an error from the app or Windows. You might also receive an access
violation (0xc0000005) error. Workaround: To resolve this issue manually, apply
the out-of-band updates for the version of the .NET Framework used by the app.
Note: These out-of-band updates are not available from Windows Update and will
not install automatically. See KB for a list of .NET links.

May Known Issues for Windows 10 (cont)
 KB 5013941 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019
 [Asian Packs] After installing KB 4493509, devices with some Asian language
packs installed may receive the error, "0x800f0982 -
PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall
and reinstall any recently added language packs or select Check for Updates and
install the April 2019 Cumulative Update. See KB for more recovery details.
Microsoft is working on a resolution.
 [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.

 KB 5013941 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019 (cont)
 [Recovery Fail] After installing the Windows updates released January 11, 2022 or
later Windows versions on an affected version of Windows, recovery discs (CD or
DVD) created by using the Backup and Restore (Windows 7) app in Control Panel
might be unable to start. Workaround: None. Microsoft is working on a resolution.
Note: No third-party backup or recovery apps are currently known to be affected by
this issue.
 [GPO Error] Windows server computers might log Event ID 40 in the System event
log each time a Group Policy is updated or refreshed on a server or client. The
error is found with the Description, ”The event logging service encountered an
error when attempting to apply one or more policy settings.” This issue occurs after
installing Windows updates released on or after January 11, 2022. Workaround:
None. Microsoft is working on a resolution.
 [AD Forest Trust]

 KB 5013942 –Windows 10 version 20H2, Windows Server version
20H2, Windows 10 version 21H1
 [Scavaged] After installing the June 21, 2021 (KB5003690) update, some devices
cannot install new updates, such as the July 6, 2021 (KB5004945) or later
updates. You will receive the error message,
"PSFX_E_MATCHING_BINARY_MISSING". Workaround: In place upgrade. For
more information and a workaround, see KB5005322.
 [Edge Removed] Devices with Windows installations created from custom offline
media or custom ISO image might have Microsoft Edge Legacy removed by this
update, but not automatically replaced by the new Microsoft Edge. Devices that
connect directly to Windows Update to receive updates are not affected.
Workaround: Slipstream the SSU released March 29, 2021 or later into the
custom offline media or ISO image before slipstreaming the LCU. See KB for
details.
 [Recovery Fail]

 KB 5013944 – Server 2022
 [AD Forest Trust]

MS22-05-MR2K8-ESU: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: This cumulative security update contains improvements that are part of
update KB 5012658 (released April 12, 2022). Addresses a Key Distribution Center
(KDC) code error and incorrect log warning and error events related to domain trust.
Bulletin is based on KB 5014010.
 Known Issues: See next slide.

May Known Issues for Server 2008
 KB 5014010 – Windows Server 2008 (Monthly Rollup)
 [File Rename] Certain operations, such as rename, that you perform on files or
folders that are on a Cluster Shared Volume (CSV) may fail with the error,
“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you
perform the operation on a CSV owner node from a process that doesn’t have
administrator privilege. Workaround: Perform the operation from a process that
has administrator privilege or perform the operation from a node that doesn’t have
CSV ownership. Microsoft is working on a resolution.
 KB 5014006 – Windows Server 2008 (Security-only Update)
 [File Rename]

MS22-05-SO2K8-ESU: Security-only Update for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Addresses a Key Distribution Center (KDC) code error and incorrect log
warning and error events related to domain trust. Bulletin is based on KB 5014006.
 Known Issues: See previous slide.

MS22-05-MR7-ESU: Monthly Rollup for Win 7
MS22-05-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11
 Description: This cumulative security update contains improvements that are part of update
KB 5012626 (released April 12, 2022). Addresses a Key Distribution Center (KDC) code error
and incorrect log warning and error events related to domain trust. Bulletin is based on KB
5014012.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege and Information Disclosure
 Fixes 28 Vulnerabilities: CVE-2022-26925 is known exploited and publicly disclosed. See
the Security Update Guide for the complete list of CVEs.
 Known Issues: [File Rename]

MS22-05-SO7-ESU: Security-only Update for Win 7
MS22-05-SO2K8R2-ESU: Security-only Update for Server 2008 R2
 Affected Products: Microsoft Windows 7 and Server 2008 R2
 Fixes 28 Vulnerabilities: CVE-2022-26925 is known exploited and publicly disclosed.
See the Security Update Guide for the complete list of CVEs.
 Known Issues: [File Rename]

MS22-05-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Windows Server 2012 and IE
5014017.
 Known Issues: [File Rename] and [AD Forest Trust]

MS22-05-SO8: Security-only Update for Windows Server 2012
 Affected Products: Microsoft Windows Server 2012

MS22-05-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
5014011.

MS22-05-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Fixes 44 Vulnerabilities: CVE-2022-26925 is known exploited and publicly disclosed.
See the Security Update Guide for the complete list of CVEs.

MS22-05-OFF: Security Updates for Microsoft Office
 Maximum Severity: Important
 Affected Products: Excel 2013 and 2016, Office Online Server, Web Access
Server, Publisher 2013 & 2016 and Word 2013 & 2016
 Description: This security update resolves multiple vulnerabilities in Microsoft Office
applications. Consult the Security Update Guide for specific details on each. This
bulletin references 8 KB articles.
 Impact: Remote Code Execution and Security Feature Bypass
 Fixes 3 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. CVE-2022-29107, CVE-2022-29109, and CVE-2022-29110 are fixed in this
release.
 Restart Required: Requires application restart
 Known Issues: None reported

MS22-05-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
 Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021
 Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
 Impact: Remote Code Execution and Security Feature Bypass
 Fixes 2 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. CVE-2022-29107 and CVE-2022-29109 are fixed in this release.
 Restart Required: Requires application restart

MS22-05-EXCH: Security Updates for Exchange Server
 Affected Products: Microsoft Exchange Server 2013 CU23, Exchange
Server 2016 CU22 & CU23, and Exchange Server 2019 CU11 & CU12.
 Description: This security update fixes vulnerabilities in Microsoft Exchange.
This bulletin is based on KB 5014261 and KB 5014260.
 Impact: Elevation of Privilege
 Fixes 1 Vulnerability: No vulnerabilities are publicly disclosed or known
exploited. CVE-2022-21978 is fixed in this release.
NOTE: Additional action for /PrepareAllDomains is required. See KBs for details.
See also New Exchange Server Security Update and Hotfix Packaging (KB
5011363).

MS22-05-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft
SharePoint Foundation Server 2013, SharePoint Enterprise Server 2016, and
SharePoint Server 2019
 Description: This update contains an extensive list of security, performance, and bug
fixes. Review the KB articles for details. This bulletin is based on 4 KB articles.
 Impact: Remote Code Execution
 Fixes 1 Vulnerability: No vulnerabilities are publicly disclosed or known exploited.
CVE-2022-29108 is fixed in this release.

MS22-05-MRNET: Monthly Rollup for Microsoft .NET
 Maximum Severity: Low
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8
 Description: This update addresses an issue where an unauthenticated attacker
could cause a denial of service on an affected system. Additional quality and reliability
updates are included as well. This bulletin references 14 KB articles.
 Impact: Denial of Service
 Fixes 1 Vulnerability: CVE-2022-30130 is not publicly disclosed or known
exploited.
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

MS22-05-SONET: Security-only Update for Microsoft .NET
 Maximum Severity: Low
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8
 Description: This update addresses an issue where an unauthenticated attacker
could cause a denial of service on an affected system. Additional quality and reliability
updates are included as well. This bulletin references 14 KB articles.
 Impact: Denial of Service
 Fixes 1 Vulnerability: CVE-2022-30130 is not publicly disclosed or known
exploited.
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

Release Summary
 Security Updates (with CVEs): Google Chrome (2), Corretto (3), Firefox (1), Firefox ESR (1), Foxit
PDF Editor (1), Foxit PDF Reader Consumer (1), Foxit PDF Reader Enterprise (1), GIT for windows (1), Java
8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), VirtualBox (1), Pulse Secure VPN Desktop
Client (1)
 Security (w/o CVEs): Box Edit (1), Camtasia (2), Google Chrome (1), Docker for Windows Stable (3),
Dropbox (1), Eclipse Adoptium (4), Evernote (1), GoodSync (2), GIT for windows (3), GoToMeeting (1), Cisco
Jabber (2), Jabra Direct (1), Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1),
LibreOffice (1), Malwarebytes (1), Node.JS (Current) (2), Node.JS (LTS Lower) (1), Node.JS (LTS Upper) (1),
Notepad++ (1), Opera (3), Apache OpenOffice (1), Pidgin (1), Plex Media Server (1), Royal TS (3), Skype (1),
SeaMonkey (1), Slack Machine-Wide Installer (2), Tableau Desktop (5), Tableau Reader (1), Thunderbird (2),
TeamViewer (1), VLC Media Player (1), Wireshark (2), Zoom Client (3), Zoom Outlook Plugin (1), Zoom VDI
(2), Azul Zulu (3)
 Non-Security Updates: Bandicut (1), Box Drive (1), Google Drive File Stream (1), GeoGebra Classic
(2), BlueJeans (1), KeePass Pro (2), KeePass Classic (1), KeePassXC (1), NextCloud Desktop Client (1),
PDF-Xchange PRO (1), R for Windows (1), Rocket.Chat Desktop Client (3), TortoiseHG (2), Cisco WebEx
(3), WinMerge (1)

Third Party CVE Information
 Corretto 8.332.08.1
 CRTO8-220419, QCRTOJDK8332
 Fixes 10 Vulnerabilities: CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-
21476, CVE-2022-21496, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-
2022-21476, CVE-2022-21496
 Corretto 11.0.15.9.1
21476, CVE-2022-21496
 Corretto 17.0.3.6.1
21496

Third Party CVE Information
 Java 8 Update 331
 JAVA8-220419, QJDK8U331
2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496
 Java Development Kit 11 Update 11.0.15
 JDK11-220419, QJDK11015
21449, CVE-2022-21476, CVE-2022-21496
 Java Development Kit 17 Update 17.0.3.0
 JDK17-220419, QJDK1703
21449, CVE-2022-21476, CVE-2022-21496

Third Party CVE Information (cont)
 Google Chrome 100.0.4896.127
 CHROME-220414, QGC10004896127
 Fixes 1 Vulnerability: CVE-2022-1364
 Google Chrome 101.0.4951.41
 CHROME-220426, QGC1010495141
 Fixes 25 Vulnerabilities: CVE-2022-1477, CVE-2022-1478, CVE-2022-1479, CVE-
2022-1480, CVE-2022-1481, CVE-2022-1482, CVE-2022-1483, CVE-2022-1484,
CVE-2022-1485, CVE-2022-1486, CVE-2022-1487, CVE-2022-1488, CVE-2022-
2022-1494, CVE-2022-1495, CVE-2022-1496, CVE-2022-1497, CVE-2022-1498,
CVE-2022-1499, CVE-2022-1500, CVE-2022-1501

 Firefox 100.0
 FF-220503, QFF100
2022-29918
 Firefox ESR 91.9.0
 FFE-220503, QFFE9190
29914, CVE-2022-29916, CVE-2022-29917
 Foxit PDF Editor 11.2.2.53575
 FPDFE-220509, QFPDFE112253575
 Also fixed in Foxit PDF Reader (Consumer and Enterprise)

 GIT for Windows 2.35.2.1
 GIT-220413, QGIT23521
 Fixes 2 Vulnerabilities: CVE-2022-24765, CVE-2022-24767
 VirtualBox 6.1.34
 OVB61-220420, QOVB6134
 Fixes 6 Vulnerabilities: CVE-2021-40438, CVE-2022-21465, CVE-2022-21471,
CVE-2022-21487, CVE-2022-21488, CVE-2022-21491
 Pulse Secure VPN Desktop Client 9.1.15.15819
 PSVPN-220422, QPSFVPN9115

Thank You!

2022 May Patch Tuesday

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie 2022 May Patch Tuesday

Ähnlich wie 2022 May Patch Tuesday (20)

Mehr von Ivanti

Mehr von Ivanti (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

2022 May Patch Tuesday