Critical Microsoft Windows 10, 11 and Server Alerts When Attacks Are In Progress

Update May 12: This post was originally posted on May 11th.

The importance of patching the Windows platform as quickly as possible for known vulnerabilities has once again conflicted with the risks posed by doing so. The Forbes Straight Talking Cyber ​​team always advises consumers to update as soon as possible, but advice for businesses should be more cautious and rely on specific risk profiling. This was highlighted again with reports of multiple authentication failures after installation. May 2022 Patch Tuesday Updatediscovered by beep computer, which is being investigated by Microsoft. this is Verification Failure Associated with November Patch Tuesday Update This resulted in an emergency out-of-band fix.

A specific issue after the May 2022 update appears to be authentication failures due to a credential mismatch where the server is used as a domain controller and a certificate needs to be mapped to a computer account. It is unlikely to affect consumers, but it will affect businesses using this particular setting.

A user in the Reddit Patch Tuesday support group said: KB5014001 And KB5014011 The update worked as a short-term fix. Bleeping Computer believes that an upcoming security release will address the issue, but Microsoft recommends: Manually Mapping Certificates to Active Directory System Accounts. I wouldn’t be surprised to see a quick conclusion similar to what happened in November of last year with an out-of-band emergency security release in the next week or so.

The latest ‘Patch Tuesday’ security fix for Microsoft users has just been removed and it’s a big deal. Of the 75 security issues being addressed, 8 have a severity severity and 3 zero-day vulnerabilities. Windows 10, 11 and Server users are warned that one of these is being exploited in the wild. In other words, you are already under attack.

For a complete list of 75 vulnerabilities, their severity and affected platforms, visit: Microsoft Security Update Guide. However, here’s what we already know about attacks in progress:

More from ForbesNew Google Chrome Security Alerts for Millions of Smartphone Users


CVE-2022-26925 This is a zero-day vulnerability that has already been identified as being exploited by Microsoft. Perhaps surprisingly, despite the exploitable zero-days, things get a bit complicated, and unless it’s tied to a New Technology LAN Manager (NTLM) relay attack, it only gets an important rating from Microsoft.

These known PetitPotam attacks can be used to attack Windows domain controllers and other servers. When combined, the zero-day severity rating improves to 9.8 severity. Luckily, this is certainly possible, as the ‘actively exploited’ label suggests, but it’s not just an attack. Windows users (Server, 7, 8.1, 10 and 11) should consequently apply the update as soon as possible.

Security Expert Says

Automox’s security director Chris Hass said on this patch Tuesday that the lack of numbers (more than 100 vulnerabilities disclosed in April) compensates for the severity and infrastructure issues. “The Windows LSA spoofing vulnerability, CVE-2022-26925, could allow an attacker to intercept or intercept network traffic. Considering that Microsoft has identified exploits of this CVE in the wild, system administrators should place this patch at the top of the list. It’s up there,” he says. More broadly, Hass says that Automox recommends patching all critical and exploited vulnerabilities within 72 hours.

More from ForbesGoogle Signs Apple’s Amazing 2022 Security Agreement With Microsoft

Virsec co-founder Satya Gupta said the patch Tuesday update contained “vulnerable vulnerabilities of high concern” on an individual threat basis, but remained a concern in a broader context. He said, “Consider that more than 1 in 3 vulnerabilities identified by Microsoft in April-May 2022 (1,330 or 36%) are remote code execution vulnerabilities. It represents a tremendous opportunity to be a customer.”


Leave a Comment