Microsoft has released security updates to address several vulnerabilities in the following products:

• .NET and Visual Studio
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Local Security Authority Server (lsasrv)
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Windows ALPC
• Remote Desktop Client
• Role: Windows Fax Service
• Role: Windows Hyper-V
• Self-hosted Integration Runtime
• Tablet Windows User Interface
• Visual Studio
• Visual Studio Code
• Windows Active Directory
• Windows Address Book
• Windows Authentication Methods
• Windows BitLocker
• Windows Cluster Shared Volume (CSV)
• Windows Failover Cluster Automation Server
• Windows Kerberos
• Windows Kernel
• Windows LDAP - Lightweight Directory Access Protocol
• Windows Media
• Windows Network File System
• Windows NTFS
• Windows Point-to-Point Tunneling Protocol
• Windows Print Spooler Components
• Windows Push Notifications
• Windows Remote Access Connection Manager
• Windows Remote Desktop
• Windows Remote Procedure Call Runtime
• Windows Server Service
• Windows Storage Spaces Controller
• Windows WLAN Auto Config Service

An attacker could exploit these vulnerabilities by doing the following:

• Denial of service attack (DoS)
• Disclosure of information
• Privilege escalation
• Remote code execution

The CERT team encourages users to review Microsoft security advisory and apply the necessary updates:

• https://msrc.microsoft.com/update-guide/releaseNote/2022-May

Update instructions:

• support.microsoft.com/ar-sa/help/323166/how-to-download-updates-that-include-drivers-and-hotfixes-from-the-win