Six of the vulnerabilities were rated critical with 66 getting that rating of important and only one that was rated low.
The flaw that has been exploited in the wild is a spoofing vulnerability in Windows Local Security Authority. This was fixed back in August 2021, but appears to have been reintroduced in some patch between December 2021 and March this year.
To be clear CVE-2022-26925 is PetitPotam unauthenticated found by @topotam77 . MS reintroduced the vulnerability in some patch between Dec 2021 and March 2022— Raphael (@raphajohnsec) May 10, 2022
Microsoft did not provide too many details about this bug, only saying: "An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM.
Satnam Narang, staff research engineer at security outfit Tenable, said: "While the flaw is rated as important and was assigned a CVSSv3 score of 8.1, if it is chained with other NTLM Relay attacks like PetitPotam, the CVSSv3 score would increase to 9.8, elevating the severity of this flaw to critical.
"The complexity of exploiting this flaw is considered high because exploitation requires an attacker to be seated as an attacker-in-the-middle.
Patch Tuesday later pic.twitter.com/8aReJepxKv— Kevin Beaumont (@GossiTheDog) May 10, 2022
"In addition to patching this flaw, organisations should refer to KB5005413 for ways to mitigate NTLM Relay Attacks against Active Directory Certificate Services."
He said additionally, there were several Windows Print Spooler vulnerabilities patched this month.
"[These included] two information disclosure flaws (CVE-2022-29114 and CVE-2022-29140) and two elevation of privilege flaws (CVE-2022-29104 and CVE-2022-29132).
"All of the flaws are rated as important, and two of the three are considered more likely to be exploited.
"Windows Print Spooler continues to remain a valuable target for attackers since PrintNightmare was disclosed nearly a year ago.
"Elevation of Privilege flaws in particular should be carefully prioritised, as we’ve seen ransomware groups like Conti favour them as part of its playbook."