You are currently viewing Microsoft April’s 2022 Patch Tuesday Addresses 119 Vulnerabilities Including 2 Zero-Days

Microsoft April’s 2022 Patch Tuesday Addresses 119 Vulnerabilities Including 2 Zero-Days

Microsoft has released April’s Patch Tuesday security updates with 119 Vulnerabilities, including two zero-days and nine being rated as critical. The products covered in April’s security update include Windows User Profile Service, Windows Common Log File System Driver, .NET Framework, Active Directory Domain Services, Azure SDK, Windows Kernel, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Office Excel, Windows Installer, Windows RDP, Windows Upgrade Assistant, etc.

The vulnerability for Windows User Profile Service (CVE-2022-26904) has been publicly disclosed.


Zero-day Vulnerability Fixed

CVE-2022-26904Windows User Profile Service Elevation of Privilege Vulnerability. This flaw has been rated as important as it received the CVSSv3 score of 7.0 out of 10. This flaw was identified by CrowdStrike and the US National Security Agency (NSA). This flaw requires an attacker to win a race condition for successful exploitation so, its attack complexity is high.

CVE-2022-24521Windows Common Log File System Driver Elevation of Privilege Vulnerability. This flaw has been actively exploited as a zero-day.


Critical Vulnerabilities Fixed

CVE-2022-24491Windows Network File System Remote Code Execution Vulnerability. This flaw doesn’t require any authentication. A remote attacker can exploit this vulnerability by sending specially crafted NFS protocol network messages to a vulnerable system. The systems in which the NFS role is enabled are at risk. This flaw received the CVSSv3 score of 9.8 out of 10.

CVE-2022-26809Remote Procedure Call Runtime Remote Code Execution Vulnerability. This flaw doesn’t require any authentication. A remote attacker can exploit this vulnerability by sending a specially crafted RPC call to an RPC host. This flaw received the CVSSv3 score of 9.8 out of 10. Patches are available to address this issue, however if you are unable to patch it immediately, you can still mitigate attempts to exploit this flaw by blocking TCP port 445 on the perimeter firewall. After applying this mitigation, systems can still be vulnerable to attacks from within their enterprise perimeter.

CVE-2022-26919Windows LDAP Remote Code Execution Vulnerability. This flaw can be remotely exploitable over the network by a standard user who has been authenticated in the domain. According to Microsoft, this has “high complexity” for any attack and an attack is not possible unless the default setting for MaxReceiveBuffer has been changed.

CVE-2022-23259Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. This flaw impacts confidentiality, integrity, and availability. The exploitation of this flaw is easy and can be performed remotely. Authentication is required for successful exploitation.

CVE-2022-22008, CVE-2022-24537, CVE-2022-23257Windows Hyper-V Remote Code Execution Vulnerability. For Successful exploitation, an attacker would need to open a specially crafted file, and then the attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code.

CVE-2022-24541Windows Server Service Remote Code Execution Vulnerability. This flaw exists due to insufficient validation of user-supplied input in Windows Server Service. A remote attacker can send specially crafted SMB packets to port 445/tcp and execute arbitrary code on the system.

CVE-2022-24500Windows SMB Remote Code Execution Vulnerability. This flaw exists due to insufficient validation of user-supplied input in Windows SMB. A remote attacker can trick a victim to access a malicious server and execute arbitrary code on the target system.


Microsoft security bulletin summary for April 2022

  • .NET Framework
  • Active Directory Domain Services
  • Azure SDK
  • Azure Site Recovery
  • LDAP – Lightweight Directory Access Protocol
  • Microsoft Bluetooth Driver
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Local Security Authority Server (lsasrv)
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Windows ALPC
  • Microsoft Windows Codecs Library
  • Microsoft Windows Media Foundation
  • Power BI
  • Role: DNS Server
  • Role: Windows Hyper-V
  • Skype for Business
  • Visual Studio
  • Visual Studio Code
  • Windows Ancillary Function Driver for WinSock
  • Windows App Store
  • Windows AppX Package Manager
  • Windows Cluster Client Failover
  • Windows Cluster Shared Volume (CSV)
  • Windows Common Log File System Driver
  • Windows Defender
  • Windows DWM Core Library
  • Windows Endpoint Configuration Manager
  • Windows Fax Compose Form
  • Windows Feedback Hub
  • Windows File Explorer
  • Windows File Server
  • Windows Installer
  • Windows iSCSI Target Service
  • Windows Kerberos
  • Windows Kernel
  • Windows Local Security Authority Subsystem Service
  • Windows Media

Product: Microsoft Windows

CVEs/Advisory: CVE-2022-21983, CVE-2022-22008, CVE-2022-22009, CVE-2022-23257, CVE-2022-23268, CVE-2022-24474, CVE-2022-24479, CVE-2022-24481, CVE-2022-24482, CVE-2022-24483, CVE-2022-24484, CVE-2022-24485, CVE-2022-24486, CVE-2022-24487, CVE-2022-24488, CVE-2022-24489, CVE-2022-24490, CVE-2022-24491, CVE-2022-24492, CVE-2022-24493, CVE-2022-24494, CVE-2022-24495, CVE-2022-24496, CVE-2022-24497, CVE-2022-24498, CVE-2022-24499, CVE-2022-24500, CVE-2022-24521, CVE-2022-24527, CVE-2022-24528, CVE-2022-24530, CVE-2022-24532, CVE-2022-24533, CVE-2022-24534, CVE-2022-24536, CVE-2022-24537, CVE-2022-24538, CVE-2022-24539, CVE-2022-24540, CVE-2022-24541, CVE-2022-24542, CVE-2022-24543, CVE-2022-24544, CVE-2022-24545, CVE-2022-24546, CVE-2022-24547, CVE-2022-24549, CVE-2022-24550, CVE-2022-26783, CVE-2022-26784, CVE-2022-26785, CVE-2022-26786, CVE-2022-26787, CVE-2022-26788, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803, CVE-2022-26807, CVE-2022-26808, CVE-2022-26809, CVE-2022-26810, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26816, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26827, CVE-2022-26828, CVE-2022-26829, CVE-2022-26830, CVE-2022-26831, CVE-2022-26903, CVE-2022-26904, CVE-2022-26914, CVE-2022-26915, CVE-2022-26916, CVE-2022-26917, CVE-2022-26918, CVE-2022-26919, CVE-2022-26920

Impact: Denial of Service, Elevation of Privilege, Impact, Information Disclosure, Remote Code Execution

KBs: 5012591, 5012592, 5012596, 5012599, 5012604, 5012639, 5012647, 5012650, 5012653, 5012666, 5012670


Product: Microsoft Dynamics

CVEs/Advisory: CVE-2022-23259

Impact: Remote Code Execution

KBs: 5012731, 5012732


Product: Microsoft Office Excel

CVEs/Advisory: CVE-2022-26901, CVE-2022-26903

Impact: Remote Code Execution

KBs: 5002175, 5002177


Product: Microsoft Edge (Chromium-based)

CVEs/Advisory: CVE-2022-1125, CVE-2022-1127, CVE-2022-1128, CVE-2022-1129, CVE-2022-1130, CVE-2022-1131, CVE-2022-1133, CVE-2022-1134, CVE-2022-1135, CVE-2022-1136, CVE-2022-1137, CVE-2022-1138, CVE-2022-1139, CVE-2022-1143, CVE-2022-1145, CVE-2022-1146, CVE-2022-1232, CVE-2022-24475, CVE-2022-24523, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912

Impact: Elevation of Privilege, Spoofing


SanerNow VM and SanerNow PM detect these vulnerabilities and automatically fix them by applying security updates. Use SanerNow and keep your systems updated and secure.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments