Microsoft has released April’s 2022 Patch Tuesday security updates for 119 detected vulnerabilities, including two zero-days and nine being rated as critical. Moreover, the products covered in April’s 2022 patch Tuesday security update include Windows User Profile Service, Windows Common Log File System Driver, .NET Framework, Active Directory Domain Services, Azure SDK, Windows Kernel, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Office Excel, Windows Installer, Windows RDP, Windows Upgrade Assistant, etc. However, the detected vulnerabilities can be mitigated using a patch management tool.
However, the vulnerability for Windows User Profile Service (CVE-2022-26904) has been publicly disclosed.
Zero-day Vulnerability Fixed in Microsoft April’s 2022 Patch Tuesday
CVE-2022-26904 – Windows User Profile Service Elevation of Privilege Vulnerability. However, This flaw has been rated as important as it received the CVSSv3 score of 7.0 out of 10. Furthermore, This was identified by CrowdStrike and the US National Security Agency (NSA). This requires an attacker to win a race condition for successful exploitation so, its attack complexity is high.
CVE-2022-24521 – Windows Common Log File System Driver Elevation of Privilege Vulnerability. This flaw has been actively exploited as a zero-day.
Critical Vulnerabilities Fixed by Microsoft April’s 2022 Patch Tuesday
Highly critical
1.CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability. This flaw doesn’t require any authentication. Whereas, a remote attacker can exploit this vulnerability by sending specially crafted NFS protocol network messages to a vulnerable system. The systems in which the NFS role is enabled are at risk. In fact, this flaw received the CVSSv3 score of 9.8 out of 10 in Microsoft April’s 2022 Patch Tuesday.
2. CVE-2022-26809 – Remote Procedure Call Runtime Remote Code Execution Vulnerability. However, this flaw doesn’t require any authentication. A remote attacker can exploit this vulnerability by sending a specially crafted RPC call to an RPC host. In fact, this flaw received the CVSSv3 score of 9.8 out of 10. Patches are available to address this issue, however, if you are unable to patch it immediately, you can still mitigate attempts to exploit this flaw by blocking TCP port 445 on the perimeter firewall. After applying this mitigation, systems can still be vulnerable to attacks from within their enterprise perimeter. To prevent these attacks, a continuous and automated patch management software will be of great help.
Less critical
1.CVE-2022-26919 – Windows LDAP Remote Code Execution Vulnerability. This flaw can be remotely exploitable over the network by a standard user who has been authenticated in the domain. According to Microsoft, this has “high complexity” for any attack and an attack is not possible unless the default setting for MaxReceiveBuffer has been changed.
2. CVE-2022-23259 – Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. This flaw impacts confidentiality, integrity, and availability. Hence, The exploitation of this flaw is easy and can be performed remotely, and then Authentication is required for successful exploitation.
3. CVE-2022-22008, CVE-2022-24537, CVE-2022-23257 – Windows Hyper-V Remote Code Execution Vulnerability. For Successful exploitation, an attacker would need to open a specially crafted file. Then the attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code.
4. CVE-2022-24541 – Windows Server Service Remote Code Execution Vulnerability. This flaw exists due to insufficient validation of user-supplied input in Windows Server Service. Whereas, a remote attacker can send specially crafted SMB packets to port 445/TCP and execute arbitrary code on the system.
5. CVE-2022-24500 – Windows SMB Remote Code Execution Vulnerability. This flaw exists due to insufficient validation of user-supplied input in Windows SMB. Whereas, a remote attacker can trick a victim to access a malicious server and execute arbitrary code on the target system.
Microsoft 2022 patch Tuesday is responsible for finding these vulnerabilities.
Microsoft 2022 patch Tuesday security bulletin summary
- .NET Framework
- Active Directory Domain Services
- Azure SDK
- Azure Site Recovery
- LDAP – Lightweight Directory Access Protocol
- Microsoft Bluetooth Driver
- Microsoft Dynamics
- Microsoft Edge (Chromium-based)
- Microsoft Graphics Component
- Microsoft Local Security Authority Server (lsasrv)
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Windows ALPC
- Microsoft Windows Codecs Library
- Microsoft Windows Media Foundation
- Power BI
- Role: DNS Server
- Role: Windows Hyper-V
- Skype for Business
- Visual Studio
- Visual Studio Code
- Windows Ancillary Function Driver for WinSock
- Windows App Store
- Windows AppX Package Manager
- Windows Cluster Client Failover
- Windows Cluster Shared Volume (CSV)
- Windows Common Log File System Driver
- Windows Defender
- Windows DWM Core Library
- Windows Endpoint Configuration Manager
- Windows Fax Compose Form
- Windows Feedback Hub
- Windows File Explorer
- Windows File Server
- Windows Installer
- Windows iSCSI Target Service
- Windows Kerberos
- Windows Kernel
- Windows Local Security Authority Subsystem Service
- Windows Media
Affected Products fixed by Microsoft April’s 2022 Patch Tuesday
1. Product: Microsoft Windows
CVEs/Advisory: CVE-2022-21983, CVE-2022-22008, CVE-2022-22009, CVE-2022-23257, CVE-2022-23268, CVE-2022-24474, CVE-2022-24479, CVE-2022-24481, CVE-2022-24482, CVE-2022-24483, CVE-2022-24484, CVE-2022-24485, CVE-2022-24486, CVE-2022-24487, CVE-2022-24488, CVE-2022-24489, CVE-2022-24490, CVE-2022-24491, CVE-2022-24492, CVE-2022-24493, CVE-2022-24494, CVE-2022-24495, CVE-2022-24496, CVE-2022-24497, CVE-2022-24498, CVE-2022-24499, CVE-2022-24500, CVE-2022-24521, CVE-2022-24527, CVE-2022-24528, CVE-2022-24530, CVE-2022-24532, CVE-2022-24533, CVE-2022-24534, CVE-2022-24536, CVE-2022-24537, CVE-2022-24538, CVE-2022-24539, CVE-2022-24540, CVE-2022-24541, CVE-2022-24542, CVE-2022-24543, CVE-2022-24544, CVE-2022-24545, CVE-2022-24546, CVE-2022-24547, CVE-2022-24549, CVE-2022-24550, CVE-2022-26783, CVE-2022-26784, CVE-2022-26785, CVE-2022-26786, CVE-2022-26787, CVE-2022-26788, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803, CVE-2022-26807, CVE-2022-26808, CVE-2022-26809, CVE-2022-26810, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26816, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26827, CVE-2022-26828, CVE-2022-26829, CVE-2022-26830, CVE-2022-26831, CVE-2022-26903, CVE-2022-26904, CVE-2022-26914, CVE-2022-26915, CVE-2022-26916, CVE-2022-26917, CVE-2022-26918, CVE-2022-26919, CVE-2022-26920
Impact: Denial of Service, Elevation of Privilege, Impact, Information Disclosure, Remote Code Execution
KBs: 5012591, 5012592, 5012596, 5012599, 5012604, 5012639, 5012647, 5012650, 5012653, 5012666, 5012670
2. Product: Microsoft Dynamics
CVEs/Advisory: CVE-2022-23259
Impact: Remote Code Execution
3. Product: Microsoft Office Excel
CVEs/Advisory: CVE-2022-26901, CVE-2022-26903
Impact: Remote Code Execution
4. Product: Microsoft Edge (Chromium-based)
CVEs/Advisory: CVE-2022-1125, CVE-2022-1127, CVE-2022-1128, CVE-2022-1129, CVE-2022-1130, CVE-2022-1131, CVE-2022-1133, CVE-2022-1134, CVE-2022-1135, CVE-2022-1136, CVE-2022-1137, CVE-2022-1138, CVE-2022-1139, CVE-2022-1143, CVE-2022-1145, CVE-2022-1146, CVE-2022-1232, CVE-2022-24475, CVE-2022-24523, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912
Impact: Elevation of Privilege, Spoofing
Finally, these were the highlights of Microsoft April’s 2022 Patch Tuesday.
On the whole, SanerNow VM and SanerNow PM can detect these vulnerabilities and automatically fix them by applying security updates. Therefore, use SanerNow and keep your systems updated and secure.