Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities, including an actively exploited zero-day reported by NSA.
Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities in multiple products, including Microsoft Windows and Windows Components, Microsoft Defender and Defender for Endpoint, Microsoft Dynamics, Microsoft Edge (Chromium-based), Exchange Server, Office and Office Components, SharePoint Server, Windows Hyper-V, DNS Server, Skype for Business, .NET and Visual Studio, Windows App Store, and Windows Print Spooler Components.
Ten of the 128 vulnerabilities fixed by Microsoft are rated Critical, 115 are rated Important, and three are rated Moderate in severity.
One of these flaws, tracked as CVE-2022-24521 (CVSS score 7.8), is a Windows Common Log File System Driver Elevation of Privilege issue that is actively exploited. The flaw was reported by the NSA that likely observed its exploitation in attacks conducted by APT groups.
Another flaw, tracked as CVE-2022-26904 (CVSS score 7), is a Windows User Profile Service Elevation of Privilege Vulnerability listed as publicly known at the time of release.
One of the most severe issues addressed with the release of Patch Tuesday Security Updates for April 2022 is an RPC Runtime Library Remote Code Execution flaw (CVE-2022-26809 CVSS 9.8).
“The vulnerability could allow a remote attacker to executed code at high privileges on an affected system. Since no user interaction is required, these factors combine to make this wormable, at least between machine where RPC can be reached. However, the static port used here (TCP port 135) is typically blocked at the network perimeter.” reported ZDI. “Still, this bug could be used for lateral movement by an attacker. Definitely test and deploy this one quickly.”
To read the original article: