Windows News and info 15th Anniversary 2009-2024

Windows 11 | Windows 10 Modifying => Patch Tuesday| Updates | Security | Privacy | Anti-virus => Topic started by: javajolt on April 13, 2022, 03:11:54 PM

Title: Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days
Post by: javajolt on April 13, 2022, 03:11:54 PM

Today is Microsoft's April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws.

Microsoft has fixed 119 vulnerabilities (not including 26 Microsoft Edge vulnerabilities) with today's update, with ten classified as Critical as they allow remote code execution.

The number of bugs in each vulnerability category is listed below:

   • 47 Elevation of Privilege Vulnerabilities

   • 0 Security Feature Bypass Vulnerabilities

   • 47 Remote Code Execution Vulnerabilities

   • 13 Information Disclosure Vulnerabilities

   • 9 Denial of Service Vulnerabilities

   • 3 Spoofing Vulnerabilities

   • 26 Edge - Chromium Vulnerabilities

Two zero-days fixed, one actively exploited

This month's Patch Tuesday includes fixes for two zero-day vulnerabilities, one publicly disclosed and the other actively exploited in attacks.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The actively exploited zero-day vulnerability fixed today is a bug that security researcher Abdelhamid Naceri discovered that Microsoft previously tried to fix twice after new patch bypasses were discovered.

CVE-2022-26904 - Windows User Profile Service Elevation of Privilege Vulnerability

The publicly exposed zero-day is a privilege elevation bug discovered by CrowdStrike and the US National Security Agency (NSA).

CVE-2022-24521 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

Now that Microsoft has issued patches for these vulnerabilities, it should be expected for threat actors to analyze the vulnerabilities to learn how to exploit them.

Therefore, it is strongly advised to install today's security updates as soon as possible.

Recent updates from other companies

Other vendors who released updates in April 2022 include:

   • Adobe released security updates for Adobe Reader, Acrobat, Photoshop, Commerce, and After Effects.

   • Google released Android's April security updates.

   • Cisco released security updates for numerous products this month.

   • VMware released security updates for multiple products.

The April 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the April 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here (http://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/April-2022.html).

(http://i.postimg.cc/NjbPyCQc/1.png)
(http://i.postimg.cc/nc21TsgK/2.png)
(http://i.postimg.cc/3RZy7Ggn/3.png)
(http://i.postimg.cc/zX4Gs7sq/4.png)
(http://i.postimg.cc/RCDStGVw/5.png)
(http://i.postimg.cc/GpXwCh4v/6.png)
(http://i.postimg.cc/K8F8cj8W/7.png)
(http://i.postimg.cc/sxwwBvRJ/8.png)
(http://i.postimg.cc/j5hh9LCr/9.png)
(http://i.postimg.cc/9fgTKKjJ/10a.png)
(http://i.postimg.cc/QMFV9MRJ/11.png)

source (http://www.bleepingcomputer.com/news/microsoft/microsoft-april-2022-patch-tuesday-fixes-119-flaws-2-zero-days/)