Microsoft’s April 2022 Patch Tuesday security updates address no less than 128 vulnerabilities, including 10 rated as critical, 115 as important, and three flagged as moderately severe.
One of the vulnerabilities addressed by this month’s Microsoft security updates, tracked as CVE-2022-24521, is an actively exploited Windows Common Log File System Driver Elevation of Privilege bug and has a CVSS score of 7.8.NSA reported this vulnerability after presumably spotting APT groups exploiting it in various attacks.
Another issue fixed by this Patch Tuesday is a Windows User Profile Service Elevation of Privilege flaw, tracked as CVE-2022-26904, with a CVSS score of 7 and listed as publicly known. Currently, this flaw is reserved, meaning that additional details may be published later.
An RPC Runtime Library Remote Code Execution vulnerability is among the most critical flaws that this month’s security update rollout from Microsoft addresses. This high-severity flaw has a CVSS score of 9.8, is tracked as CVE-2022-26809, and could let attackers execute code with high privileges on vulnerable systems remotely.
Another two high-severity NFS vulnerabilities with 9.8 CVSS scores, tracked as CVE-2022-24491and CVE-2022-24497, could allow attackers to execute code remotely, without high privileges or user interaction, on systems where the NFS role is enabled.
The Patch Tuesday security updates for April 2022 address vulnerabilities in several products, namely:
Given the severity of these vulnerabilities, users should prioritize applying the security patches.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsNovember 14, 2024
September 06, 2024