Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities

Windows Update

Microsoft’s Patch Tuesday updates for the month of April have
addressed a total of 128 security
vulnerabilities[1]
spanning across its software product portfolio, including Windows,
Defender, Office, Exchange Server, Visual Studio, and Print
Spooler, among others.

10 of the 128 bugs fixed are rated Critical, 115 are rated
Important, and three are rated Moderate in severity, with one of
the flaws listed as publicly known and another under active attack
at the time of the release.

The updates are in addition to 26 other flaws[2]
resolved by Microsoft in its Chromium-based Edge browser since the
start of the month.

The actively exploited flaw (CVE-2022-24521[3], CVSS score: 7.8)
relates to an elevation of privilege vulnerability in the Windows
Common Log File System (CLFS). Credited with reporting the flaw are
the U.S. National Security Agency (NSA) and CrowdStrike researchers
Adam Podlosky and Amir Bazine.

CyberSecurity

The second publicly-known zero-day flaw (CVE-2022-26904[4], CVSS score: 7.0) also
concerns a case of privilege escalation in the Windows User Profile
Service, successful exploitation of which “requires an attacker to
win a race condition.”

Other critical flaws to note include a number of remote code
execution flaws in RPC Runtime Library (CVE-2022-26809[5], CVSS score: 9.8),
Windows Network File System (CVE-2022-24491[6]
and CVE-2022-24497[7], CVSS scores: 9.8),
Windows Server Service (CVE-2022-24541[8]), Windows SMB (CVE-2022-24500[9]), and Microsoft Dynamics
365 (CVE-2022-23259[10]).

Microsoft also patched as many as 18 flaws in Windows DNS
Server, one information disclosure flaw and 17 remote code
execution flaws, all of which were reported by security researcher
Yuki Chen. Also remediated are 15 privilege escalation flaws in the
Windows Print Spooler component.

CyberSecurity

The patches arrive a week after the tech giant announced plans
to make available a feature called AutoPatch[11] in July 2022 that
allows enterprises to expedite applying security fixes in a timely
fashion while emphasizing on scalability and stability.

Software Patches from Other Vendors

In addition to Microsoft, security updates have also been
released by other vendors to rectify several vulnerabilities,
counting —

References

  1. ^
    total of
    128 security vulnerabilities
    (msrc.microsoft.com)
  2. ^
    26 other
    flaws     (docs.microsoft.com)
  3. ^
    CVE-2022-24521
    (msrc.microsoft.com)
  4. ^
    CVE-2022-26904
    (msrc.microsoft.com)
  5. ^
    CVE-2022-26809
    (msrc.microsoft.com)
  6. ^
    CVE-2022-24491
    (msrc.microsoft.com)
  7. ^
    CVE-2022-24497
    (msrc.microsoft.com)
  8. ^
    CVE-2022-24541
    (msrc.microsoft.com)
  9. ^
    CVE-2022-24500
    (msrc.microsoft.com)
  10. ^
    CVE-2022-23259
    (msrc.microsoft.com)
  11. ^
    AutoPatch
    (thehackernews.com)

Read more