1 min read

Microsoft Patch Tuesday Fixes 128 Vulnerabilities, including NSA-Reported High-Severity Zero-Day

Vlad CONSTANTINESCU

April 13, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Microsoft Patch Tuesday Fixes 128 Vulnerabilities, including NSA-Reported High-Severity Zero-Day

Microsoft’s April 2022 Patch Tuesday security updates address no less than 128 vulnerabilities, including 10 rated as critical, 115 as important, and three flagged as moderately severe.

One of the vulnerabilities addressed by this month’s Microsoft security updates, tracked as CVE-2022-24521, is an actively exploited Windows Common Log File System Driver Elevation of Privilege bug and has a CVSS score of 7.8.NSA reported this vulnerability after presumably spotting APT groups exploiting it in various attacks.

Another issue fixed by this Patch Tuesday is a Windows User Profile Service Elevation of Privilege flaw, tracked as CVE-2022-26904, with a CVSS score of 7 and listed as publicly known. Currently, this flaw is reserved, meaning that additional details may be published later.

An RPC Runtime Library Remote Code Execution vulnerability is among the most critical flaws that this month’s security update rollout from Microsoft addresses. This high-severity flaw has a CVSS score of 9.8, is tracked as CVE-2022-26809, and could let attackers execute code with high privileges on vulnerable systems remotely.

Another two high-severity NFS vulnerabilities with 9.8 CVSS scores, tracked as CVE-2022-24491and CVE-2022-24497, could allow attackers to execute code remotely, without high privileges or user interaction, on systems where the NFS role is enabled.

The Patch Tuesday security updates for April 2022 address vulnerabilities in several products, namely:

  • Microsoft Windows
  • Windows Components
  • Microsoft Defender
  • Defender for Endpoint
  • Exchange Server
  • SharePoint Server
  • DNS Server
  • Windows Hyper-V
  • Microsoft Edge
  • Microsoft Dynamics
  • Skype for Business
  • Microsoft Office
  • Windows App Store
  • Office Components
  • .NET and Visual Studio
  • Windows Print Spooler Components

Given the severity of these vulnerabilities, users should prioritize applying the security patches.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

EU Privacy Watchdog Set to Prohibit Meta From Running Ads Based on Personal Data EU Privacy Watchdog Set to Prohibit Meta From Running Ads Based on Personal Data
Vlad CONSTANTINESCU

December 07, 2022

1 min read
Versailles hospital cancels operations after ransomware attack compromises computer systems Versailles hospital cancels operations after ransomware attack compromises computer systems
Alina BÎZGĂ

December 06, 2022

1 min read
Design Flaw Accidentally Turns Open-Source Ransomware Toolkit into Wiper Malware Design Flaw Accidentally Turns Open-Source Ransomware Toolkit into Wiper Malware
Vlad CONSTANTINESCU

December 06, 2022

2 min read