Microsoft Patch Tuesday: April 2022

Microsoft’s Patch Tuesday has much to offer this month, with a grand total of 117 new vulnerabilities being patched separated between 9 critical and 108 important. While the vulnerability total is relatively high to what we have seen in recent months only 1 vulnerability has been publicly disclosed and 1 reported to be exploited in the wild.

April’s instalment includes fixes for some key software such as:

  • Active Directory Domain Services
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Power BI
  • Skype for Business
  • Visual Studio
  • Windows App Store
  • Windows Defender
  • Windows File Explorer
  • Windows PowerShell
  • Windows RDP
  • Windows SMB
  • YARP reverse proxy

Important Notes

CVE-2022-24521: Windows Common Log File System Driver Elevation of Privilege Vulnerability

This important vulnerability with a CVSS of 7.8 has been reported by Microsoft to be seen in the wild. Windows CLFS is a general-purpose logging service that logs user and kernel mode actions. By exploiting the Windows CLFS driver hackers can elevate their privilege allowing the execution of arbitrary code in kernel mode avoiding any security restrictions in place.

CVE-2022-26904: Windows User Profile Service Elevation of Privilege Vulnerability

Windows user profile service is a shared service in SharePoint Server that allows the creation and administration of user profiles that can be accessed from multiple locations. This important vulnerability has been publicly disclosed offering a CVSS of 7.0 and would allow a hacker to execute arbitrary code at a higher privilege to get access to more resources. This attack is of a high complexity and is considered to be less likely to occur.

CVE-2022-26809: Remote Procedure Call Runtime Remote Code Execution Vulnerability

RPC allows a client to request a service from a program located on a server, Microsoft has identified and patched a Critical vulnerability with this service. Exploiting RPC would allow for a hacker to execute arbitrary code on a target allowing for the potential of data theft, implanting malware or total system takeover. This vulnerability has a CVSS of 9.8 making it an extremely dangerous vulnerability to be exploited.

A notice has been issued with this update, any systems running Windows 10 version 20H2 will reach the end of life on 10th May 2022. All users are advised to update to the latest version to avoid being at risk.

For a full list of this month’s updates please see the links below:

Patch Tuesday release notes:

Security update guide:

Ironshare – Security Simplified