Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs

Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs

A comment from Claire Tills, senior research engineer at Tenable

“This month’s Patch Tuesday release includes fixes for 117 CVEs — nine that are rated critical and two zero days, one of which was exploited in the wild and reported to Microsoft by the National Security Agency.

“Microsoft patched CVE-2022-24521, an elevation of privilege vulnerability in the Windows Common Log File System driver that received a CVSSv3 score of 7.8 that has been exploited as a zero day. While there is no additional information available about the exploitation of CVE-2022-24521, we do know that CrowdStrike and the NSA are involved in its discovery.

“Additionally, Microsoft addressed CVE-2022-26904, an elevation of privilege vulnerability, in the user profile service. Even though exploitation of this vulnerability requires an attacker to perfectly time their attack to win a race condition, Microsoft has rated it as “Exploitation More Likely.”

“Also worth noting, versions 4.5.2, 4.6, and 4.6.1 of the .NET Framework from Microsoft and Windows 10 version 20H2 will reach end of support soon. Users are strongly urged to update their systems to ensure they continue receiving updates.”

Related articles

Spinning into Spring: A Celebration of Vinyl and Community at Record Store Day

Spinning into Spring: A Celebration of Vinyl and Community at Record Store Day

Honeywell Introduces Ai-enabled Software Solution to Improve Commercial Aerospace Operations

Cactus Life Sciences Appoints Oliver Dennis to the New Role of Chairman to Shape the Agency of the Future

Uniqus Consultech raises Dollar10 million in Series B Funding

Success of CMAI FAB Show 2024 Beckons a Bright Future for India’s Textile & Apparel Industry

Coway Awarded Its 18th Red Dot Design Award for BEREX Massage Bed

Leave a Reply

Your email address will not be published. Required fields are marked *