Microsoft April 2022 Patch Tuesday Fixes 2 Zero-Days and 10 RCE Vulnerabilities

Microsoft released 119 patches on April 2022 Patch Tuesday that fixed two zero-days and 10 critical RCE vulnerabilities. The security advisory stated that one of the two zero-days is being actively exploited.

Zero-day exploited in the attacks, Windows User Profile Service Elevation of Privilege Vulnerability with CVE-2022-26904 has a CVSS score of 6.5.

The US National Security Agency discovered that CVE-2022-24521 zero-day is a Windows Common Log File System Driver Elevation of Privilege Vulnerability with a CVSS score of 7.2.

Get alerted immediately of critical vulnerabilities that may threaten your products automatically discovered in your internet-facing assets!

Fixed 10 Critical RCE Vulnerabilities

The table on 10 critical RCE vulnerabilities fixed in April Patch Tuesday follows.

Microsoft states that threat actors may have started analysis to look for ways of exploitation. Considering that 115 of the vulnerabilities were “important” and 10 were “critical,” customers should urgently install security updates. You can access the advisory here.

Which Products or Features are Affected?

Affected products and features include many of the key brands in Microsoft’s product portfolio. Windows, Defender, Microsoft Office, Exchange Server, Visual Studio, and Print Spooler are just a few.

Patches that fix vulnerabilities in 53 different products and systems, such as Chromium-based Microsoft Edge, are interpreted as the most comprehensive Patch Tuesday recently.

Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

• Discover your unknown hacker-exposed assets
• Check if your IP addresses tagged as malicious
• Monitor your domain name on hacked websites and phishing databases
• Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.
Get free access.