SOCRadar® Cyber Intelligence Inc. | Microsoft April 2022 Patch Tuesday Fixes 2 Zero-Days and 10 RCE Vulnerabilities
Home

Resources

Blog
Apr 13, 2022
3 Mins Read

Microsoft April 2022 Patch Tuesday Fixes 2 Zero-Days and 10 RCE Vulnerabilities

Microsoft released 119 patches on April 2022 Patch Tuesday that fixed two zero-days and 10 critical RCE vulnerabilities. The security advisory stated that one of the two zero-days is being actively exploited.

Zero-day exploited in the attacks, Windows User Profile Service Elevation of Privilege Vulnerability with CVE-2022-26904 has a CVSS score of 6.5.

The US National Security Agency discovered that CVE-2022-24521 zero-day is a Windows Common Log File System Driver Elevation of Privilege Vulnerability with a CVSS score of 7.2.

Get alerted immediately of critical vulnerabilities that may threaten your products automatically discovered in your internet-facing assets!

Fixed 10 Critical RCE Vulnerabilities

The table on 10 critical RCE vulnerabilities fixed in April Patch Tuesday follows.

Product/Feature

CVE-ID

Title

LDAP – Lightweight Directory Access Protocol

CVE-2022-26919

Windows LDAP Remote Code Execution Vulnerability

Microsoft Dynamics

CVE-2022-23259

Microsoft Dynamics 265 (on-premises) Remote Code Execution Vulnerability

Windows Hyper-V

CVE-2022-22008

Windows Hyper V-Remote Code Execution Vulnerability

Windows Hyper-V

CVE-2022-24537

Windows Hyper V-Remote Code Execution Vulnerability

Windows Hyper-V

CVE-2022-23257

Windows Hyper V-Remote Code Execution Vulnerability

Windows Network File System

CVE-2022-24491

Windows Network File System Remote Code Execution Vulnerability

Windows Network File System

CVE-2022-24497

Windows Network File System Remote Code Execution Vulnerability

Windows Remote Procedure Call Runtime

CVE-2022-26809

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Windows SMB

CVE-2022-24541

Windows Server Service Remote Code Execution Vulnerability

Windows SMB

CVE-2022-24500

Windows SMB Remote Code Execution Vulnerability

Microsoft states that threat actors may have started analysis to look for ways of exploitation. Considering that 115 of the vulnerabilities were “important” and 10 were “critical,” customers should urgently install security updates. You can access the advisory here.

Which Products or Features are Affected?

Affected products and features include many of the key brands in Microsoft’s product portfolio. Windows, Defender, Microsoft Office, Exchange Server, Visual Studio, and Print Spooler are just a few.

Patches that fix vulnerabilities in 53 different products and systems, such as Chromium-based Microsoft Edge, are interpreted as the most comprehensive Patch Tuesday recently.

Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.
Get free access.