Microsoft Patch Tuesday includes most vulnerabilities since Sept. 2020

By Jon Munshaw and Nick Biasini. 

Microsoft released its latest security update Tuesday, disclosing more than 140 vulnerabilities across its array of products. This is a departure from past Patch Tuesdays this year, which have only featured a few dozen vulnerabilities, and is the largest amount of issues in a single Patch Tuesday since September 2020.  

Ten of these vulnerabilities are considered to be “critical,” while three others are listed as being of “moderate” severity and the remainder are considered “important.” There are also nine vulnerabilities that were first found in the Chromium web browser but affect Microsoft Edge, since it’s a Chromium-based browser. Edge users do not need to take any action to patch for these issues. 

Windows Hyper-V contains three of the critical vulnerabilities patched this month — CVE-2022-23257, CVE-2022-24537 and CVE-2022-22008 — that could lead to remote code execution. An attacker would need to open a specially crafted file. Then, the attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code. 

There are also two critical remote code execution vulnerabilities in the Windows Network File System: CVE-2022-24491 and CVE-2022-24497. These issues are only exploitable on Windows Server

Read More: http://blog.talosintelligence.com/2022/04/microsoft-patch-tuesday-includes-most.html