Microsoft's April 2022 Patch Tuesday tackles two zero-day vulnerabilities

Microsoft has released over 100 security fixes for software that resolve critical issues including two zero-days.

In the Redmond giant’s latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, Microsoft has fixed problems including numerous remote code execution (RCE) bugs, elevation of privilege (EoP) issues, denial-of-service, information leaks, and spoofing. In total, 10 vulnerabilities are classed as critical. 

Products impacted by April’s security update include the Windows OS, Microsoft Office, Dynamics, Edge, Hyper-V, File Server, Skype for Business, and Windows SMB. 

Read on:

The zero-day vulnerabilities resolved in this update are: 

CVE-2022-26904: This known zero-day flaw impacts the Windows User Profile Service and is described as an EoP vulnerability. The bug has been issued a CVSS severity score of 7.0 and its attack complexity is considered ‘high’, as “successful exploitation of this vulnerability requires an attacker to win a race condition,” according to Microsoft.CVE-2022-24521: This bug is another EoP issue found in the Windows Common Log File System Driver. Issued a CVSS score of 7.8, Microsoft says that attack complexity is low and the company has detected active exploitation, despite the flaw not being made public until now. 

Two other security issues, CVE-2022-26809

Read More: https://www.zdnet.com/article/microsoft-april-2022-patch-tuesday-two-zero-day-vulnerabilities-tackled/#ftag=RSSbaffb68