bugBugsCyber Security NewsflawflawsMicrosoftMicrosoft April Patch TuesdayMicrosoft bugMicrosoft DefenderMicrosoft EdgeMicrosoft patchMicrosoft Patch TuesdayMicrosoft Patch Tuesday UpdateNewsPrivilege Escalationremote code executionVulnerabilitiesvulnerability

Microsoft April Patch Tuesday Is Huge, Fixed 128 Bugs

Microsoft has rolled out the scheduled Patch Tuesday updates for April. This one is huge as compared to the other monthly updates in that it (once again) fixes more than a hundred bugs.

Microsoft April Patch Tuesday Updates

The first noteworthy vulnerability among all the bugs addressed this month is a privilege escalation vulnerability in Windows Common Log File System Driver. Microsoft confirmed having detected active exploitation of this bug even when it remained undisclosed. This vulnerability, CVE-2022-24521, has received important severity rating with a CVSS score of 7.8.

Another similar privilege escalation bug existed in Windows User Profile Service. This vulnerability, CVE-2022-26904, also received important severity rating with a CVSS score of 7. Microsoft explained that exploiting this bug required an attacker “to win a race condition”. While it escaped exploitation, it still got publicly known before the tech giant could fix it.

Besides these two vulnerabilities, Microsoft fixed 113 other important severity vulnerabilities across different products. Briefly, these include 17 RCE flaws in Windows DNS Server, 5 privilege escalation vulnerabilities in Microsoft Edge browser, 15 elevation of privilege bugs in Windows Print Spooler, a denial of service vulnerability in Microsoft Defender (CVE-2022-24548), and more.

In addition, Microsoft also fixed 10 critical bugs this month, making the April Patch Tuesday an important one. These vulnerabilities affected different products, and could lead to remote code execution upon exploitation.

Apart from these bug fixes, Microsoft also addressed three moderate-severity flaws affecting its Chromium-based web browser Microsoft Edge. Two of these vulnerabilities, CVE-2022-26909 and CVE-2022-26912 (CVSS 8.3) caught the attention of the security researcher David Erceg. Whereas, for the third one, a spoofing bug (CVE-2022-24523), Microsoft has acknowledged the researcher, Mohit Raj. All the three vulnerabilities could lead to privilege escalation upon exploitation.

Since the updates are released worldwide, all Windows users globally should ensure updating their systems at the earliest. In case the updates do not arrive automatically, user should check for them manually to quickly patch their systems.


Source link

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button