Microsoft April 2022 Patch Tuesday

Published: 2022-04-12. Last Updated: 2022-04-12 17:57:47 UTC
by Renato Marinho (Version: 1)
0 comment(s)

This month we got patches for 145 vulnerabilities. Of these, 10 are critical, 1 was previously disclosed, and one is already being exploited according to Microsoft.

The exploited vulnerability is an Elevation of Privilege on Windows Common Log File System Driver (CVE-2022-24521). There are no details about the vulnerability in the advisory. It is rated as important and has a CVSS of 7.80.

Among critical vulnerabilities, there is a Remote Code Execution (RCE) affecting  Windows Network File System (CVE-2022-24497). To exploit this vulnerability, an attacker could send a specially crafted NFS protocol network message to a vulnerable Windows machine, which could enable remote code execution. The vulnerability is only exploitable for systems that have the NFS role enabled. More information about NFS is available at https://docs.microsoft.com/en-us/windows-server/storage/nfs/nfs-overview and information about installing and uninstalling Roles Services is available at https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#install-roles-role-services-and-features-by-using-the-add-roles-and-features-wizard

But there's another vulnerability even more worrying: an RCE affecting Remote Procedure Call Runtime (CVE-2022-26809). According to the advisory, exploitation of this vulnerability could result in remote code execution on the server-side with the same permissions as the RPC service. The vulnerability requires no user interaction, requires no privilege, has a low attack complexity and the attack vector is network. Due to those characteristics, this is a potential wormable vulnerability. The mitigation for the vulnerability is blocking port TCP/445 or protecting it as much as possible - mainly from access coming from the Internet. The exploitability is 'More Likely' but there is no exploitation detected according to Microsoft. The CVSS is 9.80.

The already disclosed vulnerability affects Windows User Profile Service (CVE-2022-26904). According to the advisory, despite not requiring user interaction, the attack complexity for this vulnerability is high. The vulnerability's exploitability is 'More Likely' and its CVSS is 7.00

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/

April 2022 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Denial of Service Vulnerability
CVE-2022-26832 No No Less Likely Less Likely Important 7.5 6.5
Azure SDK for .NET Information Disclosure Vulnerability
CVE-2022-26907 No No Less Likely Less Likely Important 5.3 4.8
Azure Site Recovery Information Disclosure Vulnerability
CVE-2022-26896 No No Less Likely Less Likely Important 4.9 4.3
CVE-2022-26897 No No Less Likely Less Likely Important 4.9 4.3
Azure Site Recovery Remote Code Execution Vulnerability
CVE-2022-26898 No No Less Likely Less Likely Important 7.2 6.3
Chromium: CVE-2022-1125 Use after free in Portals
CVE-2022-1125 No No - - -    
Chromium: CVE-2022-1127 Use after free in QR Code Generator
CVE-2022-1127 No No - - -    
Chromium: CVE-2022-1128 Inappropriate implementation in Web Share API
CVE-2022-1128 No No - - -    
Chromium: CVE-2022-1129 Inappropriate implementation in Full Screen Mode
CVE-2022-1129 No No - - -    
Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTP
CVE-2022-1130 No No - - -    
Chromium: CVE-2022-1131 Use after free in Cast UI
CVE-2022-1131 No No - - -    
Chromium: CVE-2022-1133 Use after free in WebRTC
CVE-2022-1133 No No - - -    
Chromium: CVE-2022-1134 Type Confusion in V8
CVE-2022-1134 No No - - -    
Chromium: CVE-2022-1135 Use after free in Shopping Cart
CVE-2022-1135 No No - - -    
Chromium: CVE-2022-1136 Use after free in Tab Strip
CVE-2022-1136 No No - - -    
Chromium: CVE-2022-1137 Inappropriate implementation in Extensions
CVE-2022-1137 No No - - -    
Chromium: CVE-2022-1138 Inappropriate implementation in Web Cursor
CVE-2022-1138 No No - - -    
Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch API
CVE-2022-1139 No No - - -    
Chromium: CVE-2022-1143 Heap buffer overflow in WebUI
CVE-2022-1143 No No - - -    
Chromium: CVE-2022-1145 Use after free in Extensions
CVE-2022-1145 No No - - -    
Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing
CVE-2022-1146 No No - - -    
Chromium: CVE-2022-1232 Type Confusion in V8
CVE-2022-1232 No No - - -    
Cluster Client Failover (CCF) Elevation of Privilege Vulnerability
CVE-2022-24489 No No Less Likely Less Likely Important 7.8 6.8
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2022-24479 No No Less Likely Less Likely Important 7.8 6.8
DiskUsage.exe Remote Code Execution Vulnerability
CVE-2022-26830 No No Less Likely Less Likely Important 7.5 6.5
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account
CVE-2022-24767 No No Less Likely Less Likely Important    
GitHub: Uncontrolled search for the Git directory in Git for Windows
CVE-2022-24765 No No Less Likely Less Likely Important    
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2022-24532 No No Less Likely Less Likely Important 7.8 6.8
Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2022-24496 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Defender Denial of Service Vulnerability
CVE-2022-24548 No No Less Likely Less Likely Important 5.5 4.8
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2022-23259 No No Less Likely Less Likely Critical 8.8 7.7
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-24475 No No Less Likely Less Likely Important 8.3 7.2
CVE-2022-26891 No No Less Likely Less Likely Important 8.3 7.2
CVE-2022-26894 No No Less Likely Less Likely Important 8.3 7.2
CVE-2022-26895 No No Less Likely Less Likely Important 8.3 7.2
CVE-2022-26900 No No Less Likely Less Likely Important 8.3 7.2
CVE-2022-26908 No No Less Likely Less Likely Important 8.3 7.2
CVE-2022-26909 No No Less Likely Less Likely Moderate 8.3 7.2
CVE-2022-26912 No No Less Likely Less Likely Moderate 8.3 7.2
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2022-24523 No No Less Likely Less Likely Moderate 4.3 3.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-24473 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26901 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2022-24493 No No Less Likely Less Likely Important 5.5 4.8
Microsoft Power BI Spoofing Vulnerability
CVE-2022-23292 No No Less Likely Less Likely Important 5.9 5.2
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2022-24472 No No Less Likely Less Likely Important 8.0 7.0
PowerShell Elevation of Privilege Vulnerability
CVE-2022-26788 No No Less Likely Less Likely Important 7.8 6.8
Remote Desktop Protocol Remote Code Execution Vulnerability
CVE-2022-24533 No No Less Likely Less Likely Important 8.0 7.0
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2022-24528 No No Less Likely Less Likely Important 8.8 7.7
CVE-2022-24492 No No Less Likely Less Likely Important 8.8 7.7
CVE-2022-26809 No No More Likely More Likely Critical 9.8 8.5
Skype for Business Information Disclosure Vulnerability
CVE-2022-26911 No No Less Likely Less Likely Important 6.5 5.7
Skype for Business and Lync Spoofing Vulnerability
CVE-2022-26910 No No Less Likely Less Likely Important 5.3 4.6
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2022-26921 No No Less Likely Less Likely Important 7.3 6.4
Visual Studio Elevation of Privilege Vulnerability
CVE-2022-24513 No No Less Likely Less Likely Important 7.8 6.8
Win32 File Enumeration Remote Code Execution Vulnerability
CVE-2022-24485 No No Less Likely Less Likely Important 7.5 6.5
Win32 Stream Enumeration Remote Code Execution Vulnerability
CVE-2022-21983 No No Less Likely Less Likely Important 7.5 6.5
CVE-2022-24534 No No Less Likely Less Likely Important 7.5 6.5
Win32k Elevation of Privilege Vulnerability
CVE-2022-26914 No No More Likely More Likely Important 7.8 7.0
Windows ALPC Elevation of Privilege Vulnerability
CVE-2022-24482 No No Less Likely Less Likely Important 7.0 6.1
CVE-2022-24540 No No Less Likely Less Likely Important 7.0 6.1
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2022-24494 No No Less Likely Less Likely Important 7.8 6.8
Windows AppX Package Manager Elevation of Privilege Vulnerability
CVE-2022-24549 No No Less Likely Less Likely Important 7.8 6.8
Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2022-26828 No No Less Likely Less Likely Important 7.0 6.1
Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
CVE-2022-24484 No No Less Likely Less Likely Important 5.5 4.8
CVE-2022-24538 No No Less Likely Less Likely Important 6.5 5.7
CVE-2022-26784 No No Less Likely Less Likely Important 6.5 5.7
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-24521 No Yes Detected Detected Important 7.8 7.2
CVE-2022-24481 No No More Likely More Likely Important 7.8 6.8
Windows DNS Server Information Disclosure Vulnerability
CVE-2022-26816 No No Less Likely Less Likely Important 6.5 5.7
Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26811 No No Less Likely Less Likely Important 7.2 6.3
CVE-2022-26812 No No Less Likely Less Likely Important 7.2 6.5
CVE-2022-26813 No No Less Likely Less Likely Important 7.2 6.3
CVE-2022-24536 No No Less Likely Less Likely Important 7.2 6.3
CVE-2022-26814 No No Less Likely Less Likely Important 6.6 5.9
CVE-2022-26815 No No Less Likely Less Likely Important 7.2 6.3
CVE-2022-26817 No No Less Likely Less Likely Important 6.6 5.8
CVE-2022-26818 No No Less Likely Less Likely Important 6.6 5.8
CVE-2022-26819 No No Less Likely Less Likely Important 6.6 5.8
CVE-2022-26820 No No Less Likely Less Likely Important 6.6 5.8
CVE-2022-26821 No No Less Likely Less Likely Important 6.6 5.8
CVE-2022-26822 No No Less Likely Less Likely Important 6.6 5.8
CVE-2022-26823 No No Less Likely Less Likely Important 7.2 6.3
CVE-2022-26824 No No Less Likely Less Likely Important 7.2 6.3
CVE-2022-26825 No No Less Likely Less Likely Important 7.2 6.3
CVE-2022-26826 No No Less Likely Less Likely Important 7.2 6.3
CVE-2022-26829 No No Less Likely Less Likely Important 6.6 5.9
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-24546 No No More Likely More Likely Important 7.8 6.8
Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2022-24488 No No Less Likely Less Likely Important 7.8 6.8
Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVE-2022-24547 No No More Likely More Likely Important 7.8 6.8
Windows Direct Show - Remote Code Execution Vulnerability
CVE-2022-24495 No No Less Likely Less Likely Important 7.0 6.1
Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability
CVE-2022-24527 No No Less Likely Less Likely Important 7.8 6.8
Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2022-26916 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26917 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26918 No No Less Likely Less Likely Important 7.8 6.8
Windows File Explorer Elevation of Privilege Vulnerability
CVE-2022-26808 No No Less Likely Less Likely Important 7.0 6.1
Windows File Server Resource Management Service Elevation of Privilege Vulnerability
CVE-2022-26810 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26827 No No Less Likely Less Likely Important 7.0 6.1
Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-26920 No No Less Likely Less Likely Important 5.5 4.8
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2022-26903 No No Less Likely Less Likely Important 7.8 6.8
Windows Hyper-V Denial of Service Vulnerability
CVE-2022-23268 No No Less Likely Less Likely Important 6.5 5.7
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-22008 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2022-22009 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-23257 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2022-24537 No No Less Likely Less Likely Critical 7.8 6.8
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
CVE-2022-24490 No No Less Likely Less Likely Important 8.1 7.1
CVE-2022-24539 No No Less Likely Less Likely Important 8.1 7.1
CVE-2022-26783 No No Less Likely Less Likely Important 6.5 5.7
CVE-2022-26785 No No Less Likely Less Likely Important 6.5 5.7
Windows Installer Elevation of Privilege Vulnerability
CVE-2022-24530 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-24499 No No Less Likely Less Likely Important 7.8 6.8
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-24486 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-24544 No No Less Likely Less Likely Important 7.8 6.8
Windows Kerberos Remote Code Execution Vulnerability
CVE-2022-24545 No No Less Likely Less Likely Important 8.1 7.1
Windows Kernel Information Disclosure Vulnerability
CVE-2022-24483 No No Less Likely Less Likely Important 5.5 4.8
Windows LDAP Denial of Service Vulnerability
CVE-2022-26831 No No Less Likely Less Likely Important 7.5 6.5
Windows LDAP Remote Code Execution Vulnerability
CVE-2022-26919 No No Less Likely Less Likely Critical 8.1 7.1
Windows Local Security Authority (LSA) Remote Code Execution Vulnerability
CVE-2022-24487 No No Less Likely Less Likely Important 8.8 7.7
Windows Network File System Remote Code Execution Vulnerability
CVE-2022-24491 No No More Likely More Likely Critical 9.8 8.5
CVE-2022-24497 No No More Likely More Likely Critical 9.8 8.5
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26786 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26787 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26789 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26790 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26791 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26792 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26793 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26794 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26795 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26796 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26797 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26798 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26801 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26802 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-26803 No No Less Likely Less Likely Important 7.8 6.8
Windows SMB Remote Code Execution Vulnerability
CVE-2022-24500 No No Less Likely Less Likely Critical 8.8 7.7
Windows Secure Channel Denial of Service Vulnerability
CVE-2022-26915 No No Less Likely Less Likely Important 7.5 6.5
Windows Server Service Remote Code Execution Vulnerability
CVE-2022-24541 No No Less Likely Less Likely Critical 8.8 7.7
Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2022-24550 No No Less Likely Less Likely Important 7.8 6.8
Windows Upgrade Assistant Remote Code Execution Vulnerability
CVE-2022-24543 No No Less Likely Less Likely Important 7.8 6.8
Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2022-26904 Yes No More Likely More Likely Important 7.0 6.5
Windows Win32k Elevation of Privilege Vulnerability
CVE-2022-24474 No No More Likely More Likely Important 7.8 6.8
CVE-2022-24542 No No More Likely More Likely Important 7.8 6.8
Windows Work Folder Service Elevation of Privilege Vulnerability
CVE-2022-26807 No No Less Likely Less Likely Important 7.0 6.1
Windows iSCSI Target Service Information Disclosure Vulnerability
CVE-2022-24498 No No Less Likely Less Likely Important 6.5 5.7
YARP Denial of Service Vulnerability
CVE-2022-26924 No No Less Likely Less Likely Important 7.5 6.5

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
0 comment(s)
ISC Stormcast For Tuesday, April 12th, 2022 https://isc.sans.edu/podcastdetail.html?id=7960

Comments


Diary Archives