Today is Patch Tuesday της Microsoft για τις ενημερώσεις Απριλίου του 2022. Φέρνει επιδιορθώσεις για δύο vulnerabilities zero-day and fixes a total of 119 flaws in the company's code.
Microsoft patched 119 vulnerabilities (not including its 26 Microsoft Edge) with today's update. Ten of these are classified as critical as they allow remote code execution.
The number of errors in each category is listed below:
47 Vulnerabilities Elevation of Privilege
47 Vulnerabilities Remote Code Execution
13 Vulnerabilities News Disclosure
9 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities
26 Edge – Vulnerabilities Chromium
For more information for the other Windows updates, you can read about today's updates KB5012599 and KB5012591.
This month's Patch Tuesday includes fixes for two zero-day vulnerabilities. One that was revealed publicly while the other is already used in attacks.
Microsoft classifies a vulnerability as zero-day if it has been publicly disclosed or if it is already in use without any official updates.
The zero-day vulnerability already in use, and patched today, is one error discovered by security researcher Abdelhamid Naceri, and Microsoft has tried to fix it twice already.
- CVE-2022-26904 - Windows User Profile Service Elevation of Privilege Vulnerability
The public report of the next zero-day is an elevation of privilege bug discovered by CrowdStrike and the National Security Agency of USA (NSA).
- CVE-2022-24521 – Windows Common Log File System driver Elevation of Privilege Vulnerability
Of course, as always it is recommended to install the current security updates immediately.