Σήμερα είναι η Patch Tuesday της Microsoft για τις ενημερώσεις Απριλίου του 2022. Φέρνει επιδιορθώσεις για two zero-day vulnerabilities and fixes a total of 119 flaws in the company's code.
Microsoft patched 119 vulnerabilities (not including the 26 Microsoft Edge vulnerabilities) with today's information. Ten of these are classified as critical as they allow remote code execution.
The number of errors in each category is listed below:
47 Vulnerabilities Elevation of Privilege
47 Vulnerabilities Remote Code Execution
13 Information Disclosure Vulnerabilities
9 Denial of Service Vulnerabilities
3 Vulnerabilities spoofing
26 Edge - Chromium Vulnerabilities
For more information on other Windows updates, read about today's updates KB5012599 and KB5012591.
This month's Patch Tuesday also includes fixes for two zero-day vulnerabilities. One that was revealed publicly while the other is already in use in attacks.
Microsoft classifies a vulnerability as zero-day if it has been publicly disclosed or if it is already in use without any official updates.
The zero-day vulnerability already in use, and corrected today, is a bug discovered by security researcher Abdelhamid Naceri, and Microsoft has already tried to fix it twice.
- CVE-2022-26904 – Windows User Profile Service Elevation of Privilege Vulnerability
The next zero-day public report is a privilege-raising error discovered by CrowdStrike and the US National Security Agency (NSA).
- CVE-2022-24521 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
Of course, as always it is recommended to install the current security updates immediately.