Today is Microsoft's Patch Tuesday for the April 2022 updates. It brings fixes for two zero-day vulnerabilities and fixes a total of 119 bugs in the company's code.
Microsoft fixed 119 vulnerabilities (excluding the 26 Microsoft Edge vulnerabilities) with today's update. Ten of them are classified as critical as they allow remote code execution.
The number of errors in each category is listed below:
47 Vulnerabilities Elevation of Privilege
47 Vulnerabilities Remote -- Execution
13 Information Disclosure Vulnerabilities
9 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities
26 Edge – Vulnerabilities Chromium
For more information on other Windows updates, read about today's updates KB5012599 and KB5012591.
This month's Patch Tuesday includes fixes for two zero-day vulnerabilities. One that was revealed publicly while the other is already used in attacks.
Microsoft classifies a vulnerability as zero-day if it has been publicly disclosed or if it is already in use without any official updates.
The zero-day vulnerability already in use, and corrected today, is a bug discovered by security researcher Abdelhamid Naceri, and Microsoft has already tried to fix it twice.
- CVE-2022-26904 - Windows User Profile Service Elevation of Privilege Vulnerability
The public exposure of the next zero-day is an elevation of privilege bug discovered by the CrowdStrike and the US National Security Agency (NSA).
- CVE-2022-24521 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Of course, as always it is recommended to install the current security updates immediately.
