Back to Blog
Detection and Response

Patch Tuesday - April 2022

Greg Wiseman
Greg Wiseman
|Last updated on Apr 12, 2022|1 min read
LinkedInFacebookX
Patch Tuesday - April 2022

From Defender to Windows, Office to Azure, this month’s Patch Tuesday has a large swath of Microsoft’s portfolio getting vulnerabilities fixed. 119 CVEs were addressed today, not including the 26 Chromium vulnerabilities that were fixed in the Edge browser.

One of these has been observed being exploited in the wild: CVE-2022-24521, reported to Microsoft by the National Security Agency, affects the Common Log File System Driver in all supported versions of Windows and allows attackers to gain additional privileges on a system they already have local access to. Another local privilege escalation (LPE), CVE-2022-26904 affecting the Windows User Profile Service, had been publicly disclosed but not reported as already being exploited – it’s harder for attackers to leverage as it relies on winning a race condition, which can be tricky to reliably achieve.

LPEs don’t always get the same attention that remote code execution (RCE) vulnerabilities do, but they can be a great help to attackers after they gain an initial foothold. These two categories dominate this month’s vulnerabilities, with 55 LPEs and 47 RCEs getting patched. 10 of the RCEs are considered “Critical,” affecting Windows Hyper-V (CVE-2022-22008, CVE-2022-23257, CVE-2022-24537); Windows SMB Client (CVE-2022-24500, CVE-2022-24541); Windows Network File System (CVE-2022-24491 and CVE-2022-24497); LDAP (CVE-2022-26919); Microsoft Dynamics (CVE-2022-23259); and the Windows RPC Runtime (CVE-2022-26809).

On the Office side of the house, Skype for Business Server was patched for spoofing (CVE-2022-26910) and information disclosure (CVE-2022-26911) vulnerabilities. Two RCEs affecting Excel (CVE-2022-24473 and CVE-2022-26901) were fixed, as well as a spoofing vulnerability in SharePoint Server (CVE-2022-24472).

With so many vulnerabilities to manage, it can be difficult to prioritize. Thankfully, most of this month’s CVEs can be addressed by patching the core OS. Administrators should first focus on updating any public-facing servers before moving on to internal servers and then client systems. The SMB Client vulnerabilities can also be mitigated by blocking port 445/tcp at the network perimeter – victims need to be enticed to connect to a malicious SMB server, and this would help against Internet-based attackers. Of course, this won’t help much if the malicious system was set up within the perimeter.

For any readers who enjoy deeper dives into vulnerabilities and exploits, Rapid7’s Jake Baines has a technical writeup of CVE-2022-24527, an LPE he discovered in the Connected Cache component of Microsoft Endpoint Manager that got fixed today. Check it out!

Summary charts

2022-04-vuln_count_severity.png2022-04-vuln_count_impact.png2022-04-cvssv3_hist.png2022-04-vuln_count_component.png

Summary tables

Azure Vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-26898Azure Site Recovery Remote Code Execution VulnerabilityNoNo7.2Yes
CVE-2022-26896Azure Site Recovery Information Disclosure VulnerabilityNoNo4.9Yes
CVE-2022-26897Azure Site Recovery Information Disclosure VulnerabilityNoNo4.9Yes
CVE-2022-26907Azure SDK for .NET Information Disclosure VulnerabilityNoNo5.3Yes

Browser Vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-24523Microsoft Edge (Chromium-based) Spoofing VulnerabilityNoNo4.3Yes
CVE-2022-24475Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityNoNo8.3Yes
CVE-2022-26891Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityNoNo8.3Yes
CVE-2022-26894Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityNoNo8.3Yes
CVE-2022-26895Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityNoNo8.3Yes
CVE-2022-26900Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityNoNo8.3Yes
CVE-2022-26908Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityNoNo8.3Yes
CVE-2022-26909Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityNoNo8.3Yes
CVE-2022-26912Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityNoNo8.3Yes
CVE-2022-1232Chromium: CVE-2022-1232 Type Confusion in V8NoNoN/AYes
CVE-2022-1146Chromium: CVE-2022-1146 Inappropriate implementation in Resource TimingNoNoN/AYes
CVE-2022-1145Chromium: CVE-2022-1145 Use after free in ExtensionsNoNoN/AYes
CVE-2022-1143Chromium: CVE-2022-1143 Heap buffer overflow in WebUINoNoN/AYes
CVE-2022-1139Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch APINoNoN/AYes
CVE-2022-1138Chromium: CVE-2022-1138 Inappropriate implementation in Web CursorNoNoN/AYes
CVE-2022-1137Chromium: CVE-2022-1137 Inappropriate implementation in ExtensionsNoNoN/AYes
CVE-2022-1136Chromium: CVE-2022-1136 Use after free in Tab StripNoNoN/AYes
CVE-2022-1135Chromium: CVE-2022-1135 Use after free in Shopping CartNoNoN/AYes
CVE-2022-1134Chromium: CVE-2022-1134 Type Confusion in V8NoNoN/AYes
CVE-2022-1133Chromium: CVE-2022-1133 Use after free in WebRTCNoNoN/AYes
CVE-2022-1131Chromium: CVE-2022-1131 Use after free in Cast UINoNoN/AYes
CVE-2022-1130Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTPNoNoN/AYes
CVE-2022-1129Chromium: CVE-2022-1129 Inappropriate implementation in Full Screen ModeNoNoN/AYes
CVE-2022-1128Chromium: CVE-2022-1128 Inappropriate implementation in Web Share APINoNoN/AYes
CVE-2022-1127Chromium: CVE-2022-1127 Use after free in QR Code GeneratorNoNoN/AYes
CVE-2022-1125Chromium: CVE-2022-1125 Use after free in PortalsNoNoN/AYes

Developer Tools Vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-26924YARP Denial of Service VulnerabilityNoNo7.5Yes
CVE-2022-24513Visual Studio Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26921Visual Studio Code Elevation of Privilege VulnerabilityNoNo7.3No
CVE-2022-24765GitHub: Uncontrolled search for the Git directory in Git for WindowsNoNoN/AYes
CVE-2022-24767GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user accountNoNoN/AYes
CVE-2022-26832.NET Framework Denial of Service VulnerabilityNoNo7.5No

Microsoft Dynamics Vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-23259Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityNoNo8.8Yes

Microsoft Office Vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-26910Skype for Business and Lync Spoofing VulnerabilityNoNo5.3Yes
CVE-2022-26911Skype for Business Information Disclosure VulnerabilityNoNo6.5Yes
CVE-2022-24472Microsoft SharePoint Server Spoofing VulnerabilityNoNo8Yes
CVE-2022-24473Microsoft Excel Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-26901Microsoft Excel Remote Code Execution VulnerabilityNoNo7.8Yes

SQL Server Vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-23292Microsoft Power BI Spoofing VulnerabilityNoNo5.9Yes

System Center Vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-24548Microsoft Defender Denial of Service VulnerabilityNoNo5.5Yes

Windows Vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-24543Windows Upgrade Assistant Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-24550Windows Telephony Server Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26786Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26789Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26791Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26793Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26795Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-24491Windows Network File System Remote Code Execution VulnerabilityNoNo9.8Yes
CVE-2022-24497Windows Network File System Remote Code Execution VulnerabilityNoNo9.8Yes
CVE-2022-24487Windows Local Security Authority (LSA) Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-24483Windows Kernel Information Disclosure VulnerabilityNoNo5.5Yes
CVE-2022-24545Windows Kerberos Remote Code Execution VulnerabilityNoNo8.1Yes
CVE-2022-24486Windows Kerberos Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-24490Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityNoNo8.1Yes
CVE-2022-24539Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityNoNo8.1Yes
CVE-2022-26783Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityNoNo6.5Yes
CVE-2022-26785Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityNoNo6.5Yes
CVE-2022-23257Windows Hyper-V Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-22008Windows Hyper-V Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-24537Windows Hyper-V Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-22009Windows Hyper-V Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-23268Windows Hyper-V Denial of Service VulnerabilityNoNo6.5Yes
CVE-2022-26920Windows Graphics Component Information Disclosure VulnerabilityNoNo5.5Yes
CVE-2022-26808Windows File Explorer Elevation of Privilege VulnerabilityNoNo7Yes
CVE-2022-24495Windows Direct Show - Remote Code Execution VulnerabilityNoNo7Yes
CVE-2022-24547Windows Digital Media Receiver Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-24488Windows Desktop Bridge Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-24546Windows DWM Core Library Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26811Windows DNS Server Remote Code Execution VulnerabilityNoNo7.2Yes
CVE-2022-26823Windows DNS Server Remote Code Execution VulnerabilityNoNo7.2Yes
CVE-2022-26824Windows DNS Server Remote Code Execution VulnerabilityNoNo7.2Yes
CVE-2022-26825Windows DNS Server Remote Code Execution VulnerabilityNoNo7.2Yes
CVE-2022-26826Windows DNS Server Remote Code Execution VulnerabilityNoNo7.2Yes
CVE-2022-26814Windows DNS Server Remote Code Execution VulnerabilityNoNo6.6Yes
CVE-2022-26817Windows DNS Server Remote Code Execution VulnerabilityNoNo6.6Yes
CVE-2022-26818Windows DNS Server Remote Code Execution VulnerabilityNoNo6.6Yes
CVE-2022-26816Windows DNS Server Information Disclosure VulnerabilityNoNo6.5Yes
CVE-2022-24538Windows Cluster Shared Volume (CSV) Denial of Service VulnerabilityNoNo6.5No
CVE-2022-26784Windows Cluster Shared Volume (CSV) Denial of Service VulnerabilityNoNo6.5No
CVE-2022-24484Windows Cluster Shared Volume (CSV) Denial of Service VulnerabilityNoNo5.5No
CVE-2022-26828Windows Bluetooth Driver Elevation of Privilege VulnerabilityNoNo7Yes
CVE-2022-24549Windows AppX Package Manager Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-24482Windows ALPC Elevation of Privilege VulnerabilityNoNo7Yes
CVE-2022-26914Win32k Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26788PowerShell Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-24496Local Security Authority (LSA) Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-24532HEVC Video Extensions Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-26830DiskUsage.exe Remote Code Execution VulnerabilityNoNo7.5Yes
CVE-2022-24479Connected User Experiences and Telemetry Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-24489Cluster Client Failover (CCF) Elevation of Privilege VulnerabilityNoNo7.8No

Windows ESU Vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreHas FAQ?
CVE-2022-24498Windows iSCSI Target Service Information Disclosure VulnerabilityNoNo6.5Yes
CVE-2022-26807Windows Work Folder Service Elevation of Privilege VulnerabilityNoNo7Yes
CVE-2022-24474Windows Win32k Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-24542Windows Win32k Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26904Windows User Profile Service Elevation of Privilege VulnerabilityNoYes7Yes
CVE-2022-24541Windows Server Service Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-26915Windows Secure Channel Denial of Service VulnerabilityNoNo7.5No
CVE-2022-24500Windows SMB Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-26787Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26790Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26792Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26794Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26796Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26797Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26798Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26801Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26802Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26803Windows Print Spooler Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26919Windows LDAP Remote Code Execution VulnerabilityNoNo8.1Yes
CVE-2022-26831Windows LDAP Denial of Service VulnerabilityNoNo7.5No
CVE-2022-24544Windows Kerberos Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-24530Windows Installer Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-24499Windows Installer Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26903Windows Graphics Component Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-26810Windows File Server Resource Management Service Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-26827Windows File Server Resource Management Service Elevation of Privilege VulnerabilityNoNo7Yes
CVE-2022-26916Windows Fax Compose Form Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-26917Windows Fax Compose Form Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-26918Windows Fax Compose Form Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-24527Windows Endpoint Configuration Manager Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-26812Windows DNS Server Remote Code Execution VulnerabilityNoNo7.2Yes
CVE-2022-26813Windows DNS Server Remote Code Execution VulnerabilityNoNo7.2Yes
CVE-2022-24536Windows DNS Server Remote Code Execution VulnerabilityNoNo7.2Yes
CVE-2022-26815Windows DNS Server Remote Code Execution VulnerabilityNoNo7.2Yes
CVE-2022-26819Windows DNS Server Remote Code Execution VulnerabilityNoNo6.6Yes
CVE-2022-26820Windows DNS Server Remote Code Execution VulnerabilityNoNo6.6Yes
CVE-2022-26821Windows DNS Server Remote Code Execution VulnerabilityNoNo6.6Yes
CVE-2022-26822Windows DNS Server Remote Code Execution VulnerabilityNoNo6.6Yes
CVE-2022-26829Windows DNS Server Remote Code Execution VulnerabilityNoNo6.6Yes
CVE-2022-24521Windows Common Log File System Driver Elevation of Privilege VulnerabilityYesNo7.8No
CVE-2022-24481Windows Common Log File System Driver Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-24494Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-24540Windows ALPC Elevation of Privilege VulnerabilityNoNo7Yes
CVE-2022-21983Win32 Stream Enumeration Remote Code Execution VulnerabilityNoNo7.5Yes
CVE-2022-24534Win32 Stream Enumeration Remote Code Execution VulnerabilityNoNo7.5Yes
CVE-2022-24485Win32 File Enumeration Remote Code Execution VulnerabilityNoNo7.5Yes
CVE-2022-26809Remote Procedure Call Runtime Remote Code Execution VulnerabilityNoNo9.8Yes
CVE-2022-24528Remote Procedure Call Runtime Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-24492Remote Procedure Call Runtime Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-24533Remote Desktop Protocol Remote Code Execution VulnerabilityNoNo8Yes
CVE-2022-24493Microsoft Local Security Authority (LSA) Server Information Disclosure VulnerabilityNoNo5.5Yes

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

Subscribe

Article Tags

Author

Greg Wiseman
Greg Wiseman
Authors's Posts

Related blog posts