April Patch Tuesday 2022 Addresses Over 120 Security Fixes
April Patch Tuesday 2022 has arrived. Tackle the latest Microsoft updates, critical patches, and vulnerabilities of the month.
Watch our April Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.
Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats
There are 10 Rated Critical and 115 patches rated Important with the remaining marked Moderate. This includes:
- Microsoft Windows and Windows Components
- Microsoft Defender and Defender for Endpoint
- Microsoft Dynamics
- Microsoft Edge (Chromium-based)
- Exchange Server
- Office and Office Components
- SharePoint Server
- Windows Hyper-V, DNS Server
- Skype for Business
- .NET and Visual Studio
- Windows App Store
- Windows Print Spooler Components
Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month as well.
Robert Brown, Head of Customer Success for Syxsense said, “We have an increase of patches fixed in this release which matches what we had released last year, and is almost twice as many as last month. There is both a weaponized threat and a Public Aware threat so right away you have updates to prioritize this month. We also have an increase of Critical updates this month, increasing from 3 last month to 10 this month.”
Top April 2022 Patches and Vulnerabilities
Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.
1. CVE-2022-24521: Windows Common Log File System Driver Elevation of Privilege Vulnerability
The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
Syxscore
- Vendor Severity: Important
- CVSS: 7.8
- Weaponized: Yes
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Local
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Unchanged / No
2. CVE-2022-26904: Windows User Profile Service Elevation of Privilege Vulnerability
The vulnerability exists due to a race condition in Windows User Profile Service. A local user can exploit the race and escalate privileges on the system.
Syxscore
- Vendor Severity: Important
- CVSS: 7.0
- Weaponized: No
- Public Aware: Yes
- Countermeasure: No
Syxscore Risk
- Attack Vector: Local
- Attack Complexity: High
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Unchanged / No
3. CVE-2022-26809: Remote Procedure Call Runtime Remote Code Execution Vulnerability
The vulnerability could allow a remote attacker to executed code at high privileges on an affected system. Since no user interaction is required, these factors combine to make this wormable, at least between machine where RPC can be reached.
Syxscore
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponized: No
- Public Aware: No
- Countermeasure: Yes
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): Unchanged / No
Syxsense Recommendations
Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponize.
| Reference | Description | Vendor Severity | CVSS Score | Publicly Aware | Weaponised | Countermeasure | Syxsense Recommended |
| CVE-2022-24521 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | No | Yes |
| CVE-2022-26904 | Windows User Profile Service Elevation of Privilege Vulnerability | Important | 7 | Yes | No | No | Yes |
| CVE-2022-26809 | RPC Runtime Library Remote Code Execution Vulnerability | Critical | 9.8 | No | No | Yes – Block TCP port 445 at the enterprise perimeter firewall | Yes |
| CVE-2022-24491 | Windows Network File System Remote Code Execution Vulnerability | Critical | 9.8 | No | No | Yes – This vulnerability is only exploitable for systems that have the NFS role enabled. | Yes |
| CVE-2022-24497 | Windows Network File System Remote Code Execution Vulnerability | Critical | 9.8 | No | No | Yes – This vulnerability is only exploitable for systems that have the NFS role enabled. | Yes |
| CVE-2022-23259 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2022-24541 | Windows Server Service Remote Code Execution Vulnerability | Critical | 8.8 | No | No | Yes – Block TCP port 445 at the enterprise perimeter firewall | Yes |
| CVE-2022-24500 | Windows SMB Remote Code Execution Vulnerability | Critical | 8.8 | No | No | Yes – Block TCP port 445 at the enterprise perimeter firewall | Yes |
| CVE-2022-24492 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2022-24528 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2022-26815 | Windows DNS Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2022-24487 | Windows Local Security Authority (LSA) Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2022-23257 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 8.6 | No | No | No | Yes |
| CVE-2022-24475 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 8.3 | No | No | No | Yes |
| CVE-2022-26891 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 8.3 | No | No | No | Yes |
| CVE-2022-26894 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 8.3 | No | No | No | Yes |
| CVE-2022-26895 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 8.3 | No | No | No | Yes |
| CVE-2022-26900 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 8.3 | No | No | No | Yes |
| CVE-2022-26908 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 8.3 | No | No | No | Yes |
| CVE-2022-26909 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Moderate | 8.3 | No | No | No | Yes |
| CVE-2022-26912 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Moderate | 8.3 | No | No | No | Yes |
| CVE-2022-26919 | Windows LDAP Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Yes – An administrator must increase the default MaxReceiveBuffer LDAP setting | Yes |
| CVE-2022-24490 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | Important | 8.1 | No | No | No | Yes |
| CVE-2022-24539 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | Important | 8.1 | No | No | No | Yes |
| CVE-2022-24545 | Windows Kerberos Remote Code Execution Vulnerability | Important | 8.1 | No | No | No | Yes |
| CVE-2022-24472 | Microsoft SharePoint Server Spoofing Vulnerability | Important | 8 | No | No | No | Yes |
| CVE-2022-24533 | Remote Desktop Protocol Remote Code Execution Vulnerability | Important | 8 | No | No | No | Yes |
| CVE-2022-24489 | Cluster Client Failover (CCF) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24479 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24532 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24496 | Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24473 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26901 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26788 | PowerShell Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24513 | Visual Studio Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26914 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24494 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24549 | Windows AppX Package Manager Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24481 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24488 | Windows Desktop Bridge Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24547 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24546 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24527 | Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26916 | Windows Fax Compose Form Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26917 | Windows Fax Compose Form Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26918 | Windows Fax Compose Form Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26810 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26903 | Windows Graphics Component Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24499 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24530 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24486 | Windows Kerberos Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24544 | Windows Kerberos Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26786 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26787 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26789 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26790 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26791 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26792 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26793 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26794 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26795 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26796 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26797 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26798 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26801 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26802 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-26803 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24550 | Windows Telephony Server Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24543 | Windows Upgrade Assistant Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24474 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-24542 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-22008 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 7.7 | No | No | No | Yes |
| CVE-2022-24537 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 7.7 | No | No | No | Yes |
| CVE-2022-22009 | Windows Hyper-V Remote Code Execution Vulnerability | Important | 7.7 | No | No | No | |
| CVE-2022-26832 | .NET Framework Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-26830 | DiskUsage.exe Remote Code Execution Vulnerability | Important | 7.5 | No | No | Yes – Block TCP port 445 at the enterprise perimeter firewall | |
| CVE-2022-26924 | YARP Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-24485 | Win32 File Enumeration Remote Code Execution Vulnerability | Important | 7.5 | No | No | Yes – Block TCP port 445 at the enterprise perimeter firewall | |
| CVE-2022-21983 | Win32 Stream Enumeration Remote Code Execution Vulnerability | Important | 7.5 | No | No | Yes – Block TCP port 445 at the enterprise perimeter firewall | |
| CVE-2022-24534 | Win32 Stream Enumeration Remote Code Execution Vulnerability | Important | 7.5 | No | No | Yes – Block TCP port 445 at the enterprise perimeter firewall | |
| CVE-2022-26814 | Windows DNS Server Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-26817 | Windows DNS Server Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-26818 | Windows DNS Server Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-26829 | Windows DNS Server Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-26831 | Windows LDAP Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-26915 | Windows Secure Channel Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-26898 | Azure Site Recovery Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-24536 | Windows DNS Server Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-26811 | Windows DNS Server Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-26813 | Windows DNS Server Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-26823 | Windows DNS Server Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-26824 | Windows DNS Server Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-26825 | Windows DNS Server Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-26826 | Windows DNS Server Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-23292 | Microsoft Power BI Spoofing Vulnerability | Important | 7.1 | No | No | No | |
| CVE-2022-24482 | Windows ALPC Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-24540 | Windows ALPC Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-26828 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-24495 | Windows Direct Show – Remote Code Execution Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-26808 | Windows File Explorer Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-26827 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-26807 | Windows Work Folder Service Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-26812 | Windows DNS Server Remote Code Execution Vulnerability | Important | 6.7 | No | No | No | |
| CVE-2022-26819 | Windows DNS Server Remote Code Execution Vulnerability | Important | 6.6 | No | No | No | |
| CVE-2022-26820 | Windows DNS Server Remote Code Execution Vulnerability | Important | 6.6 | No | No | No | |
| CVE-2022-26821 | Windows DNS Server Remote Code Execution Vulnerability | Important | 6.6 | No | No | No | |
| CVE-2022-26822 | Windows DNS Server Remote Code Execution Vulnerability | Important | 6.6 | No | No | No | |
| CVE-2022-26911 | Skype for Business Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2022-24538 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2022-26784 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2022-23268 | Windows Hyper-V Denial of Service Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2022-26783 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2022-26785 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2022-24498 | Windows iSCSI Target Service Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2022-24548 | Microsoft Defender Denial of Service Vulnerability | Important | 5.5 | No | No | Yes – Systems that have disabled Microsoft Defender are not in an exploitable state. | |
| CVE-2022-24493 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2022-24484 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2022-26920 | Windows Graphics Component Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2022-24483 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2022-26907 | Azure SDK for .NET Information Disclosure Vulnerability | Important | 5.3 | No | No | No | |
| CVE-2022-26910 | Skype for Business and Lync Spoofing Vulnerability | Important | 5.3 | No | No | No | |
| CVE-2022-26896 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 4.9 | No | No | No | |
| CVE-2022-26897 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 4.9 | No | No | No | |
| CVE-2022-26816 | Windows DNS Server Information Disclosure Vulnerability | Important | 4.9 | No | No | No | |
| CVE-2022-24523 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Moderate | 4.3 | No | No | No | |
| CVE-2022-24767 | GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account | Important | Unknown | No | No | No | Yes |
| CVE-2022-24765 | GitHub: Uncontrolled search for the Git directory in Git for Windows | Important | Unknown | No | No | No | Yes |
| CVE-2022-26921 | Visual Studio Code Elevation of Privilege Vulnerability | Important | Unknown | No | No | No | Yes |
Experience the Power of Syxsense
Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.
