Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days
Microsoft’s April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws.
Microsoft has fixed 119 vulnerabilities (not including 26 Microsoft Edge vulnerabilities) with today’s update, with ten classified as Critical as they allow remote code execution.
The number of bugs in each vulnerability category is listed below:
- 47 Elevation of Privilege Vulnerabilities
- 0 Security Feature Bypass Vulnerabilities
- 47 Remote Code Execution Vulnerabilities
- 13 Information Disclosure Vulnerabilities
- 9 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
- 26 Edge – Chromium Vulnerabilities
Two zero-days fixed, one actively exploited
This month’s Patch Tuesday includes fixes for two zero-day vulnerabilities, one publicly disclosed and the other actively exploited in attacks.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
- Windows User Profile Service Elevation of Privilege Vulnerability
The publicly exposed zero-day is a privilege elevation bug discovered by CrowdStrike and the US National Security Agency (NSA).
- Windows Common Log File System Driver Elevation of Privilege Vulnerability
Now that Microsoft has issued patches for these vulnerabilities, it should be expected for threat actors to analyze the vulnerabilities to learn how to exploit them.