• Home
  • News
  • Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days


Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days

Posted on April 13, 2022 by

Microsoft’s April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws.

Microsoft has fixed 119 vulnerabilities (not including 26 Microsoft Edge vulnerabilities) with today’s update, with ten classified as Critical as they allow remote code execution.

The number of bugs in each vulnerability category is listed below:

  • 47 Elevation of Privilege Vulnerabilities
  • 0 Security Feature Bypass Vulnerabilities
  • 47 Remote Code Execution Vulnerabilities
  • 13 Information Disclosure Vulnerabilities
  • 9 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities
  • 26 Edge – Chromium Vulnerabilities

Two zero-days fixed, one actively exploited

This month’s Patch Tuesday includes fixes for two zero-day vulnerabilities, one publicly disclosed and the other actively exploited in attacks.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

  • Windows User Profile Service Elevation of Privilege Vulnerability

The publicly exposed zero-day is a privilege elevation bug discovered by CrowdStrike and the US National Security Agency (NSA).

  • Windows Common Log File System Driver Elevation of Privilege Vulnerability

Now that Microsoft has issued patches for these vulnerabilities, it should be expected for threat actors to analyze the vulnerabilities to learn how to exploit them.