Microsoft Patch Tuesday – April 2022

This month, Microsoft has fixed 119 vulnerabilities, including 10 criticals and also 2 zero-days.

CVE-2022-24521 and CVE-2022-26904 are “only” privilege escalation vulnerabilities but combined with other bugs they might allow an attacker to code execution at the SYSTEM level. Due to exploitation of the first one is already detected and the second one is rated as “exploitation more likely”, please consider patching ASAP.

CVE-2022-26809 is marked as “exploitation more likely” and could allow a remote attacker to execute code with high privileges on an affected system. No user interaction is required, so it might be used between machines where RPC can be reached. Please check if TCP/135 is blocked at the network perimeter (typical scenario) to eliminate risk from outside, but definitely put a high priority on that one.

CVE-2022-24491 and CVE-2022-24497 occur only on systems with the NFS role enabled. Once again, a remote attacker could execute code with high privileges and without user interaction. Very similar situation to the above one – please check if ports are blocked at the network perimeter, especially port 2049. Also, high priority!

Below you can see the most important CVEs released by Microsoft for April 2022 (zero-days, critical, and with CVSS at least 8.0). Besides the vulnerabilities already mentioned, you can find also several quite interesting ones concerning SMB, LDAP, DNS, Kerberos, or RDP.

CVE NumberCVE TitleSeverity (CVSS score)Attack VectorAttack ComplexityPrivileges RequiredUser interactionExploit Code MaturityApplicable for
CVE-2022-24521Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant (7.8)LocalLowLowNoneFunctional/ExploitedWindows 7+
Server 2008+
CVE-2022-26904Windows User Profile Service Elevation of Privilege VulnerabilityImportant (7.0)LocalHighLowNoneFunctionalWindows 7+
Server 2008+
CVE-2022-26809RPC Runtime Library Remote Code Execution VulnerabilityCritical (9.8)NetworkLowNoneNoneUnprovenWindows 7+
Server 2008+
CVE-2022-24491Windows Network File System Remote Code Execution VulnerabilityCritical (9.8)NetworkLowNoneNoneUnprovenWindows 8.1+
Server 2012+
CVE-2022-24497Windows Network File System Remote Code Execution VulnerabilityCritical (9.8)NetworkLowNoneNoneUnprovenWindows 8.1+
Server 2012+
CVE-2022-24541Windows Server Service Remote Code Execution VulnerabilityCritical (8.8)NetworkLowNoneRequiredUnprovenWindows 7+
Server 2008+
CVE-2022-24500Windows SMB Remote Code Execution VulnerabilityCritical (8.8)NetworkLowNoneRequiredUnprovenWindows 7+
Server 2008+
CVE-2022-23259Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityCritical (8.8)NetworkLowLowNoneUnprovenDynamics 365 (on-premises) 9.0 – 9.1
CVE-2022-23257Windows Hyper-V Remote Code Execution VulnerabilityCritical (8.6)LocalLowLowNoneUnprovenWindows 10 20H2+
Server 20H2+
CVE-2022-22008Windows Hyper-V Remote Code Execution VulnerabilityCritical (7.7)LocalHighLowNoneUnprovenWindows 8.1+
Server 2012 R2+
CVE-2022-24537Windows Hyper-V Remote Code Execution VulnerabilityCritical (7.7)LocalHighLowNoneUnprovenWindows 10+
Server 2016+
CVE-2022-26919Windows LDAP Remote Code Execution VulnerabilityCritical (8.1)NetworkLowNoneRequiredUnprovenWindows 7+
Server 2008+
CVE-2022-24492Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant (8.8)NetworkLowNoneRequiredUnprovenWindows 7+
Server 2008+
CVE-2022-24528Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant (8.8)NetworkLowNoneRequiredUnprovenWindows 7+
Server 2008+
CVE-2022-26815Windows DNS Server Remote Code Execution VulnerabilityImportant (8.8)NetworkLowHighNoneUnprovenServer 2008+
CVE-2022-24487Windows Local Security Authority (LSA) Remote Code Execution VulnerabilityImportant (8.8)NetworkLowLowNoneUnprovenWindows 10+
Server 2016+
CVE-2022-24490Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityImportant (8.1)NetworkLowLowNoneUnprovenServer 2016+
CVE-2022-24539Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityImportant (8.1)NetworkLowLowNoneUnprovenServer 2016+
CVE-2022-24545Windows Kerberos Remote Code Execution VulnerabilityImportant (8.1)NetworkHighNoneNoneUnprovenWindows 10+
Server 2016+
CVE-2022-24533Remote Desktop Protocol Remote Code Execution VulnerabilityImportant (8.0)NetworkLowLowRequiredUnprovenWindows 7+
Server 2012+

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top