This month we got patches for 145 vulnerabilities. Of these, 10 are critical, 1 was previously disclosed, and one is already being exploited according to Microsoft.
The exploited vulnerability is an Elevation of Privilege on Windows Common Log File System Driver (CVE-2022-24521). There are no details about the vulnerability in the advisory. It is rated as important and has a CVSS of 7.80.
Among critical vulnerabilities, there is a Remote Code Execution (RCE) affecting Windows Network File System (CVE-2022-24497). To exploit this vulnerability, an attacker could send a specially crafted NFS protocol network message to a vulnerable Windows machine, which could enable remote code execution. The vulnerability is only exploitable for systems that have the NFS role enabled. More information about NFS is available at https://docs.microsoft.com/en-us/windows-server/storage/nfs/nfs-overview and information about installing and uninstalling Roles Services is available at https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#install-roles-role-services-and-features-by-using-the-add-roles-and-features-wizard.
But there's another vulnerability even more worrying: an RCE affecting Remote Procedure Call Runtime (CVE-2022-26809). According to the advisory, exploitation of this vulnerability could result in remote code execution on the server-side with the same permissions as the RPC service. The vulnerability requires no user interaction, requires no privilege, has a low attack complexity and the attack vector is network. Due to those characteristics, this is a potential wormable vulnerability. The mitigation for the vulnerability is blocking port TCP/445 or protecting it as much as possible - mainly from access coming from the Internet. The exploitability is 'More Likely' but there is no exploitation detected according to Microsoft. The CVSS is 9.80.
The already disclosed vulnerability affects Windows User Profile Service (CVE-2022-26904). According to the advisory, despite not requiring user interaction, the attack complexity for this vulnerability is high. The vulnerability's exploitability is 'More Likely' and its CVSS is 7.00
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/
April 2022 Security Updates
Apr 12th 2022
|Thread locked Subscribe||
Apr 12th 2022
5 months ago