Lucene search

K
rapid7blogGreg WisemanRAPID7BLOG:266ADCD22F7AAC05069D569EBF2FEBB9
HistoryApr 12, 2022 - 6:48 p.m.

Patch Tuesday - April 2022

2022-04-1218:48:11
Greg Wiseman
blog.rapid7.com
54
microsoft
patch tuesday
april 2022
vulnerabilities
lpes
rces
patching
core os
smb client
skype for business
excel
sharepoint server
network perimeter
rapid7
technical writeup.

EPSS

0.031

Percentile

91.1%

Patch Tuesday - April 2022

From Defender to Windows, Office to Azure, this month’s Patch Tuesday has a large swath of Microsoft’s portfolio getting vulnerabilities fixed. 119 CVEs were addressed today, not including the 26 Chromium vulnerabilities that were fixed in the Edge browser.

One of these has been observed being exploited in the wild: CVE-2022-24521, reported to Microsoft by the National Security Agency, affects the Common Log File System Driver in all supported versions of Windows and allows attackers to gain additional privileges on a system they already have local access to. Another local privilege escalation (LPE), CVE-2022-26904 affecting the Windows User Profile Service, had been publicly disclosed but not reported as already being exploited – it’s harder for attackers to leverage as it relies on winning a race condition, which can be tricky to reliably achieve.

LPEs don’t always get the same attention that remote code execution (RCE) vulnerabilities do, but they can be a great help to attackers after they gain an initial foothold. These two categories dominate this month’s vulnerabilities, with 55 LPEs and 47 RCEs getting patched. 10 of the RCEs are considered “Critical,” affecting Windows Hyper-V (CVE-2022-22008, CVE-2022-23257, CVE-2022-24537); Windows SMB Client (CVE-2022-24500, CVE-2022-24541); Windows Network File System (CVE-2022-24491 and CVE-2022-24497); LDAP (CVE-2022-26919); Microsoft Dynamics (CVE-2022-23259); and the Windows RPC Runtime (CVE-2022-26809).

On the Office side of the house, Skype for Business Server was patched for spoofing (CVE-2022-26910) and information disclosure (CVE-2022-26911) vulnerabilities. Two RCEs affecting Excel (CVE-2022-24473 and CVE-2022-26901) were fixed, as well as a spoofing vulnerability in SharePoint Server (CVE-2022-24472).

With so many vulnerabilities to manage, it can be difficult to prioritize. Thankfully, most of this month’s CVEs can be addressed by patching the core OS. Administrators should first focus on updating any public-facing servers before moving on to internal servers and then client systems. The SMB Client vulnerabilities can also be mitigated by blocking port 445/tcp at the network perimeter – victims need to be enticed to connect to a malicious SMB server, and this would help against Internet-based attackers. Of course, this won’t help much if the malicious system was set up within the perimeter.

For any readers who enjoy deeper dives into vulnerabilities and exploits, Rapid7’s Jake Baines has a technical writeup of CVE-2022-24527, an LPE he discovered in the Connected Cache component of Microsoft Endpoint Manager that got fixed today. Check it out!

Summary charts

Patch Tuesday - April 2022Patch Tuesday - April 2022Patch Tuesday - April 2022Patch Tuesday - April 2022

Summary tables

Azure Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-26898 Azure Site Recovery Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26896 Azure Site Recovery Information Disclosure Vulnerability No No 4.9 Yes
CVE-2022-26897 Azure Site Recovery Information Disclosure Vulnerability No No 4.9 Yes
CVE-2022-26907 Azure SDK for .NET Information Disclosure Vulnerability No No 5.3 Yes

Browser Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-24523 Microsoft Edge (Chromium-based) Spoofing Vulnerability No No 4.3 Yes
CVE-2022-24475 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26891 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26894 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26895 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26900 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26908 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26909 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-26912 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 8.3 Yes
CVE-2022-1232 Chromium: CVE-2022-1232 Type Confusion in V8 No No N/A Yes
CVE-2022-1146 Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing No No N/A Yes
CVE-2022-1145 Chromium: CVE-2022-1145 Use after free in Extensions No No N/A Yes
CVE-2022-1143 Chromium: CVE-2022-1143 Heap buffer overflow in WebUI No No N/A Yes
CVE-2022-1139 Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch API No No N/A Yes
CVE-2022-1138 Chromium: CVE-2022-1138 Inappropriate implementation in Web Cursor No No N/A Yes
CVE-2022-1137 Chromium: CVE-2022-1137 Inappropriate implementation in Extensions No No N/A Yes
CVE-2022-1136 Chromium: CVE-2022-1136 Use after free in Tab Strip No No N/A Yes
CVE-2022-1135 Chromium: CVE-2022-1135 Use after free in Shopping Cart No No N/A Yes
CVE-2022-1134 Chromium: CVE-2022-1134 Type Confusion in V8 No No N/A Yes
CVE-2022-1133 Chromium: CVE-2022-1133 Use after free in WebRTC No No N/A Yes
CVE-2022-1131 Chromium: CVE-2022-1131 Use after free in Cast UI No No N/A Yes
CVE-2022-1130 Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTP No No N/A Yes
CVE-2022-1129 Chromium: CVE-2022-1129 Inappropriate implementation in Full Screen Mode No No N/A Yes
CVE-2022-1128 Chromium: CVE-2022-1128 Inappropriate implementation in Web Share API No No N/A Yes
CVE-2022-1127 Chromium: CVE-2022-1127 Use after free in QR Code Generator No No N/A Yes
CVE-2022-1125 Chromium: CVE-2022-1125 Use after free in Portals No No N/A Yes

Developer Tools Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-26924 YARP Denial of Service Vulnerability No No 7.5 Yes
CVE-2022-24513 Visual Studio Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26921 Visual Studio Code Elevation of Privilege Vulnerability No No 7.3 No
CVE-2022-24765 GitHub: Uncontrolled search for the Git directory in Git for Windows No No N/A Yes
CVE-2022-24767 GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account No No N/A Yes
CVE-2022-26832 .NET Framework Denial of Service Vulnerability No No 7.5 No

Microsoft Dynamics Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-23259 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability No No 8.8 Yes

Microsoft Office Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-26910 Skype for Business and Lync Spoofing Vulnerability No No 5.3 Yes
CVE-2022-26911 Skype for Business Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-24472 Microsoft SharePoint Server Spoofing Vulnerability No No 8 Yes
CVE-2022-24473 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-26901 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Yes

SQL Server Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-23292 Microsoft Power BI Spoofing Vulnerability No No 5.9 Yes

System Center Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-24548 Microsoft Defender Denial of Service Vulnerability No No 5.5 Yes

Windows Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-24543 Windows Upgrade Assistant Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24550 Windows Telephony Server Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26786 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26789 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26791 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26793 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26795 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24491 Windows Network File System Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-24497 Windows Network File System Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-24487 Windows Local Security Authority (LSA) Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-24483 Windows Kernel Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-24545 Windows Kerberos Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-24486 Windows Kerberos Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24490 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability No No 8.1 Yes
CVE-2022-24539 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability No No 8.1 Yes
CVE-2022-26783 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-26785 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-23257 Windows Hyper-V Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-22008 Windows Hyper-V Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24537 Windows Hyper-V Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-22009 Windows Hyper-V Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-23268 Windows Hyper-V Denial of Service Vulnerability No No 6.5 Yes
CVE-2022-26920 Windows Graphics Component Information Disclosure Vulnerability No No 5.5 Yes
CVE-2022-26808 Windows File Explorer Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-24495 Windows Direct Show - Remote Code Execution Vulnerability No No 7 Yes
CVE-2022-24547 Windows Digital Media Receiver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24488 Windows Desktop Bridge Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24546 Windows DWM Core Library Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26811 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26823 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26824 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26825 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26826 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26814 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26817 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26818 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26816 Windows DNS Server Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-24538 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability No No 6.5 No
CVE-2022-26784 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability No No 6.5 No
CVE-2022-24484 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability No No 5.5 No
CVE-2022-26828 Windows Bluetooth Driver Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-24549 Windows AppX Package Manager Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24482 Windows ALPC Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-26914 Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26788 PowerShell Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24496 Local Security Authority (LSA) Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24532 HEVC Video Extensions Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-26830 DiskUsage.exe Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-24479 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24489 Cluster Client Failover (CCF) Elevation of Privilege Vulnerability No No 7.8 No

Windows ESU Vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Has FAQ?
CVE-2022-24498 Windows iSCSI Target Service Information Disclosure Vulnerability No No 6.5 Yes
CVE-2022-26807 Windows Work Folder Service Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-24474 Windows Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24542 Windows Win32k Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability No Yes 7 Yes
CVE-2022-24541 Windows Server Service Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-26915 Windows Secure Channel Denial of Service Vulnerability No No 7.5 No
CVE-2022-24500 Windows SMB Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-26787 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26790 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26792 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26794 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26796 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26797 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26798 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26801 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26802 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26803 Windows Print Spooler Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26919 Windows LDAP Remote Code Execution Vulnerability No No 8.1 Yes
CVE-2022-26831 Windows LDAP Denial of Service Vulnerability No No 7.5 No
CVE-2022-24544 Windows Kerberos Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24530 Windows Installer Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24499 Windows Installer Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26903 Windows Graphics Component Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-26810 Windows File Server Resource Management Service Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-26827 Windows File Server Resource Management Service Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-26916 Windows Fax Compose Form Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-26917 Windows Fax Compose Form Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-26918 Windows Fax Compose Form Remote Code Execution Vulnerability No No 7.8 Yes
CVE-2022-24527 Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability No No 7.8 Yes
CVE-2022-26812 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26813 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-24536 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26815 Windows DNS Server Remote Code Execution Vulnerability No No 7.2 Yes
CVE-2022-26819 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26820 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26821 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26822 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-26829 Windows DNS Server Remote Code Execution Vulnerability No No 6.6 Yes
CVE-2022-24521 Windows Common Log File System Driver Elevation of Privilege Vulnerability Yes No 7.8 No
CVE-2022-24481 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24494 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No No 7.8 No
CVE-2022-24540 Windows ALPC Elevation of Privilege Vulnerability No No 7 Yes
CVE-2022-21983 Win32 Stream Enumeration Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-24534 Win32 Stream Enumeration Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-24485 Win32 File Enumeration Remote Code Execution Vulnerability No No 7.5 Yes
CVE-2022-26809 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 9.8 Yes
CVE-2022-24528 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-24492 Remote Procedure Call Runtime Remote Code Execution Vulnerability No No 8.8 Yes
CVE-2022-24533 Remote Desktop Protocol Remote Code Execution Vulnerability No No 8 Yes
CVE-2022-24493 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability No No 5.5 Yes

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

Subscribe