Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days

Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days

Today is Microsoft’s April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws.

Microsoft has fixed 119 vulnerabilities (not including 26 Microsoft Edge vulnerabilities) with today’s update, with ten classified as Critical as they allow remote code execution.

Also Read: Cybersecurity Singapore: The nation’s approach to protecting its cybersecurity

The number of bugs in each vulnerability category is listed below:

  • 47 Elevation of Privilege Vulnerabilities
  • 0 Security Feature Bypass Vulnerabilities
  • 47 Remote Code Execution Vulnerabilities
  • 13 Information Disclosure Vulnerabilities
  • 9 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities
  • 26 Edge – Chromium Vulnerabilities

For information about the non-security Windows updates, you can read about today’s Windows 10 KB5012599 and KB5012591 updates and the Windows 11 KB5012592 update.

Two zero-days fixed, one actively exploited

This month’s Patch Tuesday includes fixes for two zero-day vulnerabilities, one publicly disclosed and the other actively exploited in attacks.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The actively exploited zero-day vulnerability fixed today is a bug that security researcher Abdelhamid Naceri discovered that Microsoft previously tried to fix twice after new patch bypasses were discovered.

  • CVE-2022-26904 – Windows User Profile Service Elevation of Privilege Vulnerability

The publicly exposed zero-day is a privilege elevation bug discovered by CrowdStrike and the US National Security Agency (NSA).

  • CVE-2022-24521 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Now that Microsoft has issued patches for these vulnerabilities, it should be expected for threat actors to analyze the vulnerabilities to learn how to exploit them.

Therefore, it is strongly advised to install today’s security updates as soon as possible.

Also Read: Knowing the basics of cybersecurity

Recent updates from other companies

Other vendors who released updates in April 2022 include:

The April 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the April 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
.NET FrameworkCVE-2022-26832.NET Framework Denial of Service VulnerabilityImportant
Active Directory Domain ServicesCVE-2022-26814Windows DNS Server Remote Code Execution VulnerabilityImportant
Active Directory Domain ServicesCVE-2022-26817Windows DNS Server Remote Code Execution VulnerabilityImportant
Azure SDKCVE-2022-26907Azure SDK for .NET Information Disclosure VulnerabilityImportant
Azure Site RecoveryCVE-2022-26898Azure Site Recovery Remote Code Execution VulnerabilityImportant
Azure Site RecoveryCVE-2022-26897Azure Site Recovery Information Disclosure VulnerabilityImportant
Azure Site RecoveryCVE-2022-26896Azure Site Recovery Information Disclosure VulnerabilityImportant
LDAP – Lightweight Directory Access ProtocolCVE-2022-26831Windows LDAP Denial of Service VulnerabilityImportant
LDAP – Lightweight Directory Access ProtocolCVE-2022-26919Windows LDAP Remote Code Execution VulnerabilityCritical
Microsoft Bluetooth DriverCVE-2022-26828Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2022-23259Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based)CVE-2022-26909Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-1139Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-26912Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-26908Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-1146Chromium: CVE-2022-1146 Inappropriate implementation in Resource TimingUnknown
Microsoft Edge (Chromium-based)CVE-2022-26895Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-26900Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-26894Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-1232Chromium: CVE-2022-1232 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-26891Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-1125Chromium: CVE-2022-1125 Use after free in PortalsUnknown
Microsoft Edge (Chromium-based)CVE-2022-1136Chromium: CVE-2022-1136 Use after free in Tab StripUnknown
Microsoft Edge (Chromium-based)CVE-2022-24475Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-1145Chromium: CVE-2022-1145 Use after free in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2022-1135Chromium: CVE-2022-1135 Use after free in Shopping CartUnknown
Microsoft Edge (Chromium-based)CVE-2022-1138Chromium: CVE-2022-1138 Inappropriate implementation in Web CursorUnknown
Microsoft Edge (Chromium-based)CVE-2022-1143Chromium: CVE-2022-1143 Heap buffer overflow in WebUIUnknown
Microsoft Edge (Chromium-based)CVE-2022-24523Microsoft Edge (Chromium-based) Spoofing VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-1137Chromium: CVE-2022-1137 Inappropriate implementation in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2022-1134Chromium: CVE-2022-1134 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-1127Chromium: CVE-2022-1127 Use after free in QR Code GeneratorUnknown
Microsoft Edge (Chromium-based)CVE-2022-1128Chromium: CVE-2022-1128 Inappropriate implementation in Web Share APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-1133Chromium: CVE-2022-1133 Use after free in WebRTCUnknown
Microsoft Edge (Chromium-based)CVE-2022-1130Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTPUnknown
Microsoft Edge (Chromium-based)CVE-2022-1129Chromium: CVE-2022-1129 Inappropriate implementation in Full Screen ModeUnknown
Microsoft Edge (Chromium-based)CVE-2022-1131Chromium: CVE-2022-1131 Use after free in Cast UIUnknown
Microsoft Graphics ComponentCVE-2022-26920Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-26903Windows Graphics Component Remote Code Execution VulnerabilityImportant
Microsoft Local Security Authority Server (lsasrv)CVE-2022-24493Microsoft Local Security Authority (LSA) Server Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2022-24473Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2022-26901Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-24472Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Windows ALPCCVE-2022-24482Windows ALPC Elevation of Privilege VulnerabilityImportant
Microsoft Windows ALPCCVE-2022-24540Windows ALPC Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-24532HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Media FoundationCVE-2022-24495Windows Direct Show – Remote Code Execution VulnerabilityImportant
Power BICVE-2022-23292Microsoft Power BI Spoofing VulnerabilityImportant
Role: DNS ServerCVE-2022-26815Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26816Windows DNS Server Information Disclosure VulnerabilityImportant
Role: DNS ServerCVE-2022-24536Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26824Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26823Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26822Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26829Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26826Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26825Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26821Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26820Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26813Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26818Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26819Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26811Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-26812Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-22008Windows Hyper-V Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2022-24490Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-24539Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-26785Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-26783Windows Hyper-V Shared Virtual Hard Disks Information Disclosure VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-24537Windows Hyper-V Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2022-23268Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-23257Windows Hyper-V Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2022-22009Windows Hyper-V Remote Code Execution VulnerabilityImportant
Skype for BusinessCVE-2022-26911Skype for Business Information Disclosure VulnerabilityImportant
Skype for BusinessCVE-2022-26910Skype for Business and Lync Spoofing VulnerabilityImportant
Visual StudioCVE-2022-24767GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user accountImportant
Visual StudioCVE-2022-24765GitHub: Uncontrolled search for the Git directory in Git for WindowsImportant
Visual StudioCVE-2022-24513Visual Studio Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2022-26921Visual Studio Code Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2022-24494Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows App StoreCVE-2022-24488Windows Desktop Bridge Elevation of Privilege VulnerabilityImportant
Windows AppX Package ManagerCVE-2022-24549Windows AppX Package Manager Elevation of Privilege VulnerabilityImportant
Windows Cluster Client FailoverCVE-2022-24489Cluster Client Failover (CCF) Elevation of Privilege VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-24538Windows Cluster Shared Volume (CSV) Denial of Service VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-26784Windows Cluster Shared Volume (CSV) Denial of Service VulnerabilityImportant
Windows Cluster Shared Volume (CSV)CVE-2022-24484Windows Cluster Shared Volume (CSV) Denial of Service VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-24521Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-24481Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2022-24548Microsoft Defender Denial of Service VulnerabilityImportant
Windows DWM Core LibraryCVE-2022-24546Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows Endpoint Configuration ManagerCVE-2022-24527Windows Endpoint Configuration Manager Elevation of Privilege VulnerabilityImportant
Windows Fax Compose FormCVE-2022-26917Windows Fax Compose Form Remote Code Execution VulnerabilityImportant
Windows Fax Compose FormCVE-2022-26916Windows Fax Compose Form Remote Code Execution VulnerabilityImportant
Windows Fax Compose FormCVE-2022-26918Windows Fax Compose Form Remote Code Execution VulnerabilityImportant
Windows Feedback HubCVE-2022-24479Connected User Experiences and Telemetry Elevation of Privilege VulnerabilityImportant
Windows File ExplorerCVE-2022-26808Windows File Explorer Elevation of Privilege VulnerabilityImportant
Windows File ServerCVE-2022-26827Windows File Server Resource Management Service Elevation of Privilege VulnerabilityImportant
Windows File ServerCVE-2022-26810Windows File Server Resource Management Service Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2022-24499Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2022-24530Windows Installer Elevation of Privilege VulnerabilityImportant
Windows iSCSI Target ServiceCVE-2022-24498Windows iSCSI Target Service Information Disclosure VulnerabilityImportant
Windows KerberosCVE-2022-24545Windows Kerberos Remote Code Execution VulnerabilityImportant
Windows KerberosCVE-2022-24486Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2022-24544Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-24483Windows Kernel Information Disclosure VulnerabilityImportant
Windows Local Security Authority Subsystem ServiceCVE-2022-24487Windows Local Security Authority (LSA) Remote Code Execution VulnerabilityImportant
Windows Local Security Authority Subsystem ServiceCVE-2022-24496Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2022-24547Windows Digital Media Receiver Elevation of Privilege VulnerabilityImportant
Windows Network File SystemCVE-2022-24491Windows Network File System Remote Code Execution VulnerabilityCritical
Windows Network File SystemCVE-2022-24497Windows Network File System Remote Code Execution VulnerabilityCritical
Windows PowerShellCVE-2022-26788PowerShell Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26789Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26787Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26786Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26796Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26790Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26803Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26802Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26794Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26795Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26797Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26798Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26791Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26801Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26793Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-26792Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows RDPCVE-2022-24533Remote Desktop Protocol Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-26809Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Remote Procedure Call RuntimeCVE-2022-24528Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-24492Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows schannelCVE-2022-26915Windows Secure Channel Denial of Service VulnerabilityImportant
Windows SMBCVE-2022-24485Win32 File Enumeration Remote Code Execution VulnerabilityImportant
Windows SMBCVE-2022-26830DiskUsage.exe Remote Code Execution VulnerabilityImportant
Windows SMBCVE-2022-21983Win32 Stream Enumeration Remote Code Execution VulnerabilityImportant
Windows SMBCVE-2022-24541Windows Server Service Remote Code Execution VulnerabilityCritical
Windows SMBCVE-2022-24500Windows SMB Remote Code Execution VulnerabilityCritical
Windows SMBCVE-2022-24534Win32 Stream Enumeration Remote Code Execution VulnerabilityImportant
Windows Telephony ServerCVE-2022-24550Windows Telephony Server Elevation of Privilege VulnerabilityImportant
Windows Upgrade AssistantCVE-2022-24543Windows Upgrade Assistant Remote Code Execution VulnerabilityImportant
Windows User Profile ServiceCVE-2022-26904Windows User Profile Service Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2022-24474Windows Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2022-26914Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2022-24542Windows Win32k Elevation of Privilege VulnerabilityImportant
Windows Work Folder ServiceCVE-2022-26807Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
YARP reverse proxyCVE-2022-26924YARP Denial of Service VulnerabilityImportant

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us