Microsoft just released its April 2022 Patch Tuesday, containing fixes for one vulnerability exploited in the wild (CVE-2022-24521), and another one that was disclosed publicly. The company patched a total of 128 bugs, among which 10 critical remote code execution vulnerabilities.
Related: The Windows User Security Bible: Vulnerabilities and Patches
Of the 128 security flaws, 10 are rated Critical on the CVSS scale, 115 are rated Important, and three are rated Moderate in terms of their severity. It is noteworthy that six of the flaws were reported through the Zero Day Initiative program. “This large volume of patches hasn’t been seen since the fall of 2020. However, this level is similar to what we saw in the first quarter of last year,” ZDI noted.
CVE-2022-24521 Exploited in the Wild
As we already mentioned, CVE-2022-24521 has been exploited in the wild. The vulnerability, which is an elevation-of-privilege issue, was reported by NSA and CrowdStrike. The issue resides in the Windows Common Log File System Driver, and doesn’t require any human interaction to be exploited. Even though it was rated as “important,” the vulnerability is still dangerous, as its attack complexity has been rated as “low”.
The bug can be leveraged by rogue software or rogue users to gain administrative privileges on a logged-in system. It affects a number of Windows versions (including Windows 11), and you can read more about it in Microsoft’s Security Update Guide dedicated to CVE-2022-24521.
The most severe vulnerability patched this month is CVE-2022-26815, a Windows DNS Server Remote Code Execution Vulnerability. It is one of 18 DNS Server flaws patched this month. ZDI pointed out that the vulnerability is very similar to another one addressed in February 2022, raising the question if the latter bug is a result of a failed patch.
“There are a couple of important mitigations to point out here. The first is that dynamic updates must be enabled for a server to be affected by this bug. The CVSS also lists some level of privileges to exploit. Still, any chance of an attacker getting RCE on a DNS server is one too many, so get your DNS servers patched,” ZDI highlighted.
CVE-2022-26904 Publicly Known Vulnerability
Another notable vulnerability in this month’s share of patches is CVE-2022-26904 – a Windows User Profile Service Elevation of Privilege Vulnerability. This is a publicly known issue, and there is a proof-of-concept available, and a Metaspolit module as well. Once privileges are elevated, threat actors can gain code execution at SYSTEM level.
“They would, of course, need some level privileges before they could escalate. That’s why these types of bugs are often paired with code execution bugs like the ones in Adobe Reader (mentioned above) to completely take over a system,” ZDI added.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: