Microsoft Patch Tuesday, April 2022 Edition – Krebs on Security

Microsoft Tuesday released updates to fix approximately 120 security vulnerabilities in its the Windows operating systems and other software. Two of the flaws were publicly detailed before this week, and one is already being actively exploited, according to a report from the United States National Security Agency (NSA).

Of particular concern this month is CVE-2022-24521, a “privilege escalation” vulnerability in the Windows Common Log File System Driver. In its advisory, Microsoft said it had received a report from the NSA that the flaw was under active attack.

“It is unclear how widely the exploit is used in the wild, but it is likely still targeted at this point and not widely available,” assessed Dustin Childs with Trend Micro’s Zero Day initiative. “Go patch your systems before the situation changes.”

Nine of the push updates this week address issues that Microsoft considers “critical”, meaning the flaws they fix could be exploited by malware or malcontents to seize full, remote access to a system. Windows without any help from the user.

Among the most frightening critical bugs is CVE-2022-26809, a potentially “worming” weakness in a core component of Windows (PRC) which had a CVSS score of 9.8 (10 being the worst). Microsoft said it believes exploitation of this flaw is more likely than not.

Other potentially worming threats this month include CVE-2022-24491 and CVE-2022-24497, Windows Network file system (NFS) which also register CVSS scores of 9.8 and are listed as “most likely exploitation by Microsoft”.

“These could be the type of vulnerabilities that attract ransomware operators because they offer the possibility of exposing critical data,” said Kevin BreenDirector of Cyber ​​Threat Research at Immersive labs. “It’s also important for security teams to note that the NFS role is not a default configuration for Windows devices.”

Speaking of worming flaws, CVE-2022-24500 is a critical bug in the Windows Server message block (SME).

“It’s especially poignant in the run-up to the anniversary of WannaCry, which used the EternalBlue SMB vulnerability to spread at high speed,” Breen added. “Microsoft advises blocking TCP port 445 at the perimeter firewall, which is strong advice regardless of this specific vulnerability. While this will not stop exploitation by attackers inside the local network, it will prevent further attacks from the Internet.

Additionally, this month’s patch bundle from Redmond brings updates for Exchange server, Office, SharePoint Server, Windows Hyper-V, dns server, Skype for Business, .REPORT and VisualStudio, Windows app storeand Windows Print Spooler Components.

As is usually the case on the second Tuesday of each month, Adobe released four patches fixing 70 vulnerabilities in Acrobat and Reader, photoshop, Side effectsand Adobe Commerce. More information about these updates is available here.

For a full rundown of all patches released by Microsoft today, and indexed by severity and other metrics, see the always-helpful Patch Tuesday summary of the Internet Storm Center WITHOUT. And it’s not a bad idea to delay the update for a few days until Microsoft fixes the issues in the updates: usually has the list of patches that can cause problems for users of Windows.

As always, consider backing up your system or at least your important documents and data before applying system updates. And if you have any issues with these fixes, please let us know here in the comments.