The latest Microsoft Patch Tuesday release fixes over 100 serious bugs

Windows 10
Windows 10 (Image credit: Future)

Patch Tuesday may be headed for Valhalla in the summer, but that doesn’t mean Microsoft will stop plugging holes until it does. 

The April 2022 Patch Tuesday was just released, and it features more than 100 fixes to serious bugs. All in all, 128 vulnerabilities were addressed, in a number of Microsoft products, including Windows, the antivirus tool Defender, Office, and many others. 

Of all the bugs, 10 were rated as “critical”, while the majority (115) as “important”. Three are “moderate”, one “publicly known”, and one “actively exploited”.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Privilege escalation

The actively exploited one is tracked as CVE-2022-24521, and is an elevation of privilege vulnerability found in the Windows Common Log File System (CLFS). Discovered by researchers from the National Security Agency (NSA) and cybersecurity firm CrowdStrike, it carries a severity score of 7.8.

The publicly known one is a zero-day tracked as CVE-2022-26804. It is also a endpoint privilege escalation flaw, found in the Windows USer Profile Service. It carries a severity score of 7.0, but requires an attacker to “win a race condition” in order to exploit it.

Other notable mentions include remote code execution vulnerabilities in RPC Runtime Library, Windows Network File System, Windows Server Service, Windows SMB, and Microsoft Dynamics 365.

The company has also addressed 18 flaws in Windows DNS Server, including 17 remote execution flaws. Furthermore, it patched 15 holes that allowed escalation of privilege in the Windows Print Spooler.

Microsoft has revealed it will be retiring Patch Tuesday within the next few months, replacing it with a new Windows Autopatch service that it says will keep all business computers and Office software up to date automatically.

Customers with at least a Windows 10 or Windows 11 Enterprise E3 license will be eligible for the new service, which is set to go live in July.

Microsoft Autopatch will split the devices into three groups, or “testing rings”, to make sure every process goes smoothly and without trouble.

Via: HackerNews

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

TOPICS