Patch Tuesday is once again upon us. The April 2022 edition of Patch Tuesday brings us 117 fixes, with 9 rated as critical. We’ve listed the most important changes below.
⚡ TL;DR | Go Straight to the April 2022 Patch Tuesday Audit Report
Windows Network File System RCE
One of the most critical vulnerabilities addressed in this month’s Patch Tuesday is a Windows Network File System Remote Code Execution vulnerability. Listed as CVE-2022-24491, this vulnerability has a CVSS base score of 9.8 in addition to Microsoft listing the exploitability as “Exploitation More Likely”. If exploited an attacker could send a specially crafted NFS protocol network message to a vulnerable Windows machine, which could enable remote code execution.
One important detail is that only servers with the Network File System (NFS) role installed are vulnerable, luckily, you can get a quick overview of all Windows Servers with the NFS role installed with the Lansweeper report.
Remote Procedure Call Runtime RCE
The second vulnerability with a CVSS base score of 9.8 is CVE-2022-26809. Similar to the NFS vulnerability, this one is also more than likely to be exploited according to Microsoft. To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server-side with the same permissions as the RPC service.
Microsoft has listed some mitigation options, however, installing the update to fix the vulnerability is obviously the preferred solution. If you’re unable to perform this update quickly, you can already do the following
1. Block TCP port 445 at the enterprise perimeter firewall
TCP port 445 is used to initiate a connection with the affected component. This can help protect networks from attacks that originate outside the enterprise perimeter. However, systems could still be vulnerable to attacks from within their enterprise perimeter.
2. Follow Microsoft guidelines to secure SMB traffic
Remaining Critical Vulnerabilities
Aside from the two vulnerabilities above, the following critical vulnerabilities are also worth taking a look at if you’re running affecting components:
CVE Number | CVE Title |
CVE-2022-26919 | Windows LDAP Remote Code Execution Vulnerability |
CVE-2022-24541 | Windows Server Service Remote Code Execution Vulnerability |
CVE-2022-24537 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2022-24500 | Windows SMB Remote Code Execution Vulnerability |
CVE-2022-23259 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability |
CVE-2022-23257 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2022-22008 | Windows Hyper-V Remote Code Execution Vulnerability |
Run the Patch Tuesday April 2022 Audit Report
To help manage your update progress, we’ve created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured
Patch Tuesday April 2022 CVE Codes & Titles
CVE Number | CVE Title |
CVE-2022-26924 | YARP Denial of Service Vulnerability |
CVE-2022-26921 | Visual Studio Code Elevation of Privilege Vulnerability |
CVE-2022-26920 | Windows Graphics Component Information Disclosure Vulnerability |
CVE-2022-26919 | Windows LDAP Remote Code Execution Vulnerability |
CVE-2022-26918 | Windows Fax Compose Form Remote Code Execution Vulnerability |
CVE-2022-26917 | Windows Fax Compose Form Remote Code Execution Vulnerability |
CVE-2022-26916 | Windows Fax Compose Form Remote Code Execution Vulnerability |
CVE-2022-26915 | Windows Secure Channel Denial of Service Vulnerability |
CVE-2022-26914 | Win32k Elevation of Privilege Vulnerability |
CVE-2022-26911 | Skype for Business Information Disclosure Vulnerability |
CVE-2022-26910 | Skype for Business and Lync Spoofing Vulnerability |
CVE-2022-26907 | Azure SDK for .NET Information Disclosure Vulnerability |
CVE-2022-26904 | Windows User Profile Service Elevation of Privilege Vulnerability |
CVE-2022-26903 | Windows Graphics Component Remote Code Execution Vulnerability |
CVE-2022-26901 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2022-26898 | Azure Site Recovery Remote Code Execution Vulnerability |
CVE-2022-26897 | Azure Site Recovery Information Disclosure Vulnerability |
CVE-2022-26896 | Azure Site Recovery Information Disclosure Vulnerability |
CVE-2022-26832 | .NET Framework Denial of Service Vulnerability |
CVE-2022-26831 | Windows LDAP Denial of Service Vulnerability |
CVE-2022-26830 | DiskUsage.exe Remote Code Execution Vulnerability |
CVE-2022-26829 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26828 | Windows Bluetooth Driver Elevation of Privilege Vulnerability |
CVE-2022-26827 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability |
CVE-2022-26826 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26825 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26824 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26823 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26822 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26821 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26820 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26819 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26818 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26817 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26816 | Windows DNS Server Information Disclosure Vulnerability |
CVE-2022-26815 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26814 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26813 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26812 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26811 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-26810 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability |
CVE-2022-26809 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2022-26808 | Windows File Explorer Elevation of Privilege Vulnerability |
CVE-2022-26807 | Windows Work Folder Service Elevation of Privilege Vulnerability |
CVE-2022-26803 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26802 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26801 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26798 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26797 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26796 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26795 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26794 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26793 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26792 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26791 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26790 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26789 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26788 | PowerShell Elevation of Privilege Vulnerability |
CVE-2022-26787 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26786 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-26785 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability |
CVE-2022-26784 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability |
CVE-2022-26783 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability |
CVE-2022-24767 | GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account |
CVE-2022-24765 | GitHub: Uncontrolled search for the Git directory in Git for Windows |
CVE-2022-24550 | Windows Telephony Server Elevation of Privilege Vulnerability |
CVE-2022-24549 | Windows AppX Package Manager Elevation of Privilege Vulnerability |
CVE-2022-24548 | Microsoft Defender Denial of Service Vulnerability |
CVE-2022-24547 | Windows Digital Media Receiver Elevation of Privilege Vulnerability |
CVE-2022-24546 | Windows DWM Core Library Elevation of Privilege Vulnerability |
CVE-2022-24545 | Windows Kerberos Remote Code Execution Vulnerability |
CVE-2022-24544 | Windows Kerberos Elevation of Privilege Vulnerability |
CVE-2022-24543 | Windows Upgrade Assistant Remote Code Execution Vulnerability |
CVE-2022-24542 | Windows Win32k Elevation of Privilege Vulnerability |
CVE-2022-24541 | Windows Server Service Remote Code Execution Vulnerability |
CVE-2022-24540 | Windows ALPC Elevation of Privilege Vulnerability |
CVE-2022-24539 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability |
CVE-2022-24538 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability |
CVE-2022-24537 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2022-24536 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2022-24534 | Win32 Stream Enumeration Remote Code Execution Vulnerability |
CVE-2022-24533 | Remote Desktop Protocol Remote Code Execution Vulnerability |
CVE-2022-24532 | HEVC Video Extensions Remote Code Execution Vulnerability |
CVE-2022-24530 | Windows Installer Elevation of Privilege Vulnerability |
CVE-2022-24528 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2022-24527 | Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability |
CVE-2022-24521 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2022-24513 | Visual Studio Elevation of Privilege Vulnerability |
CVE-2022-24500 | Windows SMB Remote Code Execution Vulnerability |
CVE-2022-24499 | Windows Installer Elevation of Privilege Vulnerability |
CVE-2022-24498 | Windows iSCSI Target Service Information Disclosure Vulnerability |
CVE-2022-24496 | Local Security Authority (LSA) Elevation of Privilege Vulnerability |
CVE-2022-24495 | Windows Direct Show – Remote Code Execution Vulnerability |
CVE-2022-24494 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
CVE-2022-24493 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability |
CVE-2022-24492 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2022-24491 | Windows Network File System Remote Code Execution Vulnerability |
CVE-2022-24490 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability |
CVE-2022-24489 | Cluster Client Failover (CCF) Elevation of Privilege Vulnerability |
CVE-2022-24488 | Windows Desktop Bridge Elevation of Privilege Vulnerability |
CVE-2022-24487 | Windows Local Security Authority (LSA) Remote Code Execution Vulnerability |
CVE-2022-24486 | Windows Kerberos Elevation of Privilege Vulnerability |
CVE-2022-24485 | Win32 File Enumeration Remote Code Execution Vulnerability |
CVE-2022-24484 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability |
CVE-2022-24483 | Windows Kernel Information Disclosure Vulnerability |
CVE-2022-24481 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2022-24479 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability |
CVE-2022-24474 | Windows Win32k Elevation of Privilege Vulnerability |
CVE-2022-24473 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2022-24472 | Microsoft SharePoint Server Spoofing Vulnerability |
CVE-2022-23292 | Microsoft Power BI Spoofing Vulnerability |
CVE-2022-23268 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2022-23259 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability |
CVE-2022-23257 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2022-22009 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2022-22008 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2022-21983 | Win32 Stream Enumeration Remote Code Execution Vulnerability |
"*" indicates required fields
Receive the Latest Patch Tuesday Report for FREE Every Month