Microsoft Patch Tuesday, April 2022 Edition – Krebs on Security

Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the US National Security Agency (NSA).

Of particular concern this month is CVE-2022-24521, which is a “privilege escalation” vulnerability in the Windows common log file system driver. In its advisory, Microsoft said it received a report from the NSA that the flaw is under active attack.

“It’s not stated how widely the exploit is being used in the wild, but it’s likely still targeted at this point and not widely available,” assessed Dustin Childs with Trend Micro’s Zero Day Initiative. “Go patch your systems before that situation changes.”

Nine of the updates pushed this week address problems Microsoft considers “critical,” meaning the flaws they fix could be abused by malware or malcontents to seize total, remote access to a Windows system without any help from the user.

Among the scariest critical bugs is CVE-2022-26809, a potentially “wormable” weakness in a core Windows component (RPC) that earned a CVSS score of 9.8 (10 being the worst). Microsoft said it believes exploitation of this flaw is more likely than not.

Other potentially wormable threats this month include CVE-2022-24491 and CVE-2022-24497Windows Network File System (NFS) vulnerabilities that also clock in at 9.8 CVSS scores and are listed as “exploitation more likely by Microsoft.”

“These could be the kind of vulnerabilities which appeal to ransomware operators as they provide the potential to expose critical data,” said Kevin Breendirector of cyber threat research at Immersive Labs. “It is also important for security teams to note that NFS Role is not a default configuration for Windows devices.”

Speaking of wormable flaws, CVE-2022-24500 is a critical bug in the Windows Server Message Block (SMB).

“This is especially poignant as we approach the anniversary of WannaCry, which famously used the EternalBlue SMB vulnerability to propagate at great pace,” Breen added. Microsoft advises blocking TCP port 445 at the perimeter firewall, which is strong advice regardless of this specific vulnerability. While this will not stop exploitation from attackers inside the local network, it will prevent new attacks originating from the Internet. ”

In addition, this month’s patch batch from Redmond brings updates for Exchange Server, Office, SharePoint Server, Windows Hyper-V, DNS Server, Skype for Business, .NET and Visual Studio, Windows App Storeand Windows Print Spooler components.

As it generally does on the second Tuesday of each month, Adobe released four patches addressing 70 vulnerabilities in Acrobat and Reader, Photoshop, After Effectsand Adobe Commerce. More information on those updates is available here.

For a complete rundown of all patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these patches, please drop a note about it here in the comments.

Source

Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the US National Security Agency (NSA).

Of particular concern this month is CVE-2022-24521, which is a “privilege escalation” vulnerability in the Windows common log file system driver. In its advisory, Microsoft said it received a report from the NSA that the flaw is under active attack.

“It’s not stated how widely the exploit is being used in the wild, but it’s likely still targeted at this point and not widely available,” assessed Dustin Childs with Trend Micro’s Zero Day Initiative. “Go patch your systems before that situation changes.”

Nine of the updates pushed this week address problems Microsoft considers “critical,” meaning the flaws they fix could be abused by malware or malcontents to seize total, remote access to a Windows system without any help from the user.

Among the scariest critical bugs is CVE-2022-26809, a potentially “wormable” weakness in a core Windows component (RPC) that earned a CVSS score of 9.8 (10 being the worst). Microsoft said it believes exploitation of this flaw is more likely than not.

Other potentially wormable threats this month include CVE-2022-24491 and CVE-2022-24497Windows Network File System (NFS) vulnerabilities that also clock in at 9.8 CVSS scores and are listed as “exploitation more likely by Microsoft.”

“These could be the kind of vulnerabilities which appeal to ransomware operators as they provide the potential to expose critical data,” said Kevin Breendirector of cyber threat research at Immersive Labs. “It is also important for security teams to note that NFS Role is not a default configuration for Windows devices.”

Speaking of wormable flaws, CVE-2022-24500 is a critical bug in the Windows Server Message Block (SMB).

“This is especially poignant as we approach the anniversary of WannaCry, which famously used the EternalBlue SMB vulnerability to propagate at great pace,” Breen added. Microsoft advises blocking TCP port 445 at the perimeter firewall, which is strong advice regardless of this specific vulnerability. While this will not stop exploitation from attackers inside the local network, it will prevent new attacks originating from the Internet. ”

In addition, this month’s patch batch from Redmond brings updates for Exchange Server, Office, SharePoint Server, Windows Hyper-V, DNS Server, Skype for Business, .NET and Visual Studio, Windows App Storeand Windows Print Spooler components.

As it generally does on the second Tuesday of each month, Adobe released four patches addressing 70 vulnerabilities in Acrobat and Reader, Photoshop, After Effectsand Adobe Commerce. More information on those updates is available here.

For a complete rundown of all patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these patches, please drop a note about it here in the comments.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Apple patches zero-day kernel hole and much more – update now! – Naked Security

Apple's latest security updates have arrived. All still-supported flavors of macOS (Monterey, Big Sur and Catalina), as well as all current mobile devices (iPhones, iPads,...

Half of global CISOs feel their organization is unprepared to deal with cyberattacks

Human error is considered by IT executives to be the biggest vulnerability for organizations...

What IT leaders from BlackBerry, CN and Microsoft Canada and more predict for the future of InfoSec

In his decades-long career in cybersecurity and threat detection, John McClurg has engaged in the "perpetual dance" with adversaries large and small. "As the years...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!