• Home
  • About
  • Contact us
  • Submit a News Releases
Tech News, Magazine & Review WordPress Theme 2017
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
Technovanguard — Be at the forefront of technology news
No Result
View All Result

Microsoft Patch Tuesday, April 2022 Edition

Justin Rowell by Justin Rowell
14.04.2022
Home Security

Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the U.S. National Security Agency (NSA).

Of particular concern this month is CVE-2022-24521, which is a “privilege escalation” vulnerability in the Windows common log file system driver. In its advisory, Microsoft said it received a report from the NSA that the flaw is under active attack.

“It’s not stated how widely the exploit is being used in the wild, but it’s likely still targeted at this point and not broadly available,” assessed Dustin Childs with Trend Micro’s Zero Day Initiative. “Go patch your systems before that situation changes.”

Nine of the updates pushed this week address problems Microsoft considers “critical,” meaning the flaws they fix could be abused by malware or malcontents to seize total, remote access to a Windows system without any help from the user.

Among the scariest critical bugs is CVE-2022-26809, a potentially “wormable” weakness in a core Windows component (RPC) that earned a CVSS score of 9.8 (10 being the worst). Microsoft said it believes exploitation of this flaw is more likely than not.

Other potentially wormable threats this month include CVE-2022-24491 and CVE-2022-24497, Windows Network File System (NFS) vulnerabilities that also clock in at 9.8 CVSS scores and are listed as “exploitation more likely by Microsoft.”

“These could be the kind of vulnerabilities which appeal to ransomware operators as they provide the potential to expose critical data,” said Kevin Breen, director of cyber threat research at Immersive Labs. “It is also important for security teams to note that NFS Role is not a default configuration for Windows devices.”

Speaking of wormable flaws, CVE-2022-24500 is a critical bug in the Windows Server Message Block (SMB).

“This is especially poignant as we approach the anniversary of WannaCry, which famously used the EternalBlue SMB vulnerability to propagate at great pace,” Breen added. “Microsoft advises blocking TCP port 445 at the perimeter firewall, which is strong advice regardless of this specific vulnerability. While this won’t stop exploitation from attackers inside the local network, it will prevent new attacks originating from the Internet.”

In addition, this month’s patch batch from Redmond brings updates for Exchange Server, Office, SharePoint Server, Windows Hyper-V, DNS Server, Skype for Business, .NET and Visual Studio, Windows App Store, and Windows Print Spooler components.

As it generally does on the second Tuesday of each month, Adobe released four patches addressing 70 vulnerabilities in Acrobat and Reader, Photoshop, After Effects, and Adobe Commerce. More information on those updates is available here.

For a complete rundown of all patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these patches, please drop a note about it here in the comments.


Next Post
Astronomers get a first peek at the birth of a baby gas giant

Astronomers get a first peek at the birth of a baby gas giant

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

John Wick 4 delayed to 2023

John Wick 4 delayed to 2023

23.12.2021
Magma Lingers at Different Depths on the Basis of Its Water Content

Magma Lingers at Different Depths on the Basis of Its Water Content

07.04.2022

Trending.

LANL Publishes Guide to Quantum Computer Programming

LANL Publishes Guide to Quantum Computer Programming

15.06.2022
A Global Ocean Biogeochemical Observatory Becomes a Reality

A Global Ocean Biogeochemical Observatory Becomes a Reality

21.03.2022
ROCK5 Model B : une carte de dev sous RK3588

ROCK5 Model B : une carte de dev sous RK3588

13.01.2022
7 Essentials You Need to Complete Your Twitch Streaming Setup

7 Essentials You Need to Complete Your Twitch Streaming Setup

15.12.2021
XT-ZB1 DevKit : un module Zigbee et Bluetooth RISC-V à 2€

XT-ZB1 DevKit : un module Zigbee et Bluetooth RISC-V à 2€

27.12.2021
Technovanguard — Be at the forefront of technology news

Technovanguard - The latest news from the world of IT and modern technologies.

Categories

  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
  • Без рубрики

Tags

FEATUREDNEWS

Recent News

Tech giants form Metaverse Standards Forum to promote collaboration

Tech giants form Metaverse Standards Forum to promote collaboration

26.06.2022
The Umbrella Academy cast shares their favorite group scenes from season 3

The Umbrella Academy cast shares their favorite group scenes from season 3

26.06.2022
  • Home
  • About
  • Contact us
  • Submit a News Releases

© 2021 technovanguard.com.

No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space

© 2021 technovanguard.com.