Today’sVERTAlertaddressesMicrosoft’sApril2022SecurityUpdates.VERTisactivelyworkingoncoverageforthesevulnerabilitiesandexpectstoshipASPL-996onWednesday,April13th.In-The-Wild&DisclosedCVEsCVE-2022-24521Whilenotpreviouslypubliclydisclosed,MicrosoftisreportingthattheyhaveseenactiveexploitationofthisvulnerabilityinthewildVERT Threat Alert: April 2022 Patch Tuesday Analysis_HackDig : Dig high-quality web security articlesHackDig" />

HackDig : Dig high-quality web security articles

VERT Threat Alert: April 2022 Patch Tuesday Analysis

2022-04-12 17:52
span class="entry-content post-content">

Today’s VERT Alert addresses Microsoft’s April 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-996 on Wednesday, April 13th.

In-The-Wild & Disclosed CVEs


While not previously publicly disclosed, Microsoft is reporting that they have seen active exploitation of this vulnerability in the wild. The vulnerability can lead to elevation of privilege by exploiting a flaw in the Windows Common Log File System (CLFS) driver. CLFS is a general-purpose logging service that can be used by both user and kernel-mode software. Patches have been released for CLFS monthly since September 2021 with only one exception – November 2021. From September 2021 until today, we have seen 18 vulnerabilities patched within CLFS.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.


This publicly disclosed vulnerability in the Windows User Profile Service leads to elevation of privilege following successful exploitation. Microsoft has listed the attack complexity as high given that it relies on a race condition, however exploit code is already publicly available, including in the Metasploit framework.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be bold.
TagCVE CountCVEs
Windows File Explorer1CVE-2022-26808
Windows Upgrade Assistant1CVE-2022-24543
Windows Work Folder Service1CVE-2022-26807
Windows Fax Compose Form3CVE-2022-26916, CVE-2022-26917, CVE-2022-26918
Windows iSCSI Target Service1CVE-2022-24498
Microsoft Local Security Authority Server (lsasrv)1CVE-2022-24493
Windows Installer2CVE-2022-24530, CVE-2022-24499
Visual Studio3CVE-2022-24513, CVE-2022-24765, CVE-2022-24767
Windows Common Log File System Driver2CVE-2022-24521, CVE-2022-24481
Windows Ancillary Function Driver for WinSock1CVE-2022-24494
Microsoft Windows ALPC2CVE-2022-24482, CVE-2022-24540
Windows PowerShell1CVE-2022-26788
Microsoft Office SharePoint1CVE-2022-24472
Windows Feedback Hub1CVE-2022-24479
Active Directory Domain Services2CVE-2022-26814, CVE-2022-26817
Windows Local Security Authority Subsystem Service2CVE-2022-24496, CVE-2022-24487
Windows Network File System2CVE-2022-24491, CVE-2022-24497
Windows Cluster Client Failover1CVE-2022-24489
Microsoft Windows Media Foundation1CVE-2022-24495
Microsoft Office Excel2CVE-2022-24473, CVE-2022-26901
Microsoft Graphics Component2CVE-2022-26920, CVE-2022-26903
Azure SDK1CVE-2022-26907
Windows Kernel1CVE-2022-24483
Windows DWM Core Library1CVE-2022-24546
Windows User Profile Service1CVE-2022-26904
Windows Telephony Server1CVE-2022-24550
Windows RDP1CVE-2022-24533
Windows Defender1CVE-2022-24548
Azure Site Recovery3CVE-2022-26896, CVE-2022-26897, CVE-2022-26898
Windows schannel1CVE-2022-26915
Windows Endpoint Configuration Manager1CVE-2022-24527
Windows File Server2CVE-2022-26810, CVE-2022-26827
Power BI1CVE-2022-23292
.NET Framework1CVE-2022-26832
Visual Studio Code1CVE-2022-26921
Role: DNS Server16CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-24536, CVE-2022-26815, CVE-2022-26816, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829
Windows Media1CVE-2022-24547
Windows Win32K3CVE-2022-24474, CVE-2022-26914, CVE-2022-24542
Windows AppX Package Manager1CVE-2022-24549
Windows Kerberos3CVE-2022-24486, CVE-2022-24544, CVE-2022-24545
Skype for Business2CVE-2022-26910, CVE-2022-26911
Microsoft Windows Codecs Library1CVE-2022-24532
LDAP – Lightweight Directory Access Protocol2CVE-2022-26919, CVE-2022-26831
Windows Print Spooler Components15CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803
Role: Windows Hyper-V9CVE-2022-22008, CVE-2022-22009, CVE-2022-23257, CVE-2022-23268, CVE-2022-24537, CVE-2022-24490, CVE-2022-24539, CVE-2022-26783, CVE-2022-26785
Windows App Store1CVE-2022-24488
Microsoft Edge (Chromium-based)26CVE-2022-24523, CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912, CVE-2022-1125, CVE-2022-1127, CVE-2022-1128, CVE-2022-1129, CVE-2022-1130, CVE-2022-1131, CVE-2022-1133, CVE-2022-1134, CVE-2022-1135, CVE-2022-1136, CVE-2022-1137, CVE-2022-1138, CVE-2022-1143, CVE-2022-1145, CVE-2022-1146, CVE-2022-1139, CVE-2022-1232
Windows Remote Procedure Call Runtime3CVE-2022-24528, CVE-2022-24492, CVE-2022-26809
YARP reverse proxy1CVE-2022-26924
Microsoft Bluetooth Driver1CVE-2022-26828
Microsoft Dynamics1CVE-2022-23259
Windows SMB6CVE-2022-21983, CVE-2022-24485, CVE-2022-24534, CVE-2022-24500, CVE-2022-24541, CVE-2022-26830
Windows Cluster Shared Volume (CSV)3CVE-2022-24484, CVE-2022-24538, CVE-2022-26784

Other Information

There were no new advisories included with the April Security Guidance.

Source: ylana-yadseut-hctap-2202-lirpa-trela-taerht-trev/derutaef/ytiruces-fo-etats/moc.eriwpirt.www

Read:2126 | Comments:0 | Tags:Featured Articles VERT CVE Patch Tuesday

“VERT Threat Alert: April 2022 Patch Tuesday Analysis”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud