More than 100 vulnerabilities were patched by Microsoft on “Patch Tuesday”, which falls on the second Tuesday of each month. Two of the patched vulnerabilities were zero-days, which means they’re being actively exploited. The patched zero-days are tracked as CVE-2022-26904, which is a Windows user profile elevation of privileges (EoP) vulnerability and CVE 2022-24541, which is another EoP vulnerability, a Windows common log file system driver vulnerability.
The following are the impacted Microsoft products:
- Windows OS
- Microsoft Office
- Dynamics
- Edge
- Hyper-V
- File server
- Skype for Business
- Windows
- SMB
For more technical details see the following post in SANS ISC InfoSec Forums, Microsoft April 2022 Patch Tuesday.