Microsoft Patches Over 100 Vulnerabilities Including 2 Zero-Days

More than 100 vulnerabilities were patched by Microsoft on “Patch Tuesday”, which falls on the second Tuesday of each month. Two of the patched vulnerabilities were zero-days, which means they’re being actively exploited. The patched zero-days  are tracked as CVE-2022-26904, which is a Windows user profile elevation of privileges (EoP) vulnerability and CVE 2022-24541, which is another EoP vulnerability, a Windows common log file system driver vulnerability. 

The following are the impacted Microsoft products:

  • Windows OS
  • Microsoft Office 
  • Dynamics
  • Edge
  • Hyper-V
  • File server
  • Skype for Business
  • Windows 
  • SMB

For more technical details see the following post in SANS ISC InfoSec Forums, Microsoft April 2022 Patch Tuesday.

Resources: