More than 100 vulnerabilities were patched by Microsoft on “Patch Tuesday”, which falls on the second Tuesday of each month. Two of the patched vulnerabilities were zero-days, which means they’re being actively exploited. The patched zero-days  are tracked as CVE-2022-26904, which is a Windows user profile elevation of privileges (EoP) vulnerability and CVE 2022-24541, which is another EoP vulnerability, a Windows common log file system driver vulnerability. 

The following are the impacted Microsoft products:

• Windows OS
• Microsoft Office 
• Dynamics
• Edge
• Hyper-V
• File server
• Skype for Business
• Windows 
• SMB

For more technical details see the following post in SANS ISC InfoSec Forums, Microsoft April 2022 Patch Tuesday.

Resources: 

• Krebs on Security, Microsoft Patch Tuesday April 2022 Edition.
• ZDNet, Microsoft’s April 2022 Patch Tuesday tackles two zero-day vulnerabilities