Qualys: the fixes of Patch Tuesday in April 2022

Tanium kommentiert aktiv ausgenutzten Google Chrome-Exploit

Microsoft Patch Tuesday: Summary

Microsoft fixed 145 vulnerabilities in the April update, including 17 vulnerabilities in Microsoft Edge, ten of which are classified as critical because they allow remote Code Execution (RCE). The current patch Tuesday also contains fixes for two zero-day vulnerabilities, one of which is known to be actively exploited (CVE-2022-24521) and the other is publicly available (CVE-2022-26904). Microsoft has fixed other issues in its software, including denial of Service, Elevation of Privilege, information disclosure, and spoofing vulnerabilities.

Coverage of multiple Microsoft products

The patches fix vulnerabilities on several Microsoft products, including but not limited to Azure, browser (Edge – Chromium), developer tools, Extended Security Update (ESU), Microsoft Dynamics, Microsoft Office, SQL Server, System Center and Windows.

  • CVE-2022-23259 | Microsoft Dynamics 365 (on-premises) Remote Code Execution (RCE)
    This vulnerability has a CVSSv3.1 score of 8.8/10 (Common Vulnerability Scoring System). An authenticated user could run a specially prepared trusted solution package to execute arbitrary SQL commands. From there, privilege escalation would allow the attacker to execute commands as a db_owner within his Dynamics 356 database. Exploiting the vulnerability is less likely.
  • CVE-2022-24491 and CVE-2022-24497 | Windows Network File System Remote Code Execution (RCE)
    This vulnerability has a CVSSv3.1 value of 9.8/10. An attacker could send a specially crafted network message of the NFS protocol to a vulnerable Windows machine, which could allow remote code execution. This vulnerability can only be exploited on systems where the NFS Role (Network File System) is enabled. Exploiting the vulnerability is more likely.
  • CVE-2022-24541 | Windows Server Service Remote Code Execution (RCE)
    This vulnerability has a CVSSv3.1 value of 8.8/10. The vulnerability requires that a user with an affected version of Windows access an infected server. An attacker would have to host a specially crafted server share or website. He cannot force the user to visit this specially designed server share or website, but must convince him to visit the server share or website. This is usually done through a phishing email or chat message. Microsoft offers remedies for this vulnerability: blocking TCP port 445 on the company’s firewall and following Microsoft’s guidelines for securing SMB traffic. Exploiting the vulnerability is less likely.
  • CVE-2022-24500 | Windows SMB Remote Code Execution (RCE) Vulnerability
    This vulnerability has a CVSSv3.1 value of 8.8/10. The same conditions and remedies apply here as for the CVE-2022-24541. In order for the vulnerability to be exploited, a user must additionally access an infected SMB server to retrieve data as part of an operating system API call.
  • CVE-2022-26809 | Remote Procedure Call (RPC) Runtime Remote Code Execution (RCE)
    This vulnerability has a CVSSv3.1 value of 9.8/10. To exploit this vulnerability, an attacker would have to send a specially crafted Remote Procedure Call (RPC) to an RPC host. This could lead to remote code execution (RCE) on the server side with the same permissions as the RPC service. The same remedies apply as above. Exploiting the vulnerability is more likely.

Software Outsourcing | Unreal Engine Development

Ready to see us in action:

More To Explore

IWanta.tech
Logo
Enable registration in settings - general
Have any project in mind?

Contact us:

small_c_popup.png