RPC Vulnerability Stands Out in a Field of 129 in April

Credit to Author: Christopher Budd| Date: Tue, 12 Apr 2022 17:45:37 +0000

You can almost think of the April 2022 Patch Tuesday release as having a bark that’s worse than its bite. 

At first blush, this is a very large month in terms of numbers of vulnerabilities (CVEs) addressed: 128. 

However, even though this is a heavy month in terms of quantity, it’s actually not as bad a month as one might expect. 

That said, there’s one vulnerability that does stand out: CVE-2022-26809 RPC Runtime Library Remote Code Execution Vulnerability, a Critical-severity RPC vulnerability with no mitigating factors, low attack complexity, a greater-than-average likelihood of exploitation, and impact on all versions of Windows from Windows 7 onwards. Even more unnerving for infosecurity veterans, RPC was the vulnerable component behind the crippling Blaster worm attacks in 2003. 

Aside from that eye-catching vulnerability, the rest of this large release is more about quantity than severity. Only nine of the remaining vulnerabilities are rated “Critical,” three are rated “Moderate,” and the remaining vulnerabilities are rated as “Important.” Though counted in the tally of 128, one CVE this month is technically a Defense-in-Depth release rather than a true vulnerability according to Microsoft’s classification scheme. 

There are no Critical-class vulnerabilities that are publicly disclosed or exploited at time of release.  

In fact, there is only vulnerability listed as exploited, CVE-2022-24521 Windows Common Log File System Driver Elevation of Privilege Vulnerability, and only one vulnerability, CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability, publicly disclosed. Both are rated “Important.” 

Even in terms of likelihood of exploitability, this month is relatively light. Only eleven of the 128 are listed as “Exploitation More Likely,” and aside from the RPC vulnerability, only two others of these are rated “Critical”: CVE-2022-24491 Windows Network File System Remote Code Execution Vulnerability and CVE-2022-24497 Windows Network File System Remote Code Execution Vulnerability. 

This month’s release covers a range of products. The overwhelming majority of patches are for Microsoft Windows and its components. These include the most notable vulnerabilities this month. Other products affected include Microsoft Edge, .NET and Visual Studio, Defender, Office, and a handful of lesser-known and less-deployed products.  

You can find a complete breakdown of the vulnerabilities by severity and impact, product, and exploitability at the end in the Appendix. 

Below we highlight some of the most notable vulnerabilities to be considered in April’s risk assessment and deployment prioritization. 

 

 

Notable Vulnerabilities 

RPC, SMB, and NFS 

Five vulnerabilities — half of this month’s critical vulnerabilities — affect networking protocols and capabilities, specifically RPC, SMB, and NFS. 

Of the four vulnerabilities affecting RPC, the vulnerability described above (CVE-2022-26809) is rated as critical, with no mitigating factors listed and “Exploitation More Likely.” These points plus RPC’s role in past attacks like Blaster mean this vulnerability should also have a high prioritization. The remaining three RPC vulnerabilities also have mitigating factors that would likely make successful attacks more difficult, rating them as “Important” in severity. 

This month there are six RCE vulnerabilities affecting SMB. Two (CVE-2022-24500 and CVE-2022-24541) are rated as “Critical,” but Microsoft notes “For vulnerability to be exploited, a user would need to access a malicious SMB server to retrieve some data as part of an OS API call.” This would seem to imply some level of mitigation, but the critical rating and SMBs role in major security events like EternalBlue means these vulnerabilities should be highly prioritized. The four non-Critical SMB vulnerabilities have specific requirements that would appear to make successful attacks against these more difficult, which is why they’re rated as “Important”. 

The two vulnerabilities affecting NFS (CVE-2022-24491 and CVE-2022-24497) are rated “Critical” and also “Exploitation More Likely.” However, the vulnerable component is not installed and enabled on Windows by default. This means these critical vulnerabilities only affect Windows Server “when the server administrator uses the Add Roles and Features Wizard to add the Server NFS role service.” In short, if you run NFS on Windows Server, this is a high-priority patch. But if you don’t, you can skip these patches. 

Hyper-V 

Three of this month’s critical vulnerabilities affect Windows Hyper-V (CVE-2022-22008, CVE-2022-23257 and CVE-2022-24537).  There are an additional six “Important” vulnerabilities affecting Hyper-V. 

CVE-2022-23257 is notable because a successful attack would require an attacker to load and run a specially crafted application on a Hyper-V guest.  

CVE-2022-24537 is notable because Microsoft notes “To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script within a Hyper-V guest instance running on a nested Hyper-V host instance.” While this is rated Critical in severity, it would seem to require a very specific scenario for exploitation. 

Microsoft Dynamics 365 (on-premises) 

The remaining critical vulnerability this month affects Microsoft Dynamics 365 (on-premises). Microsoft patched a critical vulnerability in this particular product in February 2022 as well. To exploit this vulnerability, an attacker would need to be an authenticated user who could run a specially crafted trusted solution package to execute arbitrary SQL commands. Once they had accomplished that, the attacker could escalate and execute commands as db_owner within their Dynamics 356 database. 

LDAP 

There are two vulnerabilities affecting LDAP this month. One of these CVE-2022-26919 Windows LDAP Remote Code Execution Vulnerability is rated as critical. On the one hand, this vulnerability is remotely exploitable over the network by a standard user who has been authenticated in the domain. On the other hand, Microsoft notes that this has “high complexity” for any attack and that an attack is not possible unless the default setting for MaxReceiveBuffer has been changed. However, as we discuss below, there are a number of non-critical vulnerabilities affecting Active Directory as well, so it makes sense to prioritize this along with those. 

Active Directory 

This month there are two Important-rated remote code execution (RCE) vulnerabilities affecting Active Directory (CVE-2022-26814 and CVE-2022-26817). Both of these are race condition vulnerabilities and both require privileges to query the Domain Name Service (DNS) on the vulnerable system. These are important mitigating factors for the vulnerabilities. A successful attack could enable code execution in the Active Directory service. So, while there are notable mitigating factors, an attacker’s ability to potentially compromise an organization’s active directory and create privileged accounts could allow these vulnerabilities to be used as part of an attacker’s lateral movement on the network if compromised. 

DNS 

This month there are 16 vulnerabilities affecting DNS. All but two of these are RCEs. Of the others, one (CVE-2022-26816) is a denial of service (DoS) vulnerability and the other (CVE-2022-26829) is an elevation of privilege (EoP) vulnerability. Several, but not all, of the RCEs have a mitigating factor: An attacker would need to be a member of the DNS Admins group to carry out a successful attack. Given the number of vulnerabilities being addressed and the importance of DNS, in this month’s release it makes sense to make the bundle of DNS patches a priority for your risk assessment and deployment. 

Print Spooler 

With the PrintNightmare situation over the summer of 2021, this is a component that has been under scrutiny and attack and thus cause for concern. This month’s patches for Print Spooler mirror the tenor of this month’s overall release: heavy in quantity but less severe than might be expected. 

In total there are 15 vulnerabilities in the Print Spooler being addressed. However, all of these are rated “Important,” all are EoPs, none are publicly disclosed, none are currently under exploit, and all are rated “Exploitability Less Likely.” 

Because of the number of vulnerabilities in this component it makes sense to give some priority to these updates, but these are clearly less urgent for your prioritization for risk assessment and deployment. 

 

Sophos protection 

 

As you can do every month, if you don’t want to wait for your system to pull down the updates itself, you can download them manually from the Windows Update Catalog website. (The exceptions this month, as noted above, are the 11 patches handled via the Microsoft Store.) Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your particular system’s architecture and build number. 

Appendix 

Vulnerability Severity and Impact 

Below is a breakdown of the vulnerabilities by impact and severity. 

Remote code execution (RCE) 

Critical: 

  1. CVE-2022-23259 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
  2. CVE-2022-26809 RPC Runtime Library Remote Code Execution Vulnerability
  3. CVE-2022-22008 Windows Hyper-V Remote Code Execution Vulnerability
  4. CVE-2022-23257 Windows Hyper-V Remote Code Execution Vulnerability
  5. CVE-2022-24537 Windows Hyper-V Remote Code Execution Vulnerability
  6. CVE-2022-24491 Windows Network File System Remote Code Execution Vulnerability
  7. CVE-2022-24497 Windows Network File System Remote Code Execution Vulnerability
  8. CVE-2022-24500 Windows SMB Remote Code Execution Vulnerability
  9. CVE-2022-24541 Windows SMB Remote Code Execution Vulnerability
  10. CVE-2022-26919 Windows LDAP Remote Code Execution Vulnerability 

Important:  

  1. CVE-2022-26814 Active Directory Domain Services Remote Code Execution Vulnerability 
  2. CVE-2022-26817 Active Directory Domain Services Remote Code Execution Vulnerability 
  3. CVE-2022-26898 Azure Site Recovery Remote Code Execution Vulnerability 
  4. CVE-2022-24532 HEVC Video Extensions Remote Code Execution Vulnerability 
  5. CVE-2022-24475 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 
  6. CVE-2022-26901 Microsoft Excel Remote Code Execution Vulnerability 
  7. CVE-2022-24533 Remote Desktop Protocol Remote Code Execution Vulnerability 
  8. CVE-2022-24492 Remote Procedure Call Runtime Remote Code Execution Vulnerability 
  9. CVE-2022-24528 Remote Procedure Call Runtime Remote Code Execution Vulnerability 
  10. CVE-2022-24495 Windows Direct Show – Remote Code Execution Vulnerability 
  11. CVE-2022-26829 Windows DNS Elevation of Privilege Vulnerability 
  12. CVE-2022-24536 Windows DNS Server Remote Code Execution Vulnerability 
  13. CVE-2022-26811 Windows DNS Server Remote Code Execution Vulnerability 
  14. CVE-2022-26812 Windows DNS Server Remote Code Execution Vulnerability 
  15. CVE-2022-26813 Windows DNS Server Remote Code Execution Vulnerability 
  16. CVE-2022-26815 Windows DNS Server Remote Code Execution Vulnerability 
  17. CVE-2022-26818 Windows DNS Server Remote Code Execution Vulnerability 
  18. CVE-2022-26819 Windows DNS Server Remote Code Execution Vulnerability 
  19. CVE-2022-26820 Windows DNS Server Remote Code Execution Vulnerability 
  20. CVE-2022-26821 Windows DNS Server Remote Code Execution Vulnerability 
  21. CVE-2022-26822 Windows DNS Server Remote Code Execution Vulnerability 
  22. CVE-2022-26823 Windows DNS Server Remote Code Execution Vulnerability 
  23. CVE-2022-26824 Windows DNS Server Remote Code Execution Vulnerability 
  24. CVE-2022-26825 Windows DNS Server Remote Code Execution Vulnerability 
  25. CVE-2022-26826 Windows DNS Server Remote Code Execution Vulnerability 
  26. CVE-2022-26903 Windows Graphics Component Remote Code Execution Vulnerability 
  27. CVE-2022-22009 Windows Hyper-V Remote Code Execution Vulnerability 
  28. CVE-2022-24543 Windows Installer Remote Code Execution Vulnerability 
  29. CVE-2022-24545 Windows Kerberos Remote Code Execution Vulnerability 
  30. CVE-2022-24487 Windows Local Security Authority Subsystem Service Remote Code Execution Vulnerability 
  31. CVE-2022-21983 Windows SMB Remote Code Execution Vulnerability 
  32. CVE-2022-24485 Windows SMB Remote Code Execution Vulnerability 
  33. CVE-2022-24534 Windows SMB Remote Code Execution Vulnerability 
  34. CVE-2022-26830 Windows SMB Remote Code Execution Vulnerability 
  35. CVE-2022-24473 Microsoft Excel Remote Code Execution Vulnerability 
  36. CVE-2022-26916 Windows Fax Compose Form Remote Code Execution Vulnerability 
  37. CVE-2022-26917 Windows Fax Compose Form Remote Code Execution Vulnerability 
  38. CVE-2022-26918 Windows Fax Compose Form Remote Code Execution Vulnerability 

Elevation of privilege (EoP) 

Important:  

  1. CVE-2022-26896 Azure Site Recovery Elevation of Privilege Vulnerability 
  2. CVE-2022-26897 Azure Site Recovery Elevation of Privilege Vulnerability 
  3. CVE-2022-24479 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability 
  4. CVE-2022-24496 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability 
  5. CVE-2022-26891 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 
  6. CVE-2022-26894 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 
  7. CVE-2022-26895 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 
  8. CVE-2022-26900 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 
  9. CVE-2022-26908 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 
  10. CVE-2022-26788 PowerShell Elevation of Privilege Vulnerability 
  11. CVE-2022-24765 Uncontrolled search for the Git directory in Git for Windows 
  12. CVE-2022-24513 Visual Studio Elevation of Privilege Vulnerability 
  13. CVE-2022-24482 Windows ALPC Elevation of Privilege Vulnerability 
  14. CVE-2022-24540 Windows ALPC Elevation of Privilege Vulnerability 
  15. CVE-2022-24494 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 
  16. CVE-2022-24549 Windows AppX Package Manager Elevation of Privilege Vulnerability 
  17. CVE-2022-26828 Windows Bluetooth Driver Elevation of Privilege Vulnerability 
  18. CVE-2022-24538 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability 
  19. CVE-2022-24489 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability 
  20. CVE-2022-24481 Windows Common Log File System Driver Elevation of Privilege Vulnerability 
  21. CVE-2022-24521 Windows Common Log File System Driver Elevation of Privilege Vulnerability 
  22. CVE-2022-24488 Windows Desktop Bridge Elevation of Privilege Vulnerability 
  23. CVE-2022-24547 Windows Digital Media Receiver Elevation of Privilege Vulnerability 
  24. CVE-2022-24546 Windows DWM Core Library Elevation of Privilege Vulnerability 
  25. CVE-2022-24527 Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability 
  26. CVE-2022-26808 Windows File Explorer Elevation of Privilege Vulnerability 
  27. CVE-2022-26810 Windows File Server Resource Management Service Elevation of Privilege Vulnerability 
  28. CVE-2022-26827 Windows File Server Resource Management Service Elevation of Privilege Vulnerability 
  29. CVE-2022-24499 Windows Installer Elevation of Privilege Vulnerability 
  30. CVE-2022-24530 Windows Installer Elevation of Privilege Vulnerability 
  31. CVE-2022-24486 Windows Kerberos Elevation of Privilege Vulnerability 
  32. CVE-2022-24544 Windows Kerberos Elevation of Privilege Vulnerability 
  33. CVE-2022-26786 Windows Print Spooler Elevation of Privilege Vulnerability 
  34. CVE-2022-26787 Windows Print Spooler Elevation of Privilege Vulnerability 
  35. CVE-2022-26789 Windows Print Spooler Elevation of Privilege Vulnerability 
  36. CVE-2022-26790 Windows Print Spooler Elevation of Privilege Vulnerability 
  37. CVE-2022-26791 Windows Print Spooler Elevation of Privilege Vulnerability 
  38. CVE-2022-26792 Windows Print Spooler Elevation of Privilege Vulnerability 
  39. CVE-2022-26793 Windows Print Spooler Elevation of Privilege Vulnerability 
  40. CVE-2022-26794 Windows Print Spooler Elevation of Privilege Vulnerability 
  41. CVE-2022-26795 Windows Print Spooler Elevation of Privilege Vulnerability 
  42. CVE-2022-26796 Windows Print Spooler Elevation of Privilege Vulnerability 
  43. CVE-2022-26797 Windows Print Spooler Elevation of Privilege Vulnerability 
  44. CVE-2022-26798 Windows Print Spooler Elevation of Privilege Vulnerability 
  45. CVE-2022-26801 Windows Print Spooler Elevation of Privilege Vulnerability 
  46. CVE-2022-26802 Windows Print Spooler Elevation of Privilege Vulnerability 
  47. CVE-2022-26803 Windows Print Spooler Elevation of Privilege Vulnerability 
  48. CVE-2022-24550 Windows Telephony Server Elevation of Privilege Vulnerability 
  49. CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability 
  50. CVE-2022-24474 Windows Win32k Elevation of Privilege Vulnerability 
  51. CVE-2022-24542 Windows Win32k Elevation of Privilege Vulnerability 
  52. CVE-2022-26807 Windows Work Folder Service Elevation of Privilege Vulnerability 
  53. CVE-2022-24767 GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account 
  54. CVE-2022-26914 Win32k Elevation of Privilege Vulnerability 
  55. CVE-2022-26921 Visual Studio Code Elevation of Privilege Vulnerability 

Moderate: 

  1. CVE-2022-26909 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 
  2. CVE-2022-26912 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 

Denial of service (DoS) – Important 

  1. CVE-2022-26831 LDAP Denial of Service Vulnerability 
  2. CVE-2022-26832 Microsoft .NET Framework and ASP.NET Information Disclosure 
  3. CVE-2022-24548 Microsoft Defender Denial of Service Vulnerability 
  4. CVE-2022-24484 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability 
  5. CVE-2022-26784 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability 
  6. CVE-2022-26816 Windows DNS Server Denial of Service Vulnerability 
  7. CVE-2022-23268 Windows Hyper-V Denial of Service Vulnerability 
  8. CVE-2022-26915 Windows Secure Channel Denial of Service Vulnerability 
  9. CVE-2022-26924 YARP Denial of Service Vulnerability 

Information disclosure – Important 

  1. CVE-2022-24493 Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability 
  2. CVE-2022-26911 Skype for Business Information Disclosure Vulnerability 
  3. CVE-2022-24490 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability 
  4. CVE-2022-24539 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability 
  5. CVE-2022-26783 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability 
  6. CVE-2022-26785 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability 
  7. CVE-2022-24498 Windows iSCSI Target Service Information Disclosure 
  8. CVE-2022-24483 Windows Kernel Information Disclosure Vulnerability 
  9. CVE-2022-26920 Windows Graphics Component Information Disclosure Vulnerability 

Spoofing: 

Important 

  1. CVE-2022-23292 Microsoft Power BI Spoofing Vulnerability 
  2. CVE-2022-24472 Microsoft SharePoint Server Spoofing Vulnerability 
  3. CVE-2022-26910 Skype for Business and Lync Spoofing Vulnerability 

Moderate 

  1. CVE-2022-24523 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Defense in Depth Important: 

  1. CVE-2022-26907 Azure SDK for .NET Information Disclosure Vulnerability 

Exploitability Indexes 

Below are the vulnerabilities marked as “Exploitation more likely”.  This month the Exploitability Indexes are identical for both latest and older software. 

  1. CVE-2022-26809 RPC Runtime Library Remote Code Execution Vulnerability 
  2. CVE-2022-24481 Windows Common Log File System Driver Elevation of Privilege Vulnerability 
  3. CVE-2022-24521 Windows Common Log File System Driver Elevation of Privilege Vulnerability 
  4. CVE-2022-24547 Windows Digital Media Receiver Elevation of Privilege Vulnerability 
  5. CVE-2022-24546 Windows DWM Core Library Elevation of Privilege Vulnerability 
  6. CVE-2022-24491 Windows Network File System Remote Code Execution Vulnerability 
  7. CVE-2022-24497 Windows Network File System Remote Code Execution Vulnerability 
  8. CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability 
  9. CVE-2022-24474 Windows Win32k Elevation of Privilege Vulnerability 
  10. CVE-2022-24542 Windows Win32k Elevation of Privilege Vulnerability 
  11. CVE-2022-26914 Win32k Elevation of Privilege Vulnerability 

Products Affected 

.NET and Visual Studio 

  1. CVE-2022-26832 Microsoft .NET Framework and ASP.NET Information Disclosure 
  2. CVE-2022-24765 Uncontrolled search for the Git directory in Git for Windows 
  3. CVE-2022-24513 Visual Studio Elevation of Privilege Vulnerability 
  4. CVE-2022-26907 Azure SDK for .NET Information Disclosure Vulnerability 
  5. CVE-2022-24767 GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account 
  6. CVE-2022-26921 Visual Studio Code Elevation of Privilege Vulnerability 
  7. CVE-2022-26924 YARP Denial of Service Vulnerability 

Azure Site Recovery 

  1. CVE-2022-26896 Azure Site Recovery Elevation of Privilege Vulnerability 
  2. CVE-2022-26897 Azure Site Recovery Elevation of Privilege Vulnerability 
  3. CVE-2022-26898 Azure Site Recovery Remote Code Execution Vulnerability 

Microsoft Defender

  1. CVE-2022-24548 Microsoft Defender Denial of Service Vulnerability  

Microsoft Dynamics 

  1. CVE-2022-23259 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability 

Microsoft Edge 

  1. CVE-2022-26891 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 
  2. CVE-2022-26894 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 
  3. CVE-2022-26895 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 
  4. CVE-2022-26900 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 
  5. CVE-2022-26908 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 
  6. CVE-2022-26909 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 
  7. CVE-2022-24475 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 
  8. CVE-2022-24523 Microsoft Edge (Chromium-based) Spoofing Vulnerability  
  9. CVE-2022-26912 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 

Microsoft Office 

  1. CVE-2022-26901 Microsoft Excel Remote Code Execution Vulnerability 
  2. CVE-2022-24472 Microsoft SharePoint Server Spoofing Vulnerability 
  3. CVE-2022-24473 Microsoft Excel Remote Code Execution Vulnerability 

Microsoft Power BI 

  1. CVE-2022-23292 Microsoft Power BI Spoofing Vulnerability 

Microsoft Skype for Business 

  1. CVE-2022-26910 Skype for Business and Lync Spoofing Vulnerability 
  2. CVE-2022-26911 Skype for Business Information Disclosure Vulnerability 

Microsoft Windows 

  1. CVE-2022-26814 Active Directory Domain Services Remote Code Execution Vulnerability 
  2. CVE-2022-26817 Active Directory Domain Services Remote Code Execution Vulnerability 
  3. CVE-2022-24479 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability 
  4. CVE-2022-24532 HEVC Video Extensions Remote Code Execution Vulnerability 
  5. CVE-2022-26831 LDAP Denial of Service Vulnerability 
  6. CVE-2022-24496 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability 
  7. CVE-2022-24493 Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability 
  8. CVE-2022-26788 PowerShell Elevation of Privilege Vulnerability 
  9. CVE-2022-24533 Remote Desktop Protocol Remote Code Execution Vulnerability 
  10. CVE-2022-24492 Remote Procedure Call Runtime Remote Code Execution Vulnerability 
  11. CVE-2022-24528 Remote Procedure Call Runtime Remote Code Execution Vulnerability 
  12. CVE-2022-26809 RPC Runtime Library Remote Code Execution Vulnerability 
  13. CVE-2022-24482 Windows ALPC Elevation of Privilege Vulnerability 
  14. CVE-2022-24540 Windows ALPC Elevation of Privilege Vulnerability 
  15. CVE-2022-24494 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 
  16. CVE-2022-24549 Windows AppX Package Manager Elevation of Privilege Vulnerability 
  17. CVE-2022-26828 Windows Bluetooth Driver Elevation of Privilege Vulnerability 
  18. CVE-2022-24484 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability 
  19. CVE-2022-24538 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability 
  20. CVE-2022-26784 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability 
  21. CVE-2022-24489 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability 
  22. CVE-2022-24481 Windows Common Log File System Driver Elevation of Privilege Vulnerability 
  23. CVE-2022-24521 Windows Common Log File System Driver Elevation of Privilege Vulnerability 
  24. CVE-2022-24488 Windows Desktop Bridge Elevation of Privilege Vulnerability 
  25. CVE-2022-24547 Windows Digital Media Receiver Elevation of Privilege Vulnerability 
  26. CVE-2022-24495 Windows Direct Show – Remote Code Execution Vulnerability 
  27. CVE-2022-26829 Windows DNS Elevation of Privilege Vulnerability 
  28. CVE-2022-26816 Windows DNS Server Denial of Service Vulnerability 
  29. CVE-2022-24536 Windows DNS Server Remote Code Execution Vulnerability 
  30. CVE-2022-26811 Windows DNS Server Remote Code Execution Vulnerability 
  31. CVE-2022-26812 Windows DNS Server Remote Code Execution Vulnerability 
  32. CVE-2022-26813 Windows DNS Server Remote Code Execution Vulnerability 
  33. CVE-2022-26815 Windows DNS Server Remote Code Execution Vulnerability 
  34. CVE-2022-26818 Windows DNS Server Remote Code Execution Vulnerability 
  35. CVE-2022-26819 Windows DNS Server Remote Code Execution Vulnerability 
  36. CVE-2022-26820 Windows DNS Server Remote Code Execution Vulnerability 
  37. CVE-2022-26821 Windows DNS Server Remote Code Execution Vulnerability 
  38. CVE-2022-26822 Windows DNS Server Remote Code Execution Vulnerability 
  39. CVE-2022-26823 Windows DNS Server Remote Code Execution Vulnerability 
  40. CVE-2022-26824 Windows DNS Server Remote Code Execution Vulnerability 
  41. CVE-2022-26825 Windows DNS Server Remote Code Execution Vulnerability 
  42. CVE-2022-26826 Windows DNS Server Remote Code Execution Vulnerability 
  43. CVE-2022-24546 Windows DWM Core Library Elevation of Privilege Vulnerability 
  44. CVE-2022-24527 Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability 
  45. CVE-2022-26808 Windows File Explorer Elevation of Privilege Vulnerability 
  46. CVE-2022-26810 Windows File Server Resource Management Service Elevation of Privilege Vulnerability 
  47. CVE-2022-26827 Windows File Server Resource Management Service Elevation of Privilege Vulnerability 
  48. CVE-2022-26903 Windows Graphics Component Remote Code Execution Vulnerability 
  49. CVE-2022-23268 Windows Hyper-V Denial of Service Vulnerability 
  50. CVE-2022-22008 Windows Hyper-V Remote Code Execution Vulnerability 
  51. CVE-2022-22009 Windows Hyper-V Remote Code Execution Vulnerability 
  52. CVE-2022-23257 Windows Hyper-V Remote Code Execution Vulnerability 
  53. CVE-2022-24537 Windows Hyper-V Remote Code Execution Vulnerability 
  54. CVE-2022-24490 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability 
  55. CVE-2022-24539 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability 
  56. CVE-2022-26783 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability 
  57. CVE-2022-26785 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability 
  58. CVE-2022-24499 Windows Installer Elevation of Privilege Vulnerability 
  59. CVE-2022-24530 Windows Installer Elevation of Privilege Vulnerability 
  60. CVE-2022-24543 Windows Installer Remote Code Execution Vulnerability 
  61. CVE-2022-24498 Windows iSCSI Target Service Information Disclosure 
  62. CVE-2022-24486 Windows Kerberos Elevation of Privilege Vulnerability 
  63. CVE-2022-24544 Windows Kerberos Elevation of Privilege Vulnerability 
  64. CVE-2022-24545 Windows Kerberos Remote Code Execution Vulnerability 
  65. CVE-2022-24483 Windows Kernel Information Disclosure Vulnerability 
  66. CVE-2022-24487 Windows Local Security Authority Subsystem Service Remote Code Execution Vulnerability 
  67. CVE-2022-24491 Windows Network File System Remote Code Execution Vulnerability 
  68. CVE-2022-24497 Windows Network File System Remote Code Execution Vulnerability 
  69. CVE-2022-26786 Windows Print Spooler Elevation of Privilege Vulnerability 
  70. CVE-2022-26787 Windows Print Spooler Elevation of Privilege Vulnerability 
  71. CVE-2022-26789 Windows Print Spooler Elevation of Privilege Vulnerability 
  72. CVE-2022-26790 Windows Print Spooler Elevation of Privilege Vulnerability 
  73. CVE-2022-26791 Windows Print Spooler Elevation of Privilege Vulnerability 
  74. CVE-2022-26792 Windows Print Spooler Elevation of Privilege Vulnerability 
  75. CVE-2022-26793 Windows Print Spooler Elevation of Privilege Vulnerability 
  76. CVE-2022-26794 Windows Print Spooler Elevation of Privilege Vulnerability 
  77. CVE-2022-26795 Windows Print Spooler Elevation of Privilege Vulnerability 
  78. CVE-2022-26796 Windows Print Spooler Elevation of Privilege Vulnerability 
  79. CVE-2022-26797 Windows Print Spooler Elevation of Privilege Vulnerability 
  80. CVE-2022-26798 Windows Print Spooler Elevation of Privilege Vulnerability 
  81. CVE-2022-26801 Windows Print Spooler Elevation of Privilege Vulnerability 
  82. CVE-2022-26802 Windows Print Spooler Elevation of Privilege Vulnerability 
  83. CVE-2022-26803 Windows Print Spooler Elevation of Privilege Vulnerability 
  84. CVE-2022-21983 Windows SMB Remote Code Execution Vulnerability 
  85. CVE-2022-24485 Windows SMB Remote Code Execution Vulnerability 
  86. CVE-2022-24500 Windows SMB Remote Code Execution Vulnerability 
  87. CVE-2022-24534 Windows SMB Remote Code Execution Vulnerability 
  88. CVE-2022-24541 Windows SMB Remote Code Execution Vulnerability 
  89. CVE-2022-26830 Windows SMB Remote Code Execution Vulnerability 
  90. CVE-2022-24550 Windows Telephony Server Elevation of Privilege Vulnerability 
  91. CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability 
  92. CVE-2022-24474 Windows Win32k Elevation of Privilege Vulnerability 
  93. CVE-2022-24542 Windows Win32k Elevation of Privilege Vulnerability 
  94. CVE-2022-26807 Windows Work Folder Service Elevation of Privilege Vulnerability 
  95. CVE-2022-26914 Win32k Elevation of Privilege Vulnerability 
  96. CVE-2022-26916 Windows Fax Compose Form Remote Code Execution Vulnerability 
  97. CVE-2022-26917 Windows Fax Compose Form Remote Code Execution Vulnerability 
  98. CVE-2022-26918 Windows Fax Compose Form Remote Code Execution Vulnerability 
  99. CVE-2022-26920 Windows Graphics Component Information Disclosure Vulnerability 
  100. CVE-2022-26919 Windows LDAP Remote Code Execution Vulnerability 
  101. CVE-2022-26915 Windows Secure Channel Denial of Service Vulnerability 

http://feeds.feedburner.com/sophos/dgdY