{"id":18749,"date":"2022-04-12T13:21:01","date_gmt":"2022-04-12T21:21:01","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/04\/12\/news-12482\/"},"modified":"2022-04-12T13:21:01","modified_gmt":"2022-04-12T21:21:01","slug":"news-12482","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/04\/12\/news-12482\/","title":{"rendered":"RPC Vulnerability Stands Out in a Field of 128 in April"},"content":{"rendered":"

Credit to Author: Christopher Budd| Date: Tue, 12 Apr 2022 17:45:37 +0000<\/strong><\/p>\n

\n

You can <\/span>almost<\/span><\/i> think of the April 2022 Patch Tuesday release as having a bark that\u2019s worse than its bite.<\/span>\u00a0<\/span><\/p>\n

At first blush, this is a very large month in terms of numbers of vulnerabilities (CVEs) addressed: 128.<\/span>\u00a0<\/span><\/p>\n

However, even though this is a heavy month in terms of quantity, it\u2019s actually not as bad a month as one might expect.<\/span>\u00a0<\/span><\/p>\n

That said, there\u2019s one vulnerability that does stand out: CVE-2022-26809 RPC Runtime Library Remote Code Execution Vulnerability, a Critical-severity RPC vulnerability with no mitigating factors, low attack complexity, a greater-than-average likelihood of exploitation, and impact on all versions of Windows from Windows 7 onwards. Even more unnerving for infosecurity veterans, RPC was the vulnerable component behind the <\/span>crippling Blaster worm attacks in 2003<\/span><\/a>.<\/span>\u00a0<\/span><\/p>\n

Aside from that eye-catching vulnerability, the rest of this large release is more about quantity than severity. Only nine of the remaining vulnerabilities are rated \u201cCritical,\u201d three are rated \u201cModerate,\u201d and the remaining vulnerabilities are rated as \u201cImportant.\u201d Though counted in the tally of 128, one CVE this month is technically a Defense-in-Depth release rather than a true vulnerability according to Microsoft\u2019s classification scheme.<\/span>\u00a0<\/span><\/p>\n

There are no Critical-class vulnerabilities that are publicly disclosed or exploited at time of release.\u00a0<\/span>\u00a0<\/span><\/p>\n

In fact, there is only vulnerability listed as exploited, CVE-2022-24521 Windows Common Log File System Driver Elevation of Privilege Vulnerability, and only one vulnerability, CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability, publicly disclosed. Both are rated \u201cImportant.\u201d<\/span>\u00a0<\/span><\/p>\n

Even in terms of likelihood of exploitability, this month is relatively light. Only eleven of the 128 are listed as \u201cExploitation More Likely,\u201d and aside from the RPC vulnerability, only two others of these are rated \u201cCritical\u201d: CVE-2022-24491 Windows Network File System Remote Code Execution Vulnerability and CVE-2022-24497 Windows Network File System Remote Code Execution Vulnerability.<\/span>\u00a0<\/span><\/p>\n

This month\u2019s release covers a range of products. The overwhelming majority of patches are for Microsoft Windows and its components. These include the most notable vulnerabilities this month. Other products affected include Microsoft Edge, .NET and Visual Studio, Defender, Office, and a handful of lesser-known and less-deployed products.\u00a0<\/span>\u00a0<\/span><\/p>\n

You can find a complete breakdown of the vulnerabilities by severity and impact, product, and exploitability at the end in the Appendix.<\/span>\u00a0<\/span><\/p>\n

Below we highlight some of the most notable vulnerabilities to be considered in April\u2019s risk assessment and deployment prioritization.<\/span><\/span>\u00a0<\/span><\/p>\n

\"\"<\/a>\"\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

Notable Vulnerabilities<\/span><\/b>\u00a0<\/span><\/p>\n

RPC, SMB, and NFS<\/span><\/b>\u00a0<\/span><\/p>\n

Five vulnerabilities — half of this month\u2019s critical vulnerabilities — affect networking protocols and capabilities, specifically RPC, SMB, and NFS.<\/span>\u00a0<\/span><\/p>\n

Of the four vulnerabilities affecting RPC, the vulnerability described above (CVE-2022-26809) is rated as critical, with no mitigating factors listed and \u201cExploitation More Likely.\u201d These points plus RPC\u2019s role in past attacks like Blaster mean this vulnerability should also have a high prioritization. The remaining three RPC vulnerabilities also have mitigating factors that would likely make successful attacks more difficult, rating them as \u201cImportant\u201d in severity.<\/span>\u00a0<\/span><\/p>\n

This month there are six RCE vulnerabilities affecting SMB. Two (CVE-2022-24500 and CVE-2022-24541) are rated as \u201cCritical,\u201d but Microsoft notes \u201cFor vulnerability to be exploited, a user would need to access a malicious SMB server to retrieve some data as part of an OS API call.\u201d This would seem to imply some level of mitigation, but the critical rating and SMBs role in major security events like EternalBlue means these vulnerabilities should be highly prioritized. The four non-Critical SMB vulnerabilities have specific requirements that would appear to make successful attacks against these more difficult, which is why they\u2019re rated as \u201cImportant\u201d.<\/span>\u00a0<\/span><\/p>\n

The two vulnerabilities affecting NFS (CVE-2022-24491 and CVE-2022-24497) are rated \u201cCritical\u201d and also \u201cExploitation More Likely.\u201d However, the vulnerable component is not installed and enabled on Windows by default. This means these critical vulnerabilities only affect Windows Server \u201cwhen the server administrator uses the Add Roles and Features Wizard to add the Server NFS role service.\u201d In short, if you run NFS on Windows Server, this is a high-priority patch. But if you don\u2019t, you can skip these patches.<\/span>\u00a0<\/span><\/p>\n

Hyper-V<\/span><\/b>\u00a0<\/span><\/p>\n

Three of this month\u2019s critical vulnerabilities affect Windows Hyper-V (CVE-2022-22008, CVE-2022-23257 and CVE-2022-24537).\u00a0 There are an additional six \u201cImportant\u201d vulnerabilities affecting Hyper-V.<\/span>\u00a0<\/span><\/p>\n

CVE-2022-23257 is notable because a successful attack would require an attacker to load and run a specially crafted application on a Hyper-V guest.\u00a0<\/span>\u00a0<\/span><\/p>\n

CVE-2022-24537 is notable because Microsoft notes \u201cTo exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script within a Hyper-V guest instance running on a nested Hyper-V host instance.\u201d While this is rated Critical in severity, it would seem to require a very specific scenario for exploitation.<\/span>\u00a0<\/span><\/p>\n

Microsoft Dynamics 365 (on-premises)<\/span><\/b>\u00a0<\/span><\/p>\n

The remaining critical vulnerability this month affects Microsoft Dynamics 365 (on-premises). Microsoft <\/span>patched<\/span><\/a> a critical vulnerability in this particular product in February 2022 as well. To exploit this vulnerability, an attacker would need to be an authenticated user who could run a specially crafted trusted solution package to execute arbitrary SQL commands. Once they had accomplished that, the attacker could escalate and execute commands as db_owner within their Dynamics 356 database.<\/span>\u00a0<\/span><\/p>\n

LDAP<\/span><\/b>\u00a0<\/span><\/p>\n

There are two vulnerabilities affecting LDAP this month. One of these CVE-2022-26919 Windows LDAP Remote Code Execution Vulnerability is rated as critical. On the one hand, this vulnerability is remotely exploitable over the network by a standard user who has been authenticated in the domain. On the other hand, Microsoft notes that this has \u201chigh complexity\u201d for any attack and that an attack is not possible unless the default setting for MaxReceiveBuffer has been changed. However, as we discuss below, there are a number of non-critical vulnerabilities affecting Active Directory as well, so it makes sense to prioritize this along with those.<\/span>\u00a0<\/span><\/p>\n

Active Directory<\/span><\/b>\u00a0<\/span><\/p>\n

This month there are two Important-rated remote code execution (RCE) vulnerabilities affecting Active Directory (CVE-2022-26814 and CVE-2022-26817). Both of these are race condition vulnerabilities and both require privileges to query the Domain Name Service (DNS) on the vulnerable system. These are important mitigating factors for the vulnerabilities. A successful attack could enable code execution in the Active Directory service. So, while there are notable mitigating factors, an attacker\u2019s ability to potentially compromise an organization\u2019s active directory and create privileged accounts could allow these vulnerabilities to be used as part of an attacker\u2019s lateral movement on the network if compromised.<\/span>\u00a0<\/span><\/p>\n

DNS<\/span><\/b>\u00a0<\/span><\/p>\n

This month there are 16 vulnerabilities affecting DNS. All but two of these are RCEs. Of the others, one (CVE-2022-26816) is a denial of service (DoS) vulnerability and the other (CVE-2022-26829) is an elevation of privilege (EoP) vulnerability. Several, but not all, of the RCEs have a mitigating factor: An attacker would need to be a member of the DNS Admins group to carry out a successful attack. Given the number of vulnerabilities being addressed and the importance of DNS, in this month\u2019s release it makes sense to make the bundle of DNS patches a priority for your risk assessment and deployment.<\/span>\u00a0<\/span><\/p>\n

Print Spooler<\/span><\/b>\u00a0<\/span><\/p>\n

With the <\/span>PrintNightmare situation<\/span><\/a> over the summer of 2021, this is a component that has been under scrutiny and attack and thus cause for concern. This month\u2019s patches for Print Spooler mirror the tenor of this month\u2019s overall release: heavy in quantity but less severe than might be expected.<\/span>\u00a0<\/span><\/p>\n

In total there are 15 vulnerabilities in the Print Spooler being addressed. However, all of these are rated \u201cImportant,\u201d all are EoPs, none are publicly disclosed, none are currently under exploit, and all are rated \u201cExploitability Less Likely.\u201d<\/span>\u00a0<\/span><\/p>\n

Because of the number of vulnerabilities in this component it makes sense to give some priority to these updates, but these are clearly less urgent for your prioritization for risk assessment and deployment.<\/span>\u00a0<\/span><\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

Sophos protection<\/span><\/span>\u00a0<\/span><\/strong><\/p>\n

\u00a0<\/span><\/p>\n

As you can do every month, if you don\u2019t want to wait for your system to pull down the updates itself, you can download them manually from the Windows Update Catalog website. (The exceptions this month, as noted above, are the 11 patches handled via the Microsoft Store.) Run the winver.exe tool to determine which build of Windows 10 or 11 you\u2019re running, then download the Cumulative Update package for your particular system\u2019s architecture and build number.<\/span>\u00a0<\/span><\/p>\n

Appendix<\/span><\/b>\u00a0<\/span><\/h3>\n

Vulnerability Severity and Impact<\/span><\/b>\u00a0<\/span><\/p>\n

Below is a breakdown of the vulnerabilities by impact and severity.<\/span>\u00a0<\/span><\/p>\n

Remote code execution (RCE)<\/span>\u00a0<\/span><\/p>\n

Critical:<\/span>\u00a0<\/span><\/p>\n

    \n
  1. CVE-2022-23259<\/span> Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability<\/span><\/li>\n
  2. CVE-2022-26809<\/span> RPC Runtime Library Remote Code Execution Vulnerability<\/span><\/li>\n
  3. CVE-2022-22008<\/span> Windows Hyper-V Remote Code Execution Vulnerability<\/span><\/li>\n
  4. CVE-2022-23257<\/span> Windows Hyper-V Remote Code Execution Vulnerability<\/span><\/li>\n
  5. CVE-2022-24537<\/span> Windows Hyper-V Remote Code Execution Vulnerability<\/span><\/li>\n
  6. CVE-2022-24491<\/span> Windows Network File System Remote Code Execution Vulnerability<\/span><\/li>\n
  7. CVE-2022-24497<\/span> Windows Network File System Remote Code Execution Vulnerability<\/span><\/li>\n
  8. CVE-2022-24500<\/span> Windows SMB Remote Code Execution Vulnerability<\/span><\/li>\n
  9. CVE-2022-24541<\/span> Windows SMB Remote Code Execution Vulnerability<\/span><\/li>\n
  10. CVE-2022-26919<\/span> Windows LDAP Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

    Important:\u00a0<\/span>\u00a0<\/span><\/p>\n

      \n
    1. CVE-2022-26814<\/span> Active Directory Domain Services Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    2. CVE-2022-26817<\/span> Active Directory Domain Services Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    3. CVE-2022-26898<\/span> Azure Site Recovery Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    4. CVE-2022-24532<\/span> HEVC Video Extensions Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    5. CVE-2022-24475<\/span> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    6. CVE-2022-26901<\/span> Microsoft Excel Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    7. CVE-2022-24533<\/span> Remote Desktop Protocol Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    8. CVE-2022-24492<\/span> Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    9. CVE-2022-24528<\/span> Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    10. CVE-2022-24495<\/span> Windows Direct Show – Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    11. CVE-2022-26829<\/span> Windows DNS Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
    12. CVE-2022-24536<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    13. CVE-2022-26811<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    14. CVE-2022-26812<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    15. CVE-2022-26813<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    16. CVE-2022-26815<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    17. CVE-2022-26818<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    18. CVE-2022-26819<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    19. CVE-2022-26820<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    20. CVE-2022-26821<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    21. CVE-2022-26822<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    22. CVE-2022-26823<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    23. CVE-2022-26824<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    24. CVE-2022-26825<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    25. CVE-2022-26826<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    26. CVE-2022-26903<\/span> Windows Graphics Component Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    27. CVE-2022-22009<\/span> Windows Hyper-V Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    28. CVE-2022-24543<\/span> Windows Installer Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    29. CVE-2022-24545<\/span> Windows Kerberos Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    30. CVE-2022-24487<\/span> Windows Local Security Authority Subsystem Service Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    31. CVE-2022-21983<\/span> Windows SMB Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    32. CVE-2022-24485<\/span> Windows SMB Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    33. CVE-2022-24534<\/span> Windows SMB Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    34. CVE-2022-26830<\/span> Windows SMB Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    35. CVE-2022-24473<\/span> Microsoft Excel Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    36. CVE-2022-26916<\/span> Windows Fax Compose Form Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    37. CVE-2022-26917<\/span> Windows Fax Compose Form Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
    38. CVE-2022-26918<\/span> Windows Fax Compose Form Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

      Elevation of privilege (EoP)<\/span>\u00a0<\/span><\/p>\n

      Important:\u00a0<\/span>\u00a0<\/span><\/p>\n

        \n
      1. CVE-2022-26896<\/span> Azure Site Recovery Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      2. CVE-2022-26897<\/span> Azure Site Recovery Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      3. CVE-2022-24479<\/span> Connected User Experiences and Telemetry Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      4. CVE-2022-24496<\/span> Local Security Authority Subsystem Service Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      5. CVE-2022-26891<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      6. CVE-2022-26894<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      7. CVE-2022-26895<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      8. CVE-2022-26900<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      9. CVE-2022-26908<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      10. CVE-2022-26788<\/span> PowerShell Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      11. CVE-2022-24765<\/span> Uncontrolled search for the Git directory in Git for Windows<\/span>\u00a0<\/span><\/li>\n
      12. CVE-2022-24513<\/span> Visual Studio Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      13. CVE-2022-24482<\/span> Windows ALPC Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      14. CVE-2022-24540<\/span> Windows ALPC Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      15. CVE-2022-24494<\/span> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      16. CVE-2022-24549<\/span> Windows AppX Package Manager Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      17. CVE-2022-26828<\/span> Windows Bluetooth Driver Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      18. CVE-2022-24538<\/span> Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
      19. CVE-2022-24489<\/span> Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      20. CVE-2022-24481<\/span> Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      21. CVE-2022-24521<\/span> Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      22. CVE-2022-24488<\/span> Windows Desktop Bridge Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      23. CVE-2022-24547<\/span> Windows Digital Media Receiver Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      24. CVE-2022-24546<\/span> Windows DWM Core Library Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      25. CVE-2022-24527<\/span> Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      26. CVE-2022-26808<\/span> Windows File Explorer Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      27. CVE-2022-26810<\/span> Windows File Server Resource Management Service Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      28. CVE-2022-26827<\/span> Windows File Server Resource Management Service Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      29. CVE-2022-24499<\/span> Windows Installer Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      30. CVE-2022-24530<\/span> Windows Installer Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      31. CVE-2022-24486<\/span> Windows Kerberos Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      32. CVE-2022-24544<\/span> Windows Kerberos Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      33. CVE-2022-26786<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      34. CVE-2022-26787<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      35. CVE-2022-26789<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      36. CVE-2022-26790<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      37. CVE-2022-26791<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      38. CVE-2022-26792<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      39. CVE-2022-26793<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      40. CVE-2022-26794<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      41. CVE-2022-26795<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      42. CVE-2022-26796<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      43. CVE-2022-26797<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      44. CVE-2022-26798<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      45. CVE-2022-26801<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      46. CVE-2022-26802<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      47. CVE-2022-26803<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      48. CVE-2022-24550<\/span> Windows Telephony Server Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      49. CVE-2022-26904<\/span> Windows User Profile Service Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      50. CVE-2022-24474<\/span> Windows Win32k Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      51. CVE-2022-24542<\/span> Windows Win32k Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      52. CVE-2022-26807<\/span> Windows Work Folder Service Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      53. CVE-2022-24767<\/span> GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account<\/span>\u00a0<\/span><\/li>\n
      54. CVE-2022-26914<\/span> Win32k Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
      55. CVE-2022-26921<\/span> Visual Studio Code Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

        Moderate:<\/span><\/span>\u00a0<\/span><\/p>\n

          \n
        1. CVE-2022-26909<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
        2. CVE-2022-26912<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

          D<\/span>enial of service (DoS) <\/span>– Important<\/span><\/span>\u00a0<\/span><\/p>\n

            \n
          1. CVE-2022-26831<\/span> LDAP Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
          2. CVE-2022-26832<\/span> Microsoft .NET Framework and ASP.NET Information Disclosure<\/span>\u00a0<\/span><\/li>\n
          3. CVE-2022-24548<\/span> Microsoft Defender Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
          4. CVE-2022-24484<\/span> Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
          5. CVE-2022-26784<\/span> Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
          6. CVE-2022-26816<\/span> Windows DNS Server Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
          7. CVE-2022-23268<\/span> Windows Hyper-V Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
          8. CVE-2022-26915<\/span> Windows Secure Channel Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
          9. CVE-2022-26924<\/span> YARP Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

            I<\/span>nformation disclosure<\/span> – Important<\/span><\/span>\u00a0<\/span><\/p>\n

              \n
            1. CVE-2022-24493<\/span> Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
            2. CVE-2022-26911<\/span> Skype for Business Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
            3. CVE-2022-24490<\/span> Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
            4. CVE-2022-24539<\/span> Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
            5. CVE-2022-26783<\/span> Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
            6. CVE-2022-26785<\/span> Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
            7. CVE-2022-24498<\/span> Windows iSCSI Target Service Information Disclosure<\/span>\u00a0<\/span><\/li>\n
            8. CVE-2022-24483<\/span> Windows Kernel Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
            9. CVE-2022-26920<\/span> Windows Graphics Component Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

              Spoofing:<\/span>\u00a0<\/span><\/p>\n

              Important<\/span>\u00a0<\/span><\/p>\n

                \n
              1. CVE-2022-23292<\/span> Microsoft Power BI Spoofing Vulnerability<\/span>\u00a0<\/span><\/li>\n
              2. CVE-2022-24472<\/span> Microsoft SharePoint Server Spoofing Vulnerability<\/span>\u00a0<\/span><\/li>\n
              3. CVE-2022-26910<\/span> Skype for Business and Lync Spoofing Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

                Moderate<\/span><\/span>\u00a0<\/span><\/p>\n

                  \n
                1. CVE-2022-24523<\/span><\/span> Microsoft Edge (Chromium-based) Spoofing Vulnerability<\/span><\/span><\/li>\n<\/ol>\n

                  Defense in Depth<\/span> \u2013<\/span> Important<\/span>:<\/span><\/span>\u00a0<\/span><\/p>\n

                    \n
                  1. CVE-2022-26907<\/span><\/span> Azure SDK for .NET Information Disclosure Vulnerability<\/span><\/span>\u00a0<\/span><\/li>\n<\/ol>\n

                    Exploitability Indexes<\/span><\/b>\u00a0<\/span><\/p>\n

                    Below are the vulnerabilities marked as \u201cExploitation more likely\u201d.\u00a0 This month the Exploitability Indexes are identical for both latest and older software.<\/span>\u00a0<\/span><\/p>\n

                      \n
                    1. CVE-2022-26809<\/span> RPC Runtime Library Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                    2. CVE-2022-24481<\/span> Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                    3. CVE-2022-24521<\/span> Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                    4. CVE-2022-24547<\/span> Windows Digital Media Receiver Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                    5. CVE-2022-24546<\/span> Windows DWM Core Library Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                    6. CVE-2022-24491<\/span> Windows Network File System Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                    7. CVE-2022-24497<\/span> Windows Network File System Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                    8. CVE-2022-26904<\/span> Windows User Profile Service Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                    9. CVE-2022-24474<\/span> Windows Win32k Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                    10. CVE-2022-24542<\/span> Windows Win32k Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                    11. CVE-2022-26914<\/span> Win32k Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

                      Products Affected<\/span><\/b>\u00a0<\/span><\/p>\n

                      .NET and Visual Studio<\/span>\u00a0<\/span><\/p>\n

                        \n
                      1. CVE-2022-26832<\/span> Microsoft .NET Framework and ASP.NET Information Disclosure<\/span>\u00a0<\/span><\/li>\n
                      2. CVE-2022-24765<\/span> Uncontrolled search for the Git directory in Git for Windows<\/span>\u00a0<\/span><\/li>\n
                      3. CVE-2022-24513<\/span> Visual Studio Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                      4. CVE-2022-26907<\/span> Azure SDK for .NET Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
                      5. CVE-2022-24767<\/span> GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account<\/span>\u00a0<\/span><\/li>\n
                      6. CVE-2022-26921<\/span> Visual Studio Code Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                      7. CVE-2022-26924<\/span> YARP Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

                        Azure Site Recovery<\/span><\/span>\u00a0<\/span><\/p>\n

                          \n
                        1. CVE-2022-26896<\/span> Azure Site Recovery Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                        2. CVE-2022-26897<\/span> Azure Site Recovery Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                        3. CVE-2022-26898<\/span> Azure Site Recovery Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

                          Microsoft Defender<\/span><\/span><\/p>\n

                            \n
                          1. CVE-2022-24548<\/span> Microsoft Defender Denial of Service Vulnerability<\/span>\u00a0<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

                            Microsoft Dynamics<\/span><\/span>\u00a0<\/span><\/p>\n

                              \n
                            1. CVE-2022-23259<\/span><\/span> Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability<\/span><\/span>\u00a0<\/span><\/li>\n<\/ol>\n

                              Microsoft Edge<\/span><\/span>\u00a0<\/span><\/p>\n

                                \n
                              1. CVE-2022-26891<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                              2. CVE-2022-26894<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                              3. CVE-2022-26895<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                              4. CVE-2022-26900<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                              5. CVE-2022-26908<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                              6. CVE-2022-26909<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                              7. CVE-2022-24475<\/span> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                              8. CVE-2022-24523<\/span> Microsoft Edge (Chromium-based) Spoofing Vulnerability <\/span>\u00a0<\/span><\/li>\n
                              9. CVE-2022-26912<\/span> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

                                Microsoft Office<\/span><\/span>\u00a0<\/span><\/p>\n

                                  \n
                                1. CVE-2022-26901<\/span> Microsoft Excel Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                2. CVE-2022-24472<\/span> Microsoft SharePoint Server Spoofing Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                3. CVE-2022-24473<\/span> Microsoft Excel Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

                                  Microsoft Power BI<\/span><\/span>\u00a0<\/span><\/p>\n

                                    \n
                                  1. CVE-2022-23292<\/span><\/span> Microsoft Power BI Spoofing Vulnerability<\/span><\/span>\u00a0<\/span><\/li>\n<\/ol>\n

                                    Microsoft Skype for Business<\/span><\/span>\u00a0<\/span><\/p>\n

                                      \n
                                    1. CVE-2022-26910<\/span> Skype for Business and Lync Spoofing Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                    2. CVE-2022-26911<\/span> Skype for Business Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol>\n

                                      Microsoft Windows<\/span><\/span>\u00a0<\/span><\/p>\n

                                        \n
                                      1. CVE-2022-26814<\/span> Active Directory Domain Services Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      2. CVE-2022-26817<\/span> Active Directory Domain Services Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      3. CVE-2022-24479<\/span> Connected User Experiences and Telemetry Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      4. CVE-2022-24532<\/span> HEVC Video Extensions Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      5. CVE-2022-26831<\/span> LDAP Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      6. CVE-2022-24496<\/span> Local Security Authority Subsystem Service Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      7. CVE-2022-24493<\/span> Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      8. CVE-2022-26788<\/span> PowerShell Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      9. CVE-2022-24533<\/span> Remote Desktop Protocol Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      10. CVE-2022-24492<\/span> Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      11. CVE-2022-24528<\/span> Remote Procedure Call Runtime Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      12. CVE-2022-26809<\/span> RPC Runtime Library Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      13. CVE-2022-24482<\/span> Windows ALPC Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      14. CVE-2022-24540<\/span> Windows ALPC Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      15. CVE-2022-24494<\/span> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      16. CVE-2022-24549<\/span> Windows AppX Package Manager Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      17. CVE-2022-26828<\/span> Windows Bluetooth Driver Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      18. CVE-2022-24484<\/span> Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      19. CVE-2022-24538<\/span> Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      20. CVE-2022-26784<\/span> Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      21. CVE-2022-24489<\/span> Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      22. CVE-2022-24481<\/span> Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      23. CVE-2022-24521<\/span> Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      24. CVE-2022-24488<\/span> Windows Desktop Bridge Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      25. CVE-2022-24547<\/span> Windows Digital Media Receiver Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      26. CVE-2022-24495<\/span> Windows Direct Show – Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      27. CVE-2022-26829<\/span> Windows DNS Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      28. CVE-2022-26816<\/span> Windows DNS Server Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      29. CVE-2022-24536<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      30. CVE-2022-26811<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      31. CVE-2022-26812<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      32. CVE-2022-26813<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      33. CVE-2022-26815<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      34. CVE-2022-26818<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      35. CVE-2022-26819<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      36. CVE-2022-26820<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      37. CVE-2022-26821<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      38. CVE-2022-26822<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      39. CVE-2022-26823<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      40. CVE-2022-26824<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      41. CVE-2022-26825<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      42. CVE-2022-26826<\/span> Windows DNS Server Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      43. CVE-2022-24546<\/span> Windows DWM Core Library Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      44. CVE-2022-24527<\/span> Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      45. CVE-2022-26808<\/span> Windows File Explorer Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      46. CVE-2022-26810<\/span> Windows File Server Resource Management Service Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      47. CVE-2022-26827<\/span> Windows File Server Resource Management Service Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      48. CVE-2022-26903<\/span> Windows Graphics Component Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      49. CVE-2022-23268<\/span> Windows Hyper-V Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      50. CVE-2022-22008<\/span> Windows Hyper-V Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      51. CVE-2022-22009<\/span> Windows Hyper-V Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      52. CVE-2022-23257<\/span> Windows Hyper-V Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      53. CVE-2022-24537<\/span> Windows Hyper-V Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      54. CVE-2022-24490<\/span> Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      55. CVE-2022-24539<\/span> Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      56. CVE-2022-26783<\/span> Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      57. CVE-2022-26785<\/span> Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      58. CVE-2022-24499<\/span> Windows Installer Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      59. CVE-2022-24530<\/span> Windows Installer Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      60. CVE-2022-24543<\/span> Windows Installer Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      61. CVE-2022-24498<\/span> Windows iSCSI Target Service Information Disclosure<\/span>\u00a0<\/span><\/li>\n
                                      62. CVE-2022-24486<\/span> Windows Kerberos Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      63. CVE-2022-24544<\/span> Windows Kerberos Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      64. CVE-2022-24545<\/span> Windows Kerberos Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      65. CVE-2022-24483<\/span> Windows Kernel Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      66. CVE-2022-24487<\/span> Windows Local Security Authority Subsystem Service Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      67. CVE-2022-24491<\/span> Windows Network File System Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      68. CVE-2022-24497<\/span> Windows Network File System Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      69. CVE-2022-26786<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      70. CVE-2022-26787<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      71. CVE-2022-26789<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      72. CVE-2022-26790<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      73. CVE-2022-26791<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      74. CVE-2022-26792<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      75. CVE-2022-26793<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      76. CVE-2022-26794<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      77. CVE-2022-26795<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      78. CVE-2022-26796<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      79. CVE-2022-26797<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      80. CVE-2022-26798<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      81. CVE-2022-26801<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      82. CVE-2022-26802<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      83. CVE-2022-26803<\/span> Windows Print Spooler Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      84. CVE-2022-21983<\/span> Windows SMB Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      85. CVE-2022-24485<\/span> Windows SMB Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      86. CVE-2022-24500<\/span> Windows SMB Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      87. CVE-2022-24534<\/span> Windows SMB Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      88. CVE-2022-24541<\/span> Windows SMB Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      89. CVE-2022-26830<\/span> Windows SMB Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      90. CVE-2022-24550<\/span> Windows Telephony Server Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      91. CVE-2022-26904<\/span> Windows User Profile Service Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      92. CVE-2022-24474<\/span> Windows Win32k Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      93. CVE-2022-24542<\/span> Windows Win32k Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      94. CVE-2022-26807<\/span> Windows Work Folder Service Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      95. CVE-2022-26914<\/span> Win32k Elevation of Privilege Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      96. CVE-2022-26916<\/span> Windows Fax Compose Form Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      97. CVE-2022-26917<\/span> Windows Fax Compose Form Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      98. CVE-2022-26918<\/span> Windows Fax Compose Form Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      99. CVE-2022-26920<\/span> Windows Graphics Component Information Disclosure Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      100. CVE-2022-26919<\/span> Windows LDAP Remote Code Execution Vulnerability<\/span>\u00a0<\/span><\/li>\n
                                      101. CVE-2022-26915<\/span> Windows Secure Channel Denial of Service Vulnerability<\/span>\u00a0<\/span><\/li>\n<\/ol><\/div>\n

                                        http:\/\/feeds.feedburner.com\/sophos\/dgdY<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

                                        <\/p>\n

                                        Credit to Author: Christopher Budd| Date: Tue, 12 Apr 2022 17:45:37 +0000<\/strong><\/p>\n

                                        This month\u2019s Patch Tuesday is more about quantity than severity, with one flashback-inducing exception<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10377],"tags":[25683,19245,18513,16771],"class_list":["post-18749","post","type-post","status-publish","format-standard","hentry","category-security","category-sophos","tag-2022-04","tag-patch-tuesday","tag-sophoslabs-uncut","tag-threat-research"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18749"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18749\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}