{"id":18754,"date":"2022-04-13T06:10:05","date_gmt":"2022-04-13T14:10:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/04\/13\/news-12487\/"},"modified":"2022-04-13T06:10:05","modified_gmt":"2022-04-13T14:10:05","slug":"news-12487","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/04\/13\/news-12487\/","title":{"rendered":"April&#8217;s Patch Tuesday update includes fixes for two zero-day vulnerabilities"},"content":{"rendered":"<p><strong>Credit to Author: Pieter Arntz| Date: Wed, 13 Apr 2022 13:57:39 +0000<\/strong><\/p>\n<p>It\u2019s that time of the month again. Time to check what needs to be updated and prioritize where necessary. The Microsoft updates include at least two zero-day vulnerabilities that deserve your attention.<\/p>\n<h2>Microsoft<\/h2>\n<p>Microsoft has released security updates and non-security updates for client and server versions of its Windows operating system and other company products, including Microsoft Office and Edge.<\/p>\n<p>For those that have extended support for Windows 7, there are four critical remote code execution (RCE) vulnerabilities to worry about:<\/p>\n<ul>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-24500\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2022-24500<\/a> <a href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2020\/05\/how-cvss-works-characterizing-and-scoring-vulnerabilities\/\">CVSS<\/a> 8.8 out of 10, a Windows SMB Remote Code Execution vulnerability<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-24541\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2022-24541<\/a> CVSS 8.8, a Windows Server Service Remote Code Execution vulnerability<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-26809\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2022-26809<\/a> CVSS 9.8, a Remote Procedure Call Runtime Remote Code Execution vulnerability<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-26919\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2022-26919<\/a> CVSS 8.1, a Windows LDAP Remote Code Execution vulnerability<\/li>\n<\/ul>\n<p>Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. The zero-day vulnerabilities fixed in this update cycle are:<\/p>\n<ul>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-26904\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2022-26904<\/a> CVSS 7.0, a Windows User Profile Service Elevation of Privilege (EoP) vulnerability. This one is marked with a high attack complexity, because successful exploitation of this vulnerability requires an attacker to win a race condition. But the vulnerability is public knowledge and there is an existing Metasploit module for it. Metasploit is an open-source penetrating framework used by security engineers as a penetration testing system and a development platform that allows to create security tools and exploits.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-24521\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2022-24521<\/a> CVSS 7.8, a Windows Common Log File System Driver Elevation of Privilege vulnerability. This vulnerability has been used in the wild. Microsoft says that attack complexity is low. The vulnerability was reported to Microsoft by the National Security Agency (NSA) and Crowdstrike.<\/li>\n<\/ul>\n<p>Other notable CVEs:<\/p>\n<ul>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-24491\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2<\/a><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-24491\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">0<\/a><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-24491\" target=\"_blank\" rel=\"noreferrer noopener\">22-24491<\/a> CVSS 9.8, a Windows Network File System Remote Code Execution vulnerability. This vulnerability is only exploitable for systems that have the <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-server\/storage\/nfs\/nfs-overview\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">NFS role<\/a> enabled. An attacker could send a specially crafted NFS protocol network message to a vulnerable Windows machine, which could enable remote code execution.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-24997\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2022-24997<\/a> CVSS 9.8, another Windows Network File System Remote Code Execution vulnerability. This vulnerability is only exploitable for systems that have the NFS role enabled. An attacker could send a specially crafted NFS protocol network message to a vulnerable Windows machine, which could enable remote code execution.<\/li>\n<\/ul>\n<p>On these systems with the NFS role enabled, a remote attacker could execute their code with high privileges and without user interaction. This worries experts as these may turn out to be wormable bugs between NFS servers. For a temporary solution, more information on installing or uninstalling Roles or Role Services is available <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-server\/administration\/server-manager\/install-or-uninstall-roles-role-services-or-features#install-roles-role-services-and-features-by-using-the-add-roles-and-features-wizard\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">here<\/a>.<\/p>\n<p>A vulnerability is considered to be wormable if an attack can be launched that requires no human interaction to spread. The impact can be considerable if the number of vulnerable machine is high enough. In these cases web application firewalls (WAFs) would help to mitigate the risk.<\/p>\n<p>In related news, Microsoft <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/windows-it-pro-blog\/get-current-and-stay-current-with-windows-autopatch\/ba-p\/3271839\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">announced<\/a> the release of Windows Autopatch, which is set for July 2022. This will hopefully lessen some of the burdens that come with <a href=\"https:\/\/www.malwarebytes.com\/business\/vulnerability-patch-management\">patch management<\/a>.<\/p>\n<h2>Edge and Chrome<\/h2>\n<p>The Microsoft updates included 26 Microsoft Edge vulnerabilities and Google released a stable channel update for Windows, Mac, and Linux that includes 11 security fixes. Eight out of those 11 were rated with a High severity, none were marked as Critical.<\/p>\n<h2>Other updates<\/h2>\n<p>While you&#8217;re at it, we also saw updates from vendors like:<\/p>\n<ul>\n<li><a href=\"https:\/\/helpx.adobe.com\/security\/security-bulletin.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Adobe<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/publicationListing.x\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cisco<\/a><\/li>\n<li><a href=\"https:\/\/core.vmware.com\/vmsa-2022-0011-questions-answers-faq#section1\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">VMWare<\/a><\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/exploits-and-vulnerabilities\/2022\/04\/aprils-patch-tuesday-update-includes-fixes-for-two-zero-day-vulnerabilities\/\">April&#8217;s Patch Tuesday update includes fixes for two zero-day vulnerabilities<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/exploits-and-vulnerabilities\/2022\/04\/aprils-patch-tuesday-update-includes-fixes-for-two-zero-day-vulnerabilities\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Pieter Arntz| Date: Wed, 13 Apr 2022 13:57:39 +0000<\/strong><\/p>\n<p>April&#8217;s Patch Tuesday brings patches for two zero-day vulnerabilities and two potentially wormable Network File System vulnerabilities.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/exploits-and-vulnerabilities\/2022\/04\/aprils-patch-tuesday-update-includes-fixes-for-two-zero-day-vulnerabilities\/\">April&#8217;s Patch Tuesday update includes fixes for two zero-day vulnerabilities<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10699,25693,12616,22783,10516,25694],"class_list":["post-18754","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-chrome","tag-cve-2022-24491","tag-edge","tag-exploits-and-vulnerabilities","tag-microsoft","tag-wormable"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18754","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18754"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18754\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}