TRY NOW
Patch Tuesday

Microsoft Patch Tuesday – April 2022

8 min. read
12/04/2022
By Esben Dochy
Microsoft Patch Tuesday April 2022

Patch Tuesday is once again upon us. The April 2022 edition of Patch Tuesday brings us 117 fixes, with 9 rated as critical. We’ve listed the most important changes below.

⚡ TL;DR | Go Straight to the April 2022 Patch Tuesday Audit Report

Windows Network File System RCE

One of the most critical vulnerabilities addressed in this month’s Patch Tuesday is a Windows Network File System Remote Code Execution vulnerability. Listed as CVE-2022-24491, this vulnerability has a CVSS base score of 9.8 in addition to Microsoft listing the exploitability as “Exploitation More Likely”. If exploited an attacker could send a specially crafted NFS protocol network message to a vulnerable Windows machine, which could enable remote code execution.

One important detail is that only servers with the Network File System (NFS) role installed are vulnerable, luckily, you can get a quick overview of all Windows Servers with the NFS role installed with the Lansweeper report.

Remote Procedure Call Runtime RCE

The second vulnerability with a CVSS base score of 9.8 is CVE-2022-26809. Similar to the NFS vulnerability, this one is also more than likely to be exploited according to Microsoft. To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server-side with the same permissions as the RPC service.

Microsoft has listed some mitigation options, however, installing the update to fix the vulnerability is obviously the preferred solution. If you’re unable to perform this update quickly, you can already do the following

1. Block TCP port 445 at the enterprise perimeter firewall

TCP port 445 is used to initiate a connection with the affected component. This can help protect networks from attacks that originate outside the enterprise perimeter. However, systems could still be vulnerable to attacks from within their enterprise perimeter.

2. Follow Microsoft guidelines to secure SMB traffic

Remaining Critical Vulnerabilities

Aside from the two vulnerabilities above, the following critical vulnerabilities are also worth taking a look at if you’re running affecting components:

CVE NumberCVE Title
CVE-2022-26919Windows LDAP Remote Code Execution Vulnerability
CVE-2022-24541Windows Server Service Remote Code Execution Vulnerability
CVE-2022-24537Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-24500Windows SMB Remote Code Execution Vulnerability
CVE-2022-23259Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2022-23257Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-22008Windows Hyper-V Remote Code Execution Vulnerability

Run the Patch Tuesday April 2022 Audit Report

To help manage your update progress, we’ve created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured

Patch Tuesday April 2022 CVE Codes & Titles

CVE NumberCVE Title
CVE-2022-26924YARP Denial of Service Vulnerability
CVE-2022-26921Visual Studio Code Elevation of Privilege Vulnerability
CVE-2022-26920Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-26919Windows LDAP Remote Code Execution Vulnerability
CVE-2022-26918Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2022-26917Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2022-26916Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2022-26915Windows Secure Channel Denial of Service Vulnerability
CVE-2022-26914Win32k Elevation of Privilege Vulnerability
CVE-2022-26911Skype for Business Information Disclosure Vulnerability
CVE-2022-26910Skype for Business and Lync Spoofing Vulnerability
CVE-2022-26907Azure SDK for .NET Information Disclosure Vulnerability
CVE-2022-26904Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2022-26903Windows Graphics Component Remote Code Execution Vulnerability
CVE-2022-26901Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-26898Azure Site Recovery Remote Code Execution Vulnerability
CVE-2022-26897Azure Site Recovery Information Disclosure Vulnerability
CVE-2022-26896Azure Site Recovery Information Disclosure Vulnerability
CVE-2022-26832.NET Framework Denial of Service Vulnerability
CVE-2022-26831Windows LDAP Denial of Service Vulnerability
CVE-2022-26830DiskUsage.exe Remote Code Execution Vulnerability
CVE-2022-26829Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26828Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2022-26827Windows File Server Resource Management Service Elevation of Privilege Vulnerability
CVE-2022-26826Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26825Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26824Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26823Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26822Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26821Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26820Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26819Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26818Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26817Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26816Windows DNS Server Information Disclosure Vulnerability
CVE-2022-26815Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26814Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26813Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26812Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26811Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26810Windows File Server Resource Management Service Elevation of Privilege Vulnerability
CVE-2022-26809Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2022-26808Windows File Explorer Elevation of Privilege Vulnerability
CVE-2022-26807Windows Work Folder Service Elevation of Privilege Vulnerability
CVE-2022-26803Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26802Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26801Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26798Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26797Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26796Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26795Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26794Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26793Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26792Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26791Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26790Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26789Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26788PowerShell Elevation of Privilege Vulnerability
CVE-2022-26787Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26786Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-26785Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
CVE-2022-26784Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
CVE-2022-26783Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
CVE-2022-24767GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account
CVE-2022-24765GitHub: Uncontrolled search for the Git directory in Git for Windows
CVE-2022-24550Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2022-24549Windows AppX Package Manager Elevation of Privilege Vulnerability
CVE-2022-24548Microsoft Defender Denial of Service Vulnerability
CVE-2022-24547Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVE-2022-24546Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-24545Windows Kerberos Remote Code Execution Vulnerability
CVE-2022-24544Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-24543Windows Upgrade Assistant Remote Code Execution Vulnerability
CVE-2022-24542Windows Win32k Elevation of Privilege Vulnerability
CVE-2022-24541Windows Server Service Remote Code Execution Vulnerability
CVE-2022-24540Windows ALPC Elevation of Privilege Vulnerability
CVE-2022-24539Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
CVE-2022-24538Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
CVE-2022-24537Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-24536Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-24534Win32 Stream Enumeration Remote Code Execution Vulnerability
CVE-2022-24533Remote Desktop Protocol Remote Code Execution Vulnerability
CVE-2022-24532HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2022-24530Windows Installer Elevation of Privilege Vulnerability
CVE-2022-24528Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2022-24527Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability
CVE-2022-24521Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-24513Visual Studio Elevation of Privilege Vulnerability
CVE-2022-24500Windows SMB Remote Code Execution Vulnerability
CVE-2022-24499Windows Installer Elevation of Privilege Vulnerability
CVE-2022-24498Windows iSCSI Target Service Information Disclosure Vulnerability
CVE-2022-24496Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2022-24495Windows Direct Show – Remote Code Execution Vulnerability
CVE-2022-24494Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2022-24493Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2022-24492Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2022-24491Windows Network File System Remote Code Execution Vulnerability
CVE-2022-24490Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
CVE-2022-24489Cluster Client Failover (CCF) Elevation of Privilege Vulnerability
CVE-2022-24488Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2022-24487Windows Local Security Authority (LSA) Remote Code Execution Vulnerability
CVE-2022-24486Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-24485Win32 File Enumeration Remote Code Execution Vulnerability
CVE-2022-24484Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
CVE-2022-24483Windows Kernel Information Disclosure Vulnerability
CVE-2022-24481Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-24479Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2022-24474Windows Win32k Elevation of Privilege Vulnerability
CVE-2022-24473Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-24472Microsoft SharePoint Server Spoofing Vulnerability
CVE-2022-23292Microsoft Power BI Spoofing Vulnerability
CVE-2022-23268Windows Hyper-V Denial of Service Vulnerability
CVE-2022-23259Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2022-23257Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-22009Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-22008Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-21983Win32 Stream Enumeration Remote Code Execution Vulnerability

Receive the Latest Patch Tuesday Report for FREE Every Month

"*" indicates required fields

Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.