• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
microsoft issues patches for 2 windows zero days and 126 other

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities

You are here: Home / General Cyber Security News / Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities
April 13, 2022

Microsoft’s Patch Tuesday updates for the thirty day period of April have tackled a complete of 128 security vulnerabilities spanning across its software program product or service portfolio, like Windows, Defender, Business office, Exchange Server, Visual Studio, and Print Spooler, amid others.

10 of the 128 bugs preset are rated Critical, 115 are rated Important, and 3 are rated Moderate in severity, with one particular of the flaws outlined as publicly known and yet another beneath active attack at the time of the launch.

The updates are in addition to 26 other flaws fixed by Microsoft in its Chromium-based Edge browser since the start of the month.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The actively exploited flaw (CVE-2022-24521, CVSS score: 7.8) relates to an elevation of privilege vulnerability in the Windows Popular Log File Process (CLFS). Credited with reporting the flaw are the U.S. National Security Agency (NSA) and CrowdStrike researchers Adam Podlosky and Amir Bazine.

CyberSecurity

The next publicly-identified zero-working day flaw (CVE-2022-26904, CVSS score: 7.) also problems a situation of privilege escalation in the Windows Consumer Profile Provider, thriving exploitation of which “calls for an attacker to get a race affliction.”

Other critical flaws to note contain a quantity of remote code execution flaws in RPC Runtime Library (CVE-2022-26809, CVSS rating: 9.8), Windows Network File System (CVE-2022-24491 and CVE-2022-24497, CVSS scores: 9.8), Windows Server Provider (CVE-2022-24541), Windows SMB (CVE-2022-24500), and Microsoft Dynamics 365 (CVE-2022-23259).

Microsoft also patched as numerous as 18 flaws in Windows DNS Server, a person facts disclosure flaw and 17 distant code execution flaws, all of which were described by security researcher Yuki Chen. Also remediated are 15 privilege escalation flaws in the Windows Print Spooler component.

CyberSecurity

The patches get there a week soon after the tech large declared plans to make accessible a aspect called AutoPatch in July 2022 that lets enterprises to expedite applying security fixes in a timely fashion whilst emphasizing on scalability and security.

Software package Patches from Other Vendors

In addition to Microsoft, security updates have also been introduced by other suppliers to rectify several vulnerabilities, counting —

  • Adobe
  • Android
  • Apache Struts 2
  • Cisco Methods
  • Citrix
  • Dell
  • Google Chrome
  • HP Teradici PCoIP Client
  • Juniper Networks
  • Linux distributions Oracle Linux, Pink Hat, and SUSE
  • Mozilla Firefox, Firefox ESR, and Thunderbird
  • SAP
  • Schneider Electric powered
  • Siemens, and
  • VMware

Uncovered this post interesting? Follow THN on Fb, Twitter  and LinkedIn to examine far more exceptional content material we write-up.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Cross-Regional Disaster Recovery with Elasticsearch
Next Post: FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.