• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities

You are here: Home / General Cyber Security News / Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities
April 13, 2022

Windows Update

Microsoft’s Patch Tuesday updates for the thirty day period of April have tackled a complete of 128 security vulnerabilities spanning across its software program product or service portfolio, like Windows, Defender, Business office, Exchange Server, Visual Studio, and Print Spooler, amid others.

10 of the 128 bugs preset are rated Critical, 115 are rated Important, and 3 are rated Moderate in severity, with one particular of the flaws outlined as publicly known and yet another beneath active attack at the time of the launch.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The updates are in addition to 26 other flaws fixed by Microsoft in its Chromium-based Edge browser since the start of the month.

The actively exploited flaw (CVE-2022-24521, CVSS score: 7.8) relates to an elevation of privilege vulnerability in the Windows Popular Log File Process (CLFS). Credited with reporting the flaw are the U.S. National Security Agency (NSA) and CrowdStrike researchers Adam Podlosky and Amir Bazine.

CyberSecurity

The next publicly-identified zero-working day flaw (CVE-2022-26904, CVSS score: 7.) also problems a situation of privilege escalation in the Windows Consumer Profile Provider, thriving exploitation of which “calls for an attacker to get a race affliction.”

Other critical flaws to note contain a quantity of remote code execution flaws in RPC Runtime Library (CVE-2022-26809, CVSS rating: 9.8), Windows Network File System (CVE-2022-24491 and CVE-2022-24497, CVSS scores: 9.8), Windows Server Provider (CVE-2022-24541), Windows SMB (CVE-2022-24500), and Microsoft Dynamics 365 (CVE-2022-23259).

Microsoft also patched as numerous as 18 flaws in Windows DNS Server, a person facts disclosure flaw and 17 distant code execution flaws, all of which were described by security researcher Yuki Chen. Also remediated are 15 privilege escalation flaws in the Windows Print Spooler component.

CyberSecurity

The patches get there a week soon after the tech large declared plans to make accessible a aspect called AutoPatch in July 2022 that lets enterprises to expedite applying security fixes in a timely fashion whilst emphasizing on scalability and security.

Software package Patches from Other Vendors

In addition to Microsoft, security updates have also been introduced by other suppliers to rectify several vulnerabilities, counting —

  • Adobe
  • Android
  • Apache Struts 2
  • Cisco Methods
  • Citrix
  • Dell
  • Google Chrome
  • HP Teradici PCoIP Client
  • Juniper Networks
  • Linux distributions Oracle Linux, Pink Hat, and SUSE
  • Mozilla Firefox, Firefox ESR, and Thunderbird
  • SAP
  • Schneider Electric powered
  • Siemens, and
  • VMware

Uncovered this post interesting? Follow THN on Fb, Twitter  and LinkedIn to examine far more exceptional content material we write-up.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Cross-Regional Disaster Recovery with Elasticsearch

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities
  • Cross-Regional Disaster Recovery with Elasticsearch
  • Microsoft Zero-Days, Wormable Bugs Spark Concern
  • Menswear Brand Zegna Reveals Ransomware Attack
  • Ethical Hacker Steals $600,000 Worth of Crypto
  • RaidForums Hacker Marketplace Shut Down in Cross-Border Law Enforcement Operation
  • Consumers Increasingly Numb to Data Breach Risks
  • Critical LFI Vulnerability Reported in Hashnode Blogging Platform
  • Shiseido reportedly suffers data breach
  • Certified ethical hacker and IT manager steals $575,000 in cryptocurrency from elderly person

Copyright © TheCyberSecurity.News, All Rights Reserved.