Microsoft Patch Tuesday April 2022 addressed two zero-day vulnerabilities

Threat Advisories

Microsoft Patch Tuesday April 2022 addressed two zero-day vulnerabilities

April 14, 2022

THREAT LEVEL: Red.

For a detailed advisory, download the pdf file here

Microsoft addressed 128 vulnerabilities in there April patch Tuesday update. Two of them have been categorized as zero-day vulnerabilities. One of the two zero-days is exploited-in-the-wild as well.

The vulnerability, CVE-2022-24521, has been exploited in the wild. By exploiting this flaw in the Windows Common Log File System (CLFS) driver, an attacker can escalate privileges.  The second zero-day is CVE-2022-26904, which is discovered in the Windows User Profile Service also permits the escalation of privileges. Despite being listed as more likely to be exploited, it has a high attack complexity, and successful exploitation requires an attacker to win a race condition.

Organizations have advised the patch all these vulnerabilities as soon as possible to avoid exploitation.

Potential MITRE ATT&CK TTPs are:

TA0042: Resource Development

T1588: Obtain Capabilities

T1588.006: Obtain Capabilities: Vulnerabilities

TA0001: Initial Access

T1190: Exploit Public-Facing Application

TA0004: Privilege Escalation

T1068: Exploitation for Privilege Escalation

Vulnerability Detail

Patch Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24521

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26904

References

https://www.cisa.gov/uscert/ncas/current-activity/2022/04/12/microsoft-releases-april-2022-security-updates

Recent Posts

Join Our Newsletter 14,000+ subscribers and growing! Get top cybersecurity news delivered directly to your inbox.
Sign Up to Receive Our Weekly Threat Digest