Microsoft's April 2022 Patch Includes Roughly 120 Vulnerability Fixes With CVE-2022-24521 as a Priority

As bad actors are constantly on the search for software flaws to exploit for personal gain, Lifehacker advised PC users to install Microsoft patch updates as soon as possible.

Microsoft's April 2022 Patch Includes Roughly 120 Vulnerability Fixes With CVE-2022-24521 as a Priority
JOSEP LAGO/AFP via Getty Images

Microsoft's April 2022 Patch To Fix Roughly 120 Security Vulnerabilities in Total

Microsoft on Tuesday, April 12, released updates to fix 119 security vulnerabilities in its Windows operating systems and other software, Info Security reported.

According to a report from the U.S. National Security Agency (NSA), two of the flaws had been publicly described before this week, and one is already being actively exploited.

KrebsonSecurity mentioned that CVE-2022-24521, a vulnerability in the Windows Common Log File System Driver (CLFS), is one of the particular concerns this month. Microsoft stated in its advisory that it got information from the NSA that the flaw is being actively exploited.

The said vulnerability has a Common Vulnerability Scoring System (CVSS) score of 7.8 (10 being the worst) and has the potential to facilitate "privilege escalation."

Meanwhile, Info Security quoted Tyler Reguly, manager of security R&D at Tripwire, who said: "CLFS is a general purpose logging service that can be used by both user and kernel-mode software."

"Patches have been released for CLFS monthly since September 2021 with only one exception - November 2021. From September 2021 until today, we have seen 18 vulnerabilities patched within CLFS."

Nine of the patches released this week are deemed "critical," which means that the vulnerabilities they address might be exploited by malware or malicious users to gain total remote access to a Windows system without the user's knowledge.

According to KrebsonSecurity, CVE-2022-26809, a potentially "wormable" flaw in a core Windows component (RPC) with a CVSS score of 9.8, is one of the scarier critical bugs.

Separately, CVE-2022-24491 and CVE-2022-24497, both Windows Network File System (NFS) vulnerabilities with 9.8 CVSS scores, are two other possibly wormable risks this month. However, Kevin Breen, director of cyber threat research at Immersive Labs, noted that NFS Role is not a default configuration for Windows devices.

While these are the most prominent issues in this new update, the other flaws should not be overlooked.

Other Flaws Being Addressed With the Update

Microsoft's latest security updates fix not only Windows operating systems, but also Office, Edge, Skype for Business, Exchange Server, Defender, and other apps.

It was noted that Microsoft's Edge browser has received updates for an additional 26 CVEs.

How To Install the Latest Security Patches

If Windows fails to automatically install the latest updates, you can install the updates manually from Settings.

Just follow the steps below to make sure your Windows 10 PC has the most recent Microsoft Windows updates:

  • Open Start ⇒ Settings ⇒ Update & Security ⇒ Windows Update (Windows 10)
  • If a patch is available, it will be displayed on the screen.
  • Then, to download and install the update on your PC, simply follow the on-screen instructions.
  • When the updates have been installed, you can restart the computer when prompted by the software.

If you're using Windows 11, you can do this instead:

  • Open Start ⇒ Settings ⇒ Windows Update (Windows 11)
  • If a patch is available, it will be displayed on the screen.
  • Then, to download and install the update on your PC, simply follow the on-screen instructions.
  • When the updates have been installed, you can restart the computer when prompted by the software.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Tags Microsoft

More from iTechPost

Real Time Analytics