The 2022 April Patch Tuesday comes with fixes for 128 CVEs

Vlad Turiceanu
by Vlad Turiceanu
Editor-in-Chief
Passionate about technology, Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world. Coming from a solid background in PC... Read more
Affiliate Disclosure
  • A pretty busy month for a Microsoft Patch Tuesday release, with 128 CVEs.
  • Out of all the CVEs, 10 are rated Critical, 115 Important, and 3 Moderate.
  • We've included each and everyone in this article, with direct links as well.
april patch tuesday cve

It’s April already and everyone is looking towards Microsoft, in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve already provided the direct download links for the cumulative updates released today for Windows 10 and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again.

This month, the Redmond tech giant released 128 new patches, which is a lot more than some people were expecting right before Easter.

These software updates address CVEs in:

  • Microsoft Windows and Windows Components
  • Microsoft Defender and Defender for Endpoint
  • Microsoft Dynamics, Microsoft Edge (Chromium-based)
  • Exchange Server
  • Office and Office Components
  • SharePoint Server
  • Windows Hyper-V
  • DNS Server
  • Skype for Business
  • .NET and Visual Studio
  • Windows App Store
  • Windows Print Spooler Components

Before we get into a more in-depth analysis, note that all this is in addition to the 17 CVEs released for the Chromium Open-Source Software (OSS) by Microsoft Edge (Chromium-based).


128 CVEs were identified and dealt with this month

Indeed, this was a pretty busy month for Microsoft security experts. You might like to know that, out the 128 new CVEs released, 10 are rated Critical, 115 are rated Important, and three are rated Moderate in severity.

CVE Title Severity CVSS Public Exploited Type
CVE-2022-24521 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No Yes EoP
CVE-2022-26904 Windows User Profile Service Elevation of Privilege Vulnerability Important 7 Yes No EoP
CVE-2022-23259 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2022-26809 RPC Runtime Library Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2022-22008 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.7 No No RCE
CVE-2022-23257 Windows Hyper-V Remote Code Execution Vulnerability Critical 8.6 No No RCE
CVE-2022-24537 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.7 No No RCE
CVE-2022-26919 Windows LDAP Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-24491 Windows Network File System Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2022-24497 Windows Network File System Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2022-24541 Windows Server Service Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2022-24500 Windows SMB Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2022-26832 .NET Framework Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-26907 Azure SDK for .NET Information Disclosure Vulnerability Important 5.3 No No Info
CVE-2022-26896 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-26897 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-26898 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-24489 Cluster Client Failover (CCF) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24479 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26830 DiskUsage.exe Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-24767 GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account Important Unknown No No EoP
CVE-2022-24765 GitHub: Uncontrolled search for the Git directory in Git for Windows Important Unknown No No EoP
CVE-2022-24532 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-24496 Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24548 Microsoft Defender Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2022-24475 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 8.3 No No EoP
CVE-2022-26891 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 8.3 No No EoP
CVE-2022-26894 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 8.3 No No EoP
CVE-2022-26895 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 8.3 No No EoP
CVE-2022-26900 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 8.3 No No EoP
CVE-2022-26908 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 8.3 No No EoP
CVE-2022-24473 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-26901 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-26924 YARP Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-24493 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-23292 Microsoft Power BI Spoofing Vulnerability Important 7.1 No No Spoofing
CVE-2022-24472 Microsoft SharePoint Server Spoofing Vulnerability Important 8 No No Spoofing
CVE-2022-26788 PowerShell Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24533 Remote Desktop Protocol Remote Code Execution Vulnerability Important 8 No No RCE
CVE-2022-24492 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-24528 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-26910 Skype for Business and Lync Spoofing Vulnerability Important 5.3 No No Spoofing
CVE-2022-26911 Skype for Business Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-26921 Visual Studio Code Elevation of Privilege Vulnerability Important Unknown No No EoP
CVE-2022-24513 Visual Studio Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24485 Win32 File Enumeration Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-21983 Win32 Stream Enumeration Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-24534 Win32 Stream Enumeration Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-26914 Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24482 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-24540 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-24494 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24549 Windows AppX Package Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26828 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-24484 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2022-24538 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2022-26784 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2022-24481 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24488 Windows Desktop Bridge Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24547 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24495 Windows Direct Show – Remote Code Execution Vulnerability Important 7 No No RCE
CVE-2022-26816 Windows DNS Server Information Disclosure Vulnerability Important 4.9 No No Info
CVE-2022-24536 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-26811 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-26812 Windows DNS Server Remote Code Execution Vulnerability Important 6.7 No No RCE
CVE-2022-26813 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-26814 Windows DNS Server Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-26815 Windows DNS Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-26817 Windows DNS Server Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-26818 Windows DNS Server Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-26819 Windows DNS Server Remote Code Execution Vulnerability Important 6.6 No No RCE
CVE-2022-26820 Windows DNS Server Remote Code Execution Vulnerability Important 6.6 No No RCE
CVE-2022-26821 Windows DNS Server Remote Code Execution Vulnerability Important 6.6 No No RCE
CVE-2022-26822 Windows DNS Server Remote Code Execution Vulnerability Important 6.6 No No RCE
CVE-2022-26823 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-26824 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-26825 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-26826 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-26829 Windows DNS Server Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-24546 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24527 Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26916 Windows Fax Compose Form Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-26917 Windows Fax Compose Form Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-26918 Windows Fax Compose Form Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-26808 Windows File Explorer Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-26810 Windows File Server Resource Management Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26827 Windows File Server Resource Management Service Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-26920 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-26903 Windows Graphics Component Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-23268 Windows Hyper-V Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2022-22009 Windows Hyper-V Remote Code Execution Vulnerability Important 7.7 No No RCE
CVE-2022-24490 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Important 8.1 No No Info
CVE-2022-24539 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Important 8.1 No No Info
CVE-2022-26783 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-26785 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-24499 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24530 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24498 Windows iSCSI Target Service Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-24486 Windows Kerberos Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24544 Windows Kerberos Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24545 Windows Kerberos Remote Code Execution Vulnerability Important 8.1 No No RCE
CVE-2022-24483 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-26831 Windows LDAP Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-24487 Windows Local Security Authority (LSA) Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-26786 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26787 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26789 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26790 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26791 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26792 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26793 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26794 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26795 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26796 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26797 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26798 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26801 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26802 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26803 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26915 Windows Secure Channel Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-24550 Windows Telephony Server Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24543 Windows Upgrade Assistant Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-24474 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24542 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-26807 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-26909 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Moderate 8.3 No No EoP
CVE-2022-26912 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Moderate 8.3 No No EoP
CVE-2022-24523 Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate 4.3 No No EoP
CVE-2022-1129 * Chromium: Inappropriate implementation in Full Screen Mode High N/A No No RCE
CVE-2022-1128 * Chromium: Inappropriate implementation in Web Share API High N/A No No RCE
CVE-2022-1130 * Chromium: Insufficient validation of untrusted input in WebOTP High N/A No No RCE
CVE-2022-1134 * Chromium: Type Confusion in V8 High N/A No No RCE
CVE-2022-1232 * Chromium: Type Confusion in V8 High N/A No No RCE
CVE-2022-1131 * Chromium: Use after free in Cast UI High N/A No No RCE
CVE-2022-1125 * Chromium: Use after free in Portals High N/A No No RCE
CVE-2022-1127 * Chromium: Use after free in QR Code Generator High N/A No No RCE
CVE-2022-1133 * Chromium: Use after free in WebRTC High N/A No No RCE
CVE-2022-1143 * Chromium: Heap buffer overflow in WebUI Medium N/A No No RCE
CVE-2022-1139 * Chromium: Inappropriate implementation in Background Fetch API Medium N/A No No N/A
CVE-2022-1137 * Chromium: Inappropriate implementation in Extensions Medium N/A No No N/A
CVE-2022-1138 * Chromium: Inappropriate implementation in Web Cursor Medium N/A No No N/A
CVE-2022-1145 * Chromium: Use after free in Extensions Medium N/A No No RCE
CVE-2022-1135 * Chromium: Use after free in Shopping Cart Medium N/A No No RCE
CVE-2022-1136 * Chromium: Use after free in Tab Strip Medium N/A No No RCE
CVE-2022-1146 * Chromium: Inappropriate implementation in Resource Timing Low N/A No No EoP

Keep in mind that only one of the bugs is listed as under active exploit this month, even though experts expected that number to be higher.

The next Patch Tuesday rollout will be on May 10th, so don’t get too comfortable with the current state of affairs, as it might change sooner than you think.

Was this article helpful to you? Share your opinion in the comments section below.

This article covers:Topics: