The 2022 April Patch Tuesday comes with fixes for 128 CVEs

Editor-in-Chief

Passionate about technology, Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world. Coming from a solid background in PC... Read more

Updated: Apr 13, 2022

Posted: April 2020

384

A pretty busy month for a Microsoft Patch Tuesday release, with 128 CVEs.
Out of all the CVEs, 10 are rated Critical, 115 Important, and 3 Moderate.
We've included each and everyone in this article, with direct links as well.

It’s April already and everyone is looking towards Microsoft, in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve already provided the direct download links for the cumulative updates released today for Windows 10 and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again.

This month, the Redmond tech giant released 128 new patches, which is a lot more than some people were expecting right before Easter.

These software updates address CVEs in:

Microsoft Windows and Windows Components
Microsoft Defender and Defender for Endpoint
Microsoft Dynamics, Microsoft Edge (Chromium-based)
Exchange Server
Office and Office Components
SharePoint Server
Windows Hyper-V
DNS Server
Skype for Business
.NET and Visual Studio
Windows App Store
Windows Print Spooler Components

Before we get into a more in-depth analysis, note that all this is in addition to the 17 CVEs released for the Chromium Open-Source Software (OSS) by Microsoft Edge (Chromium-based).

128 CVEs were identified and dealt with this month

Indeed, this was a pretty busy month for Microsoft security experts. You might like to know that, out the 128 new CVEs released, 10 are rated Critical, 115 are rated Important, and three are rated Moderate in severity.

CVE	Title	Severity	CVSS	Public	Exploited	Type
CVE-2022-24521	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Important	7.8	No	Yes	EoP
CVE-2022-26904	Windows User Profile Service Elevation of Privilege Vulnerability	Important	7	Yes	No	EoP
CVE-2022-23259	Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability	Critical	8.8	No	No	RCE
CVE-2022-26809	RPC Runtime Library Remote Code Execution Vulnerability	Critical	9.8	No	No	RCE
CVE-2022-22008	Windows Hyper-V Remote Code Execution Vulnerability	Critical	7.7	No	No	RCE
CVE-2022-23257	Windows Hyper-V Remote Code Execution Vulnerability	Critical	8.6	No	No	RCE
CVE-2022-24537	Windows Hyper-V Remote Code Execution Vulnerability	Critical	7.7	No	No	RCE
CVE-2022-26919	Windows LDAP Remote Code Execution Vulnerability	Critical	8.1	No	No	RCE
CVE-2022-24491	Windows Network File System Remote Code Execution Vulnerability	Critical	9.8	No	No	RCE
CVE-2022-24497	Windows Network File System Remote Code Execution Vulnerability	Critical	9.8	No	No	RCE
CVE-2022-24541	Windows Server Service Remote Code Execution Vulnerability	Critical	8.8	No	No	RCE
CVE-2022-24500	Windows SMB Remote Code Execution Vulnerability	Critical	8.8	No	No	RCE
CVE-2022-26832	.NET Framework Denial of Service Vulnerability	Important	7.5	No	No	DoS
CVE-2022-26907	Azure SDK for .NET Information Disclosure Vulnerability	Important	5.3	No	No	Info
CVE-2022-26896	Azure Site Recovery Elevation of Privilege Vulnerability	Important	4.9	No	No	EoP
CVE-2022-26897	Azure Site Recovery Elevation of Privilege Vulnerability	Important	4.9	No	No	EoP
CVE-2022-26898	Azure Site Recovery Remote Code Execution Vulnerability	Important	7.2	No	No	RCE
CVE-2022-24489	Cluster Client Failover (CCF) Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24479	Connected User Experiences and Telemetry Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26830	DiskUsage.exe Remote Code Execution Vulnerability	Important	7.5	No	No	RCE
CVE-2022-24767	GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account	Important	Unknown	No	No	EoP
CVE-2022-24765	GitHub: Uncontrolled search for the Git directory in Git for Windows	Important	Unknown	No	No	EoP
CVE-2022-24532	HEVC Video Extensions Remote Code Execution Vulnerability	Important	7.8	No	No	RCE
CVE-2022-24496	Local Security Authority (LSA) Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24548	Microsoft Defender Denial of Service Vulnerability	Important	5.5	No	No	DoS
CVE-2022-24475	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	Important	8.3	No	No	EoP
CVE-2022-26891	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	Important	8.3	No	No	EoP
CVE-2022-26894	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	Important	8.3	No	No	EoP
CVE-2022-26895	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	Important	8.3	No	No	EoP
CVE-2022-26900	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	Important	8.3	No	No	EoP
CVE-2022-26908	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	Important	8.3	No	No	EoP
CVE-2022-24473	Microsoft Excel Remote Code Execution Vulnerability	Important	7.8	No	No	RCE
CVE-2022-26901	Microsoft Excel Remote Code Execution Vulnerability	Important	7.8	No	No	RCE
CVE-2022-26924	YARP Denial of Service Vulnerability	Important	7.5	No	No	DoS
CVE-2022-24493	Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability	Important	5.5	No	No	Info
CVE-2022-23292	Microsoft Power BI Spoofing Vulnerability	Important	7.1	No	No	Spoofing
CVE-2022-24472	Microsoft SharePoint Server Spoofing Vulnerability	Important	8	No	No	Spoofing
CVE-2022-26788	PowerShell Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24533	Remote Desktop Protocol Remote Code Execution Vulnerability	Important	8	No	No	RCE
CVE-2022-24492	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important	8.8	No	No	RCE
CVE-2022-24528	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important	8.8	No	No	RCE
CVE-2022-26910	Skype for Business and Lync Spoofing Vulnerability	Important	5.3	No	No	Spoofing
CVE-2022-26911	Skype for Business Information Disclosure Vulnerability	Important	6.5	No	No	Info
CVE-2022-26921	Visual Studio Code Elevation of Privilege Vulnerability	Important	Unknown	No	No	EoP
CVE-2022-24513	Visual Studio Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24485	Win32 File Enumeration Remote Code Execution Vulnerability	Important	7.5	No	No	RCE
CVE-2022-21983	Win32 Stream Enumeration Remote Code Execution Vulnerability	Important	7.5	No	No	RCE
CVE-2022-24534	Win32 Stream Enumeration Remote Code Execution Vulnerability	Important	7.5	No	No	RCE
CVE-2022-26914	Win32k Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24482	Windows ALPC Elevation of Privilege Vulnerability	Important	7	No	No	EoP
CVE-2022-24540	Windows ALPC Elevation of Privilege Vulnerability	Important	7	No	No	EoP
CVE-2022-24494	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24549	Windows AppX Package Manager Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26828	Windows Bluetooth Driver Elevation of Privilege Vulnerability	Important	7	No	No	EoP
CVE-2022-24484	Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability	Important	5.5	No	No	DoS
CVE-2022-24538	Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability	Important	6.5	No	No	DoS
CVE-2022-26784	Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability	Important	6.5	No	No	DoS
CVE-2022-24481	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24488	Windows Desktop Bridge Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24547	Windows Digital Media Receiver Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24495	Windows Direct Show – Remote Code Execution Vulnerability	Important	7	No	No	RCE
CVE-2022-26816	Windows DNS Server Information Disclosure Vulnerability	Important	4.9	No	No	Info
CVE-2022-24536	Windows DNS Server Remote Code Execution Vulnerability	Important	7.2	No	No	RCE
CVE-2022-26811	Windows DNS Server Remote Code Execution Vulnerability	Important	7.2	No	No	RCE
CVE-2022-26812	Windows DNS Server Remote Code Execution Vulnerability	Important	6.7	No	No	RCE
CVE-2022-26813	Windows DNS Server Remote Code Execution Vulnerability	Important	7.2	No	No	RCE
CVE-2022-26814	Windows DNS Server Remote Code Execution Vulnerability	Important	7.5	No	No	RCE
CVE-2022-26815	Windows DNS Server Remote Code Execution Vulnerability	Important	8.8	No	No	RCE
CVE-2022-26817	Windows DNS Server Remote Code Execution Vulnerability	Important	7.5	No	No	RCE
CVE-2022-26818	Windows DNS Server Remote Code Execution Vulnerability	Important	7.5	No	No	RCE
CVE-2022-26819	Windows DNS Server Remote Code Execution Vulnerability	Important	6.6	No	No	RCE
CVE-2022-26820	Windows DNS Server Remote Code Execution Vulnerability	Important	6.6	No	No	RCE
CVE-2022-26821	Windows DNS Server Remote Code Execution Vulnerability	Important	6.6	No	No	RCE
CVE-2022-26822	Windows DNS Server Remote Code Execution Vulnerability	Important	6.6	No	No	RCE
CVE-2022-26823	Windows DNS Server Remote Code Execution Vulnerability	Important	7.2	No	No	RCE
CVE-2022-26824	Windows DNS Server Remote Code Execution Vulnerability	Important	7.2	No	No	RCE
CVE-2022-26825	Windows DNS Server Remote Code Execution Vulnerability	Important	7.2	No	No	RCE
CVE-2022-26826	Windows DNS Server Remote Code Execution Vulnerability	Important	7.2	No	No	RCE
CVE-2022-26829	Windows DNS Server Remote Code Execution Vulnerability	Important	7.5	No	No	RCE
CVE-2022-24546	Windows DWM Core Library Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24527	Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26916	Windows Fax Compose Form Remote Code Execution Vulnerability	Important	7.8	No	No	RCE
CVE-2022-26917	Windows Fax Compose Form Remote Code Execution Vulnerability	Important	7.8	No	No	RCE
CVE-2022-26918	Windows Fax Compose Form Remote Code Execution Vulnerability	Important	7.8	No	No	RCE
CVE-2022-26808	Windows File Explorer Elevation of Privilege Vulnerability	Important	7	No	No	EoP
CVE-2022-26810	Windows File Server Resource Management Service Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26827	Windows File Server Resource Management Service Elevation of Privilege Vulnerability	Important	7	No	No	EoP
CVE-2022-26920	Windows Graphics Component Information Disclosure Vulnerability	Important	5.5	No	No	Info
CVE-2022-26903	Windows Graphics Component Remote Code Execution Vulnerability	Important	7.8	No	No	RCE
CVE-2022-23268	Windows Hyper-V Denial of Service Vulnerability	Important	6.5	No	No	DoS
CVE-2022-22009	Windows Hyper-V Remote Code Execution Vulnerability	Important	7.7	No	No	RCE
CVE-2022-24490	Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability	Important	8.1	No	No	Info
CVE-2022-24539	Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability	Important	8.1	No	No	Info
CVE-2022-26783	Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability	Important	6.5	No	No	Info
CVE-2022-26785	Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability	Important	6.5	No	No	Info
CVE-2022-24499	Windows Installer Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24530	Windows Installer Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24498	Windows iSCSI Target Service Information Disclosure Vulnerability	Important	6.5	No	No	Info
CVE-2022-24486	Windows Kerberos Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24544	Windows Kerberos Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24545	Windows Kerberos Remote Code Execution Vulnerability	Important	8.1	No	No	RCE
CVE-2022-24483	Windows Kernel Information Disclosure Vulnerability	Important	5.5	No	No	Info
CVE-2022-26831	Windows LDAP Denial of Service Vulnerability	Important	7.5	No	No	DoS
CVE-2022-24487	Windows Local Security Authority (LSA) Remote Code Execution Vulnerability	Important	8.8	No	No	RCE
CVE-2022-26786	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26787	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26789	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26790	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26791	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26792	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26793	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26794	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26795	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26796	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26797	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26798	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26801	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26802	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26803	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26915	Windows Secure Channel Denial of Service Vulnerability	Important	7.5	No	No	DoS
CVE-2022-24550	Windows Telephony Server Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24543	Windows Upgrade Assistant Remote Code Execution Vulnerability	Important	7.8	No	No	RCE
CVE-2022-24474	Windows Win32k Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-24542	Windows Win32k Elevation of Privilege Vulnerability	Important	7.8	No	No	EoP
CVE-2022-26807	Windows Work Folder Service Elevation of Privilege Vulnerability	Important	7	No	No	EoP
CVE-2022-26909	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	Moderate	8.3	No	No	EoP
CVE-2022-26912	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	Moderate	8.3	No	No	EoP
CVE-2022-24523	Microsoft Edge (Chromium-based) Spoofing Vulnerability	Moderate	4.3	No	No	EoP
CVE-2022-1129 *	Chromium: Inappropriate implementation in Full Screen Mode	High	N/A	No	No	RCE
CVE-2022-1128 *	Chromium: Inappropriate implementation in Web Share API	High	N/A	No	No	RCE
CVE-2022-1130 *	Chromium: Insufficient validation of untrusted input in WebOTP	High	N/A	No	No	RCE
CVE-2022-1134 *	Chromium: Type Confusion in V8	High	N/A	No	No	RCE
CVE-2022-1232 *	Chromium: Type Confusion in V8	High	N/A	No	No	RCE
CVE-2022-1131 *	Chromium: Use after free in Cast UI	High	N/A	No	No	RCE
CVE-2022-1125 *	Chromium: Use after free in Portals	High	N/A	No	No	RCE
CVE-2022-1127 *	Chromium: Use after free in QR Code Generator	High	N/A	No	No	RCE
CVE-2022-1133 *	Chromium: Use after free in WebRTC	High	N/A	No	No	RCE
CVE-2022-1143 *	Chromium: Heap buffer overflow in WebUI	Medium	N/A	No	No	RCE
CVE-2022-1139 *	Chromium: Inappropriate implementation in Background Fetch API	Medium	N/A	No	No	N/A
CVE-2022-1137 *	Chromium: Inappropriate implementation in Extensions	Medium	N/A	No	No	N/A
CVE-2022-1138 *	Chromium: Inappropriate implementation in Web Cursor	Medium	N/A	No	No	N/A
CVE-2022-1145 *	Chromium: Use after free in Extensions	Medium	N/A	No	No	RCE
CVE-2022-1135 *	Chromium: Use after free in Shopping Cart	Medium	N/A	No	No	RCE
CVE-2022-1136 *	Chromium: Use after free in Tab Strip	Medium	N/A	No	No	RCE
CVE-2022-1146 *	Chromium: Inappropriate implementation in Resource Timing	Low	N/A	No	No	EoP

Keep in mind that only one of the bugs is listed as under active exploit this month, even though experts expected that number to be higher.

The next Patch Tuesday rollout will be on May 10th, so don’t get too comfortable with the current state of affairs, as it might change sooner than you think.

Was this article helpful to you? Share your opinion in the comments section below.

Was this page helpful?

Start a conversation

comments

128 CVEs were identified and dealt with this month

Leave a Reply Cancel reply

Newsletter

More on this Topic