Microsoft’s Patch Tuesday has much to offer this month, with a grand total of 117 new vulnerabilities being patched separated between 9 critical and 108 important. While the vulnerability total is relatively high to what we have seen in recent months only 1 vulnerability has been publicly disclosed and 1 reported to be exploited in the wild.
This important vulnerability with a CVSS of 7.8 has been reported by Microsoft to be seen in the wild. Windows CLFS is a general-purpose logging service that logs user and kernel mode actions. By exploiting the Windows CLFS driver hackers can elevate their privilege allowing the execution of arbitrary code in kernel mode avoiding any security restrictions in place.
Windows user profile service is a shared service in SharePoint Server that allows the creation and administration of user profiles that can be accessed from multiple locations. This important vulnerability has been publicly disclosed offering a CVSS of 7.0 and would allow a hacker to execute arbitrary code at a higher privilege to get access to more resources. This attack is of a high complexity and is considered to be less likely to occur.
RPC allows a client to request a service from a program located on a server, Microsoft has identified and patched a Critical vulnerability with this service. Exploiting RPC would allow for a hacker to execute arbitrary code on a target allowing for the potential of data theft, implanting malware or total system takeover. This vulnerability has a CVSS of 9.8 making it an extremely dangerous vulnerability to be exploited.
A notice has been issued with this update, any systems running Windows 10 version 20H2 will reach the end of life on 10th May 2022. All users are advised to update to the latest version to avoid being at risk.
For a full list of this month’s updates please see the links below:
Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2022-Apr
Security update guide: https://msrc.microsoft.com/update-guide/
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
