Patch Tuesday comes with a whole host of vulnerabilities this month – don’t get caught in the rain!
A critical flaw being tracked as CVE-2022-26809 that affects SMB could allow remote code execution (RCE) and is self propagating. While you shouldn’t have SMB open externally (you don’t, right?) this is just the type of exploit an attacker would be looking for to move laterally through your environment.
Additionally, a Zero-Day (CVE-2022-24521) Windows Common Log File System Driver Execution Vulnerability was reported to Microsoft by the NSA, and is being exploited in the wild. A second involving the Windows User Profile Service (CVE-2022-26904) was also announced. Both of these allow privilege escalation.
Also included in the 128 security vulnerabilities are some RCE exploits, and vulnerabilities impacting Dynamics 365, Hyper-V, LDAP and Windows Server. So get patching!
https://threatpost.com/microsoft-zero-days-wormable-bugs/179273/
https://www.tenable.com/blog/microsofts-april-2022-patch-tuesday-addresses-117-cves-cve-2022-24521
