Security News > 2022 > April > Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities
The updates are in addition to 26 other flaws resolved by Microsoft in its Chromium-based Edge browser since the start of the month.
The actively exploited flaw relates to an elevation of privilege vulnerability in the Windows Common Log File System.
The second publicly-known zero-day flaw also concerns a case of privilege escalation in the Windows User Profile Service, successful exploitation of which "Requires an attacker to win a race condition."
Other critical flaws to note include a number of remote code execution flaws in RPC Runtime Library, Windows Network File System, Windows Server Service, Windows SMB, and Microsoft Dynamics 365.
Microsoft also patched as many as 18 flaws in Windows DNS Server, one information disclosure flaw and 17 remote code execution flaws, all of which were reported by security researcher Yuki Chen.
Also remediated are 15 privilege escalation flaws in the Windows Print Spooler component.
News URL
https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html
Related news
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues (source)
- What Is Inside Microsoft’s Major Windows 11 Update? (source)
- Microsoft warns of Windows 11 24H2 gaming performance issues (source)
- Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)