Security News > 2022 > April > Microsoft Zero-Days, Wormable Bugs Spark Concern
Microsoft has released patches for 128 security vulnerabilities for its April 2022 monthly scheduled update - ten of them rated critical.
It's listed as a "Windows Common Log File System Driver Execution Vulnerability," and was reported to Microsoft by the National Security Agency.
Even though it's listed as exploitation more likely, it has a high attack complexity, Microsoft noted in its advisory, because "Successful exploitation of this vulnerability requires an attacker to win a race condition."
Out of the critical flaws, all of which allow remote code-execution, researchers flagged a bug that could allow for self-propagating exploits as being of the most concern.
Microsoft recommends configuring firewall rules to help prevent this vulnerability from being exploited; the static port used can be blocked at the network perimeter.
"The first is that dynamic updates must be enabled for a server to be affected by this bug. The CVSS also lists some level of privileges to exploit. Still, any chance of an attacker getting RCE on a DNS server is one too many, so get your DNS servers patched."
News URL
https://threatpost.com/microsoft-zero-days-wormable-bugs/179273/
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)