Microsoft Patch Tuesday – April 2022

Request an audit

Patch Tuesday

Microsoft has released 120 updates for multiple products this month – including two for 0-day vulnerabilities – and 26 updates for Chromium-based Edge.

The most important patches are:

CVE-2022-24521 is a Privilege Escalation vulnerability in the Windows Common Log File System Driver. According to Microsoft this vulnerability is being actively exploited in the wild. CVSS 3.1: 7.8
CVE-2022-26904 is another Privilege Escalation vulnerability, in the Windows User Profile Service. CVSS 3.1: 7.0

Windows Autopatch

Microsoft will be releasing a new Windows feature for Enterprise customers called Autopatch. This feature will be added to Enterprise E3 versions of Windows 10 and 11; and will manage all aspects of deployment groups for Windows 10 and Windows 11 quality and feature updates, drivers, firmware, and Microsoft 365 Apps for enterprise updates.
We’re quite excited about this new Windows feature as it should alleviate the minor headaches of Patch Tuesday rollouts.

Affected Products

.NET Framework
Active Directory Domain Services
Azure SDK
Azure Site Recovery
LDAP – Lightweight Directory Access Protocol
Microsoft Bluetooth Driver
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Local Security Authority Server (lsasrv)
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Windows ALPC
Microsoft Windows Codecs Library
Microsoft Windows Media Foundation
Power BI
Role: DNS Server
Role: Windows Hyper-V
Skype for Business
Visual Studio
Visual Studio Code
Windows Ancillary Function Driver for WinSock
Windows App Store
Windows AppX Package Manager
Windows Cluster Client Failover
Windows Cluster Shared Volume (CSV)
Windows Common Log File System Driver
Windows Defender
Windows DWM Core Library
Windows Endpoint Configuration Manager
Windows Fax Compose Form
Windows Feedback Hub
Windows File Explorer
Windows File Server
Windows Installer
Windows iSCSI Target Service
Windows Kerberos
Windows Kernel
Windows Local Security Authority Subsystem Service
Windows Media
Windows Network File System
Windows PowerShell
Windows Print Spooler Components
Windows RDP
Windows Remote Procedure Call Runtime
Windows schannel
Windows SMB
Windows Telephony Server
Windows Upgrade Assistant
Windows User Profile Service
Windows Win32K
Windows Work Folder Service
YARP reverse proxy

Services

IT security assessment

Security & network assessment

Ethical hacking

OT/IoT security assessment

Red & Blue Teaming

M365 assessment

Governance

Decision tree

GDPR assessment

ISO 27k assessment

Social engineering

Cybersecurity maturity assessment

Networking

Security & network assessment

OT/IoT network assessment

Identify

Managed services

Network Operations Centre (NOC)

Security Operations Centre (SOC)

Network as a Service (NaaS)

Security Governance

UBA

Governance

Chief Information Security Officer (CISO)

Information Security Officer (ISO)

Social engineering

Security awareness training

Information Protection & Governance

Security & networking optimization

High-level design

Wireless/wired networking

Network Virtualisation & Automation (SDN)

SD-WAN

Endpoint security

Prevent & protect

Managed services

Security Operations Center (SOC)

CSIRT

Network Operations Centre (NOC)

Network as a Service (NaaS)

Endpoint Detection & Response

Governance

Chief Information Security Officer (CISO)

Data Protection Officer (DPO)

Detect & respond

Managed services

Network Operations Centre (NOC)

Security Operations Centre (SOC)

Network as a Service (NaaS)

CISO as a Service

DPO as a Service

Governance

Chief Information Security Officer (CISO)

Data Protection Officer (DPO)

Recover

Microsoft Patch Tuesday – April 2022

Patch Tuesday

Windows Autopatch

Affected Products

Ready to discuss your security needs?