– Microsoft has released over 117 security fixes for this month's April 2022 release. Besides the usual security fixes, there were two zero days of note and they are:
CVE-2022-26904: This known zero-day flaw impacts the Windows User Profile Service. This is an EoP (elevation of privilege) vulnerability. However, exploitation has not been seen in wild and requires a race condition to successfully exploit. This has a CVSS score of 7.0.
CVE-2022-24521: This bug is another EoP issue found in Windows Common Log File System (CLFS) Driver. This bug has been reported by Microsoft as being actively exploited in the wild. This vulnerability was reported by the NSA and Crowdstrike to Microsoft after being observed to have been used in active attacks. This has a CVSS score of 7.8.
This is significant as CVE-2022-24521 was exploited as a 0-day in the wild. Exploiting CVE-2022-24521 provides elevated privileges to an attacker, and as such the security bug was likely leveraged in conjunction with an unspecified code execution vulnerability
Managed IT services TucsonLive Wedding Bands Los AngelesBest Wedding Music Bands in Los AngelesBest Live Wedding Bands in Pebble Beach for WeddingsBest Live Wedding Bands for WeddingsTucson Managed IT ServicesManaged IT services Tucson
Microsoft Patch Tuesday 0-day Escalation of Privilege Vulnerability (CVE-2022-24521)
-
MikePeller
- Site Admin
- Posts: 124
- Joined: Fri Dec 02, 2005 9:39 am
- Location: Tucson
- Contact: