Microsoft fixes 2 Windows Zero-Days and 126 other flaws

At Microsoft's monthly Patch Tuesday updates in April, 128 security flaws were patched across a wide range of its software products such as Windows and Defender as well as Exchange Server and Visual Studio as well as Print Spooler.

Of the 128 bugs fixed, 10 are deemed Critical, 115 are deemed Important, and three are deemed Moderately Severe, with one flaw being publicly known and another being actively attacked at the time of the release's announcement.

Since the beginning of the month, Microsoft has fixed 26 flaws in its Chromium-based Edge browser.

A vulnerability in the Windows Common Log File System (CVE-2022-24521, CVSS score: 7.8) is being actively exploited (CLFS). Researchers Adam Podlosky and Amir Bazine of CrowdStrike and the US National Security Agency (NSA) are credited with bringing attention to the flaw.

Second, a case of privilege escalation in the Windows User Profile Service has been publicly disclosed (CVE-2022-26904, CVSS score: 7.0). Successful exploitation of this vulnerability "requires an attacker to win a race condition."

Microsoft Dynamics 365, RPC Runtime Library, Windows Network File System (CVE-2022-24491 and CVE-2022-24497) and Microsoft SMB are among the other critical flaws that have been discovered in recent months (CVE-2022-23259).

Security researcher Yuki Chen discovered and reported a total of 18 vulnerabilities in Windows DNS Server, including 1 information disclosure and 17 remote code execution flaws. The Windows Print Spooler component has also been fixed for 15 privilege escalation flaws.

As recently as last week, Microsoft announced plans to roll out AutoPatch, a feature that will allow businesses to apply security fixes in a timely manner, but with an emphasis on stability and scale.

Other Vendors' Software Patches

Several other vendors have also released security updates to fix a number of vulnerabilities, including Microsoft.

1. Adobe
2. Android
3. Apache Struts 2
4. Cisco Systems
5. Citrix
6. Dell
7. Google Chrome
8. HP Teradici PCoIP Client
9. Juniper Networks
10. Linux distributions Oracle Linux, Red Hat, and SUSE
11. Mozilla Firefox, Firefox ESR, and Thunderbird
12. SAP
13. Schneider Electric
14. Siemens
15. VMware