Microsoft Patch Tuesday April 2022 addressed two zero-day vulnerabilities

Threat Level – Amber | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file hereMicrosoft addressed 128 vulnerabilities in there April patch Tuesday update. Two of them have been categorized as zero-day vulnerabilities. One of the two zero-days is exploited-in-the-wild as well.

The vulnerability, CVE-2022-24521, has been exploited in the wild. By exploiting this flaw in the Windows Common Log File System (CLFS) driver, an attacker can escalate privileges.  The second zero-day is CVE-2022-26904, which is discovered in the Windows User Profile Service also permits the escalation of privileges. Despite being listed as more likely to be exploited, it has a high attack complexity, and successful exploitation requires an attacker to win a race condition.

Organizations have advised the patch all these vulnerabilities as soon as possible to avoid exploitation.

Potential MITRE ATT&CK TTPs are:

TA0042: Resource Development

T1588: Obtain Capabilities

T1588.006: Obtain Capabilities: Vulnerabilities

TA0001: Initial Access

T1190: Exploit Public-Facing Application

TA0004: Privilege Escalation

T1068: Exploitation for Privilege Escalation

Vulnerability Detail

Patch Links

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox