Windows 11 Fails to Make Headway.
Windows Computers make up 76% of the worlds computing technology compared to only 15.7% from the next biggest competitor OSX. Windows 11 has been on general release
Read more
Book a Free Consultation
A 15 minute phone consultation is the perfect way to discover how IT Ambulance can help your business. Complete the form below and we’ll get back to you to arrange your call.
This form collects your details so that we can arrange your consultation. You can view our privacy notice for the full story on how we protect and manage submitted data.
Microsoft Super Patch Tuesday
Posted in: Microsoft
13/04/22
Yesterday Microsoft released 145 patches to resolve vulnerabilities in its software including 10 that are labelled “Critical”.
This unfortunately does not include the PrintNightmare zero-day vulnerability that allows attackers to gain administrative privileges on Windows devices which was accidentally made public. Ransomware gangs, like Vice Society and Conti, have used the bug in order to gain privileges on compromised devices.
Organisations are urged to Patch these issues as soon as possible.
For Those Interested
| CVE Number | Name of Vulnerability |
|---|---|
| CVE-2022-1125 | Chromium: CVE-2022-1125 Use after free in Portals |
| CVE-2022-1127 | Chromium: CVE-2022-1127 Use after free in QR Code Generator |
| CVE-2022-1128 | Chromium: CVE-2022-1128 Inappropriate implementation in Web Share API |
| CVE-2022-1129 | Chromium: CVE-2022-1129 Inappropriate implementation in Full-Screen Mode |
| CVE-2022-1130 | Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTP |
| CVE-2022-1131 | Chromium: CVE-2022-1131 Use after free in Cast UI |
| CVE-2022-1133 | Chromium: CVE-2022-1133 Use after free in WebRTC |
| CVE-2022-1134 | Chromium: CVE-2022-1134 Type Confusion in V8 |
| CVE-2022-1135 | Chromium: CVE-2022-1135 Use after free in Shopping Cart |
| CVE-2022-1136 | Chromium: CVE-2022-1136 Use after free in Tab Strip |
| CVE-2022-1137 | Chromium: CVE-2022-1137 Inappropriate implementation in Extensions |
| CVE-2022-1138 | Chromium: CVE-2022-1138 Inappropriate implementation in Web Cursor |
| CVE-2022-1139 | Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch API |
| CVE-2022-1143 | Chromium: CVE-2022-1143 Heap buffer overflow in WebUI |
| CVE-2022-1145 | Chromium: CVE-2022-1145 Use after free in Extensions |
| CVE-2022-1146 | Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing |
| CVE-2022-1232 | Chromium: CVE-2022-1232 Type Confusion in V8 |
| CVE-2022-24475 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-24523 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2022-26891 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-26894 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-26895 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-26900 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-26908 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-26909 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-26912 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
Highlights
CVE-2022-24475 – Elevation of Privilege Vulnerability
An undisclosed defect in Microsoft’s Chromium-based Edge might allow a threat actor to remotely obtain higher privileges. The CVE, which received a Max Severity score of Important, has been fixed. CVE-2022-24475 affected machines running Chromium Version 100.0.4896.60 or lower.
CVE-2022-24523 – Spoofing Vulnerability
A defective Microsoft Edge component might allow a threat actor to run arbitrary code or obtain higher privileges by passing along forged packages to the user. The issue was labelled as fixed.
CVE-2022-26891 – Elevation of Privilege Vulnerability
A bugged component can be leveraged by a threat actor in order to obtain higher local machine privileges. The issue was fixed.
Patching can all be managed as part of your Managed Service Contract with IT Ambulance Ltd.
Can we help?
Book a no obligation phone consultation with one of our management team to discuss your IT support requirements.
BOOK A CONSULTATIONStart a conversation
Book a no obligation phone consultation with one of our management team to discuss your IT support requirements.