Microsoft Super Patch Tuesday

Posted in: Microsoft 13/04/22

Yesterday Microsoft released 145 patches to resolve vulnerabilities in its software including 10 that are labelled “Critical”.

This unfortunately does not include the PrintNightmare zero-day vulnerability that allows attackers to gain administrative privileges on Windows devices which was accidentally made public. Ransomware gangs, like Vice Society and Conti, have used the bug in order to gain privileges on compromised devices.

Organisations are urged to Patch these issues as soon as possible.

For Those Interested

 

CVE Number Name of Vulnerability
CVE-2022-1125 Chromium: CVE-2022-1125 Use after free in Portals
CVE-2022-1127 Chromium: CVE-2022-1127 Use after free in QR Code Generator
CVE-2022-1128 Chromium: CVE-2022-1128 Inappropriate implementation in Web Share API
CVE-2022-1129 Chromium: CVE-2022-1129 Inappropriate implementation in Full-Screen Mode
CVE-2022-1130 Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTP
CVE-2022-1131 Chromium: CVE-2022-1131 Use after free in Cast UI
CVE-2022-1133 Chromium: CVE-2022-1133 Use after free in WebRTC
CVE-2022-1134 Chromium: CVE-2022-1134 Type Confusion in V8
CVE-2022-1135 Chromium: CVE-2022-1135 Use after free in Shopping Cart
CVE-2022-1136 Chromium: CVE-2022-1136 Use after free in Tab Strip
CVE-2022-1137 Chromium: CVE-2022-1137 Inappropriate implementation in Extensions
CVE-2022-1138 Chromium: CVE-2022-1138 Inappropriate implementation in Web Cursor
CVE-2022-1139 Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch API
CVE-2022-1143 Chromium: CVE-2022-1143 Heap buffer overflow in WebUI
CVE-2022-1145 Chromium: CVE-2022-1145 Use after free in Extensions
CVE-2022-1146 Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing
CVE-2022-1232 Chromium: CVE-2022-1232 Type Confusion in V8
CVE-2022-24475 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-24523 Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2022-26891 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-26894 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-26895 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-26900 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-26908 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-26909 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-26912 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Highlights

CVE-2022-24475 – Elevation of Privilege Vulnerability

An undisclosed defect in Microsoft’s Chromium-based Edge might allow a threat actor to remotely obtain higher privileges. The CVE, which received a Max Severity score of Important, has been fixed. CVE-2022-24475 affected machines running Chromium Version 100.0.4896.60 or lower.

CVE-2022-24523 – Spoofing Vulnerability

A defective Microsoft Edge component might allow a threat actor to run arbitrary code or obtain higher privileges by passing along forged packages to the user. The issue was labelled as fixed.

CVE-2022-26891 – Elevation of Privilege Vulnerability

A bugged component can be leveraged by a threat actor in order to obtain higher local machine privileges. The issue was fixed.

 

Patching can all be managed as part of your Managed Service Contract with IT Ambulance Ltd.

http://www.itambulance.co.uk

Can we help?

Book a no obligation phone consultation with one of our management team to discuss your IT support requirements.

BOOK A CONSULTATION

Related news

ALL NEWS

Last Call! 130% Tax Break on New IT kit.

For business, these have been a challenging couple of years and we now have 25% Corporation Tax to look forward to. However, there is a tax concession

Read more

Step One in Protecting Online Assets

Over and over again we see statistics that show that your biggest risk to your network security is a weak or predictable password. Once a Mal-Actor has

Read more
Start a conversation

Book a no obligation phone consultation with one of our management team to discuss your IT support requirements.