Microsoft Patch Tuesday, April 13, 2022
Date of Notice: 04/13/2022
Action Level - High
Description
Microsoft’s latest security update on Tuesday, April 12, 2022, contains 128 CVEs, with several that are either currently known to be exploited or were publicly known at the time of release.
Notably, CVE-2022-26809 is a potential RCE vulnerability that could be turned into a worm. It is rated as critical and affects all versions of Windows and Windows Server. Microsoft rates this vulnerability as ‘Exploitation More Likely’. This exploit would require TCP 445 to be reachable - blocking inbound access on this port could mitigate remote access, though exploitation via lateral movement would still be possible if the attacker gains a foothold on your internal network.
Another notable critical vulnerability is CVE-2022-24497, a potentially wormable bug that affects Windows devices with NFS enabled. As above, though NFS is not typically externally accessible by default, an attacker with a foothold on your network could potentially exploit this vulnerability without user interaction.
Overall, 10 of the CVEs in this cycle are rated Critical. One Important vulnerability is known to be exploited currently, and one other Important has been publicly disclosed.
Remediation
Ensure your devices are running current patches per vendor guidance. If you are unable to patch, review the Critical and Disclosed CVEs and explore their specific mitigation options. SANS has a consolidated list here.