W dzisiejszej aktualizacji w ramach kwietniowego „Patch Tuesday” firma Microsoft naprawiła 119 luk (nie wliczając 26 luk w Microsoft Edge), z których dziesięć zostało sklasyfikowanych jako krytyczne, ponieważ umożliwiają zdalne wykonanie kodu.
Poniżej znajduje się pełna lista usuniętych luk w zabezpieczeniach i wydanych porad we wtorkowych aktualizacjach łatki z kwietnia 2022 r.
Tag | CVE | CVE Title | krytyczność |
.NET Framework | CVE-2022-26832 | .NET Framework Denial of Service Vulnerability | Important |
Active Directory Domain Services | CVE-2022-26814 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Active Directory Domain Services | CVE-2022-26817 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Azure SDK | CVE-2022-26907 | Azure SDK for .NET Information Disclosure Vulnerability | Important |
Azure Site Recovery | CVE-2022-26898 | Azure Site Recovery Remote Code Execution Vulnerability | Important |
Azure Site Recovery | CVE-2022-26897 | Azure Site Recovery Information Disclosure Vulnerability | Important |
Azure Site Recovery | CVE-2022-26896 | Azure Site Recovery Information Disclosure Vulnerability | Important |
LDAP – Lightweight Directory Access Protocol | CVE-2022-26831 | Windows LDAP Denial of Service Vulnerability | Important |
LDAP – Lightweight Directory Access Protocol | CVE-2022-26919 | Windows LDAP Remote Code Execution Vulnerability | Critical |
Microsoft Bluetooth Driver | CVE-2022-26828 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
Microsoft Dynamics | CVE-2022-23259 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Critical |
Microsoft Edge (Chromium-based) | CVE-2022-26909 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Moderate |
Microsoft Edge (Chromium-based) | CVE-2022-1139 | Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch API | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-26912 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Moderate |
Microsoft Edge (Chromium-based) | CVE-2022-26908 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2022-1146 | Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-26895 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2022-26900 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2022-26894 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2022-1232 | Chromium: CVE-2022-1232 Type Confusion in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-26891 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2022-1125 | Chromium: CVE-2022-1125 Use after free in Portals | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-1136 | Chromium: CVE-2022-1136 Use after free in Tab Strip | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-24475 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2022-1145 | Chromium: CVE-2022-1145 Use after free in Extensions | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-1135 | Chromium: CVE-2022-1135 Use after free in Shopping Cart | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-1138 | Chromium: CVE-2022-1138 Inappropriate implementation in Web Cursor | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-1143 | Chromium: CVE-2022-1143 Heap buffer overflow in WebUI | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-24523 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Moderate |
Microsoft Edge (Chromium-based) | CVE-2022-1137 | Chromium: CVE-2022-1137 Inappropriate implementation in Extensions | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-1134 | Chromium: CVE-2022-1134 Type Confusion in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-1127 | Chromium: CVE-2022-1127 Use after free in QR Code Generator | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-1128 | Chromium: CVE-2022-1128 Inappropriate implementation in Web Share API | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-1133 | Chromium: CVE-2022-1133 Use after free in WebRTC | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-1130 | Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTP | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-1129 | Chromium: CVE-2022-1129 Inappropriate implementation in Full Screen Mode | Unknown |
Microsoft Edge (Chromium-based) | CVE-2022-1131 | Chromium: CVE-2022-1131 Use after free in Cast UI | Unknown |
Microsoft Graphics Component | CVE-2022-26920 | Windows Graphics Component Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2022-26903 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
Microsoft Local Security Authority Server (lsasrv) | CVE-2022-24493 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | Important |
Microsoft Office Excel | CVE-2022-24473 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2022-26901 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2022-24472 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
Microsoft Windows ALPC | CVE-2022-24482 | Windows ALPC Elevation of Privilege Vulnerability | Important |
Microsoft Windows ALPC | CVE-2022-24540 | Windows ALPC Elevation of Privilege Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2022-24532 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
Microsoft Windows Media Foundation | CVE-2022-24495 | Windows Direct Show – Remote Code Execution Vulnerability | Important |
Power BI | CVE-2022-23292 | Microsoft Power BI Spoofing Vulnerability | Important |
Role: DNS Server | CVE-2022-26815 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26816 | Windows DNS Server Information Disclosure Vulnerability | Important |
Role: DNS Server | CVE-2022-24536 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26824 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26823 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26822 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26829 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26826 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26825 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26821 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26820 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26813 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26818 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26819 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26811 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2022-26812 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: Windows Hyper-V | CVE-2022-22008 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
Role: Windows Hyper-V | CVE-2022-24490 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | Important |
Role: Windows Hyper-V | CVE-2022-24539 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | Important |
Role: Windows Hyper-V | CVE-2022-26785 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | Important |
Role: Windows Hyper-V | CVE-2022-26783 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | Important |
Role: Windows Hyper-V | CVE-2022-24537 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
Role: Windows Hyper-V | CVE-2022-23268 | Windows Hyper-V Denial of Service Vulnerability | Important |
Role: Windows Hyper-V | CVE-2022-23257 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
Role: Windows Hyper-V | CVE-2022-22009 | Windows Hyper-V Remote Code Execution Vulnerability | Important |
Skype for Business | CVE-2022-26911 | Skype for Business Information Disclosure Vulnerability | Important |
Skype for Business | CVE-2022-26910 | Skype for Business and Lync Spoofing Vulnerability | Important |
Visual Studio | CVE-2022-24767 | GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account | Important |
Visual Studio | CVE-2022-24765 | GitHub: Uncontrolled search for the Git directory in Git for Windows | Important |
Visual Studio | CVE-2022-24513 | Visual Studio Elevation of Privilege Vulnerability | Important |
Visual Studio Code | CVE-2022-26921 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
Windows Ancillary Function Driver for WinSock | CVE-2022-24494 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
Windows App Store | CVE-2022-24488 | Windows Desktop Bridge Elevation of Privilege Vulnerability | Important |
Windows AppX Package Manager | CVE-2022-24549 | Windows AppX Package Manager Elevation of Privilege Vulnerability | Important |
Windows Cluster Client Failover | CVE-2022-24489 | Cluster Client Failover (CCF) Elevation of Privilege Vulnerability | Important |
Windows Cluster Shared Volume (CSV) | CVE-2022-24538 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | Important |
Windows Cluster Shared Volume (CSV) | CVE-2022-26784 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | Important |
Windows Cluster Shared Volume (CSV) | CVE-2022-24484 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | Important |
Windows Common Log File System Driver | CVE-2022-24521 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Common Log File System Driver | CVE-2022-24481 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Defender | CVE-2022-24548 | Microsoft Defender Denial of Service Vulnerability | Important |
Windows DWM Core Library | CVE-2022-24546 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
Windows Endpoint Configuration Manager | CVE-2022-24527 | Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability | Important |
Windows Fax Compose Form | CVE-2022-26917 | Windows Fax Compose Form Remote Code Execution Vulnerability | Important |
Windows Fax Compose Form | CVE-2022-26916 | Windows Fax Compose Form Remote Code Execution Vulnerability | Important |
Windows Fax Compose Form | CVE-2022-26918 | Windows Fax Compose Form Remote Code Execution Vulnerability | Important |
Windows Feedback Hub | CVE-2022-24479 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | Important |
Windows File Explorer | CVE-2022-26808 | Windows File Explorer Elevation of Privilege Vulnerability | Important |
Windows File Server | CVE-2022-26827 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | Important |
Windows File Server | CVE-2022-26810 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2022-24499 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2022-24530 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows iSCSI Target Service | CVE-2022-24498 | Windows iSCSI Target Service Information Disclosure Vulnerability | Important |
Windows Kerberos | CVE-2022-24545 | Windows Kerberos Remote Code Execution Vulnerability | Important |
Windows Kerberos | CVE-2022-24486 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
Windows Kerberos | CVE-2022-24544 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2022-24483 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Local Security Authority Subsystem Service | CVE-2022-24487 | Windows Local Security Authority (LSA) Remote Code Execution Vulnerability | Important |
Windows Local Security Authority Subsystem Service | CVE-2022-24496 | Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important |
Windows Media | CVE-2022-24547 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | Important |
Windows Network File System | CVE-2022-24491 | Windows Network File System Remote Code Execution Vulnerability | Critical |
Windows Network File System | CVE-2022-24497 | Windows Network File System Remote Code Execution Vulnerability | Critical |
Windows PowerShell | CVE-2022-26788 | PowerShell Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26789 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26787 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26786 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26796 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26790 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26803 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26802 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26794 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26795 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26797 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26798 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26791 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26801 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26793 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2022-26792 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows RDP | CVE-2022-24533 | Remote Desktop Protocol Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2022-26809 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call Runtime | CVE-2022-24528 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2022-24492 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows schannel | CVE-2022-26915 | Windows Secure Channel Denial of Service Vulnerability | Important |
Windows SMB | CVE-2022-24485 | Win32 File Enumeration Remote Code Execution Vulnerability | Important |
Windows SMB | CVE-2022-26830 | DiskUsage.exe Remote Code Execution Vulnerability | Important |
Windows SMB | CVE-2022-21983 | Win32 Stream Enumeration Remote Code Execution Vulnerability | Important |
Windows SMB | CVE-2022-24541 | Windows Server Service Remote Code Execution Vulnerability | Critical |
Windows SMB | CVE-2022-24500 | Windows SMB Remote Code Execution Vulnerability | Critical |
Windows SMB | CVE-2022-24534 | Win32 Stream Enumeration Remote Code Execution Vulnerability | Important |
Windows Telephony Server | CVE-2022-24550 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
Windows Upgrade Assistant | CVE-2022-24543 | Windows Upgrade Assistant Remote Code Execution Vulnerability | Important |
Windows User Profile Service | CVE-2022-26904 | Windows User Profile Service Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2022-24474 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2022-26914 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2022-24542 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Windows Work Folder Service | CVE-2022-26807 | Windows Work Folder Service Elevation of Privilege Vulnerability | Important |
YARP reverse proxy | CVE-2022-26924 | YARP Denial of Service Vulnerability | Important |