Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities


Windows Update

Microsoft’s Patch Tuesday updates for the month of April have addressed a total of 128 security vulnerabilities spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others.

10 of the 128 bugs fixed are rated Critical, 115 are rated Important, and three are rated Moderate in severity, with one of the flaws listed as publicly known and another under active attack at the time of the release.

The updates are in addition to 26 other flaws resolved by Microsoft in its Chromium-based Edge browser since the start of the month.

The actively exploited flaw (CVE-2022-24521, CVSS score: 7.8) relates to an elevation of privilege vulnerability in the Windows Common Log File System (CLFS). Credited with reporting the flaw are the U.S. National Security Agency (NSA) and CrowdStrike researchers Adam Podlosky and Amir Bazine.

Read more…