In a traditional patch Tuesday update, Microsoft fixed a total of 128 vulnerabilities in various products and components. Of those, at least 10 are critical, at least two were known before the release of the patches and at least one of them was already actively exploited by unknown attackers. This is why it is a good idea update the operating system and other products as soon as possible.
The most dangerous vulnerabilities
According to the information available at this moment, CVE-2022-24521 seems to be the most dangerous of the bunch. It is a vulnerability in the Windows Common Log File System (CLFS) driver and is associated with privilege elevation. Despite a not-so-impressive CVSS:3.1 rating (7.8), it’s fairly easy to exploit. Which, in fact, some unknown attackers are already doing.
CVE-2022-26904, another privilege elevation vulnerability, resides in the Windows User Profiles system service. It also has a relatively low rating on the CVSS:3.1 scale (7.0). However, this vulnerability was also known before the update was released, therefore it is logical to assume that potential attackers could start exploiting it faster than the others.
All critical-level vulnerabilities in Windows the big update addresses are related to remote code execution (RCE). Of these, CVE-2022-26809 in the Windows Remote Procedure Call Runtime Library, as well as CVE-2022-24491 and CVE-2022-24497 in the Network File Access Protocol, have the highest severity rating — 9.8 points.
Some experts believe, that the last three vulnerabilities may be wormable, that is, they can be used to launch self-propagating exploits over the network.
To summarize, in total Microsoft published updates for 128 vulnerabilities in a wide variety of products and components, including the Edge browser, Defender, Office, Exchange, Sharepoint Server, Visual Studio and a lot more. We recommend that you examine the full list of affected products (spoiler: it is long) and prioritize the most critical updates for the products you use.
How to stay safe
In an ideal world, the most logical step would be to install all updates immediately. Of course, in real life this is not always possible — some companies need to test updates before rolling them out in their infrastructure. In this case, we recommend that you study the Mitigations sections in the official Microsoft bulletins. The full list of vulnerabilities and more detailed information about them is available in the update description on the company’s website.
From our part, we recommend to use reliable security solutions on all computers and servers connected to the Internet, preferably the solutions that employ technologies capable of detecting the exploitation of vulnerabilities, both already discovered and still unknown.