VERT Threat Alert: April 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-996 on Wednesday, April 13th.

In-The-Wild & Disclosed CVEs

CVE-2022-24521

While not previously publicly disclosed, Microsoft is reporting that they have seen active exploitation of this vulnerability in the wild. The vulnerability can lead to elevation of privilege by exploiting a flaw in the Windows Common Log File System (CLFS) driver. CLFS is a general-purpose logging service that can be used by both user and kernel-mode software. Patches have been released for CLFS monthly since September 2021 with only one exception – November 2021. From September 2021 until today, we have seen 18 vulnerabilities patched within CLFS.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.

CVE-2022-26904

This publicly disclosed vulnerability in the Windows User Profile Service leads to elevation of privilege following successful exploitation. Microsoft has listed the attack complexity as high given that it relies on a race condition, however exploit code is already publicly available, including in the Metasploit framework.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

• Traditional Software
• Mobile Software
• Cloud or Cloud Adjacent
• Vulnerabilities that are being exploited or that have been disclosed will be bold.