CYBERSECURITY PADAWAN

During the April Patch Tuesday bout, Microsoft has released a total number of 26 fixes for common and less common vulnerabilities. Microsoft has also addressed five vulnerabilities that were labeled as important.

Patch Tuesday April 2022 Roundup

April’s Patch Tuesday has brought us numerous improvements and fixes for issues associated with Microsoft’s Chromium-based Edge browser. To name a few, we have fixes for Type Confusion in tV7, Heap Buffer Overflow in WebUI, Use-after-Free in Shopping Cart, Use-after-free in Tab Strip, and User-after-free in Extensions. The full list of fixes can be found below.

April Highlights in Vulnerabilities. Full List of Fixes.

As mentioned, below you’ll find the redacted list of security and non-security vulnerabilities. All the items on the list have been marked as fixes.

CVE NumberName of Vulnerability
CVE-2022-1125Chromium: CVE-2022-1125 Use after free in Portals
CVE-2022-1127Chromium: CVE-2022-1127 Use after free in QR Code Generator
CVE-2022-1128Chromium: CVE-2022-1128 Inappropriate implementation in Web Share API
CVE-2022-1129Chromium: CVE-2022-1129 Inappropriate implementation in Full-Screen Mode
CVE-2022-1130Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTP
CVE-2022-1131Chromium: CVE-2022-1131 Use after free in Cast UI

CVE-2022-1133

Chromium: CVE-2022-1133 Use after free in WebRTC
CVE-2022-1134Chromium: CVE-2022-1134 Type Confusion in V8
CVE-2022-1135Chromium: CVE-2022-1135 Use after free in Shopping Cart
CVE-2022-1136Chromium: CVE-2022-1136 Use after free in Tab Strip
CVE-2022-1137Chromium: CVE-2022-1137 Inappropriate implementation in Extensions
CVE-2022-1138Chromium: CVE-2022-1138 Inappropriate implementation in Web Cursor
CVE-2022-1139Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch API
CVE-2022-1143Chromium: CVE-2022-1143 Heap buffer overflow in WebUI
CVE-2022-1145Chromium: CVE-2022-1145 Use after free in Extensions
CVE-2022-1146Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing
CVE-2022-1232Chromium: CVE-2022-1232 Type Confusion in V8
CVE-2022-24475Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-24523Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2022-26891Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-26894Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-26895Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-26900Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-26908Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-26909Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-26912Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Highlights

CVE-2022-24475 – Elevation of Privilege Vulnerability

An undisclosed defect in Microsoft’s Chromium-based Edge might allow a threat actor to remotely obtain higher privileges. The CVE, which received a Max Severity score of Important, has been fixed. CVE-2022-24475 affected machines running Chromium Version 100.0.4896.60 or lower.

CVE-2022-24523 – Spoofing Vulnerability

A defective Microsoft Edge component might allow a threat actor to run arbitrary code or obtain higher privileges by passing along forged packages to the user. The issue was labeled as fixed.

CVE-2022-26891 – Elevation of Privilege Vulnerability

A bugged component can be leveraged by a threat actor in order to obtain higher local machine privileges. The issue was fixed.

Cybersecurity Advice & Parting Thoughts

That’s about it for Patch Tuesday April. As usual, here’re some of the things you may want to try out in order to increase your company’s cybersecurity posture.

  • Automatic patching. Why bother patching manually when you can have a solution that takes care of that for you? Heimdal™ Patch & Asset Management can help you deploy any patch, update, or hotfix regardless of its 3rd party, Windows- or Linux-specific, proprietary or optional.
  • Fake updates. Be careful around popups or emails notifying you about missing (security) updates. Clicking on them can make your machine come down with a case of ransomware, spyware, and other kinds of ‘-wares’.
  • Prioritizing your updates. As far as updating’s concerned, there’s only one rule – critical and security updates first, followed by drivers, feature packs, tools, and updates. Don’t mix them up.

Additional resources:

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

What Is Identity and Access Management (IAM)?

Privilege Elevation and Delegation Management (PEDM) Explained: Definition, Benefits and More

Patch Tuesday March 2022 – Microsoft Releases Fixes for 21 Common Vulnerabilities

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP