Patch Tuesdays so far this year have been pretty mild. With fewer critical patches, decreased exploits already in the wild, and fewer total CVEs, Things looked downright sunny. The writing was already on the wall that this month might be different.
April already has had zero-day exploits for both Chromium browsers and Macs. So how bad was it? 120 total exploits patched with 10 of those rated as critical. Making things worse there is one exploit that is publicly known and another that has already been exploited.
Highlights
CVE-2022-24521: While not the highest rated, this is the exploit that is confirmed to already be in use. This exploit is an Elevation of Privilege vulnerability for the Windows Common Log File System Driver. Luckily this exploit has a local attack vector, so they would need a user to allow the attacker in, or he would require physical access to the device. Making this come in a 7.8 on the CVSS Scale.
CVE-2022-24497: This is the highest rated vulnerability for the month and it is pretty bad at a 9.8 out of 10 on the CVSS. This is a Remote Code Execution against the Windows Network File System. It requires no user interaction or privileges to run with a low attack complexity. I think the only thing keeping this from being a full 10 is it does require the NFS to be enabled on the machine, limiting how far it can spread.
CVE-2022-26809: This is another 9.8 that has all the same scoring metrics as the previous CVE, but it attacks the RPC (Remote Procedure Call) Runtime instead of NFS. Just like the last one there is a single mitigating factor preventing it from being a full 10, and that is if RPC port 445 is locked down on your enterprise Firewall then external attackers can not use it. So check in with your local Network Admin to see how the External Firewalls are configured. If it is blocked, then it is only Extremely bad, if that port is not blocked for your environment then you should stop reading this now and go get secured ASAP.
Wrapping up
Nobody is lingering to return to 2020, but this Patch Tuesday is a throw back that would have fit right in for that time. High vulnerabilities, exploits in the wild, two very high rated vulnerabilities that just miss being a full 10 as a threat. This month is a bad one. You are going to want to get patched as soon as possible.
Months like this is a good reminder that you can automate a lot of processes that keep your systems safe and secure. With PDQ Deploy and PDQ Inventory you can have your patches going through with lifting a finger. Free up time to read about how bad it is instead of panicking about it! This time you may want to swing by and chat with you Network Administrator though, I can’t automate that.
