Tuesday, April 12, 2022

Microsoft April 2022 Security Updates

          

The Microsoft April 2022 security updates have been released and consist of 128 CVEs.  Of these CVEs, 10 are rated critical, 115 rated Important and 3 Moderate in severity.  At the time of release, one is listed as publicly known and one is listed as under active exploit.

The security updates apply to the following products, features, and roles: .NET Framework, Active Directory Domain Services, Azure SDK, Azure Site Recovery, LDAP - Lightweight Directory Access Protocol, Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Local Security Authority Server (lsasrv), Microsoft Office Excel, Microsoft Office SharePoint, Microsoft Windows ALPC, Microsoft Windows Codecs Library, Microsoft Windows Media Foundation, Power BI, Role: DNS Server, Role: Windows Hyper-V, Skype for Business, Visual Studio, Visual Studio Code, Windows Ancillary Function Driver for WinSock, Windows App Store, Windows AppX Package Manager, Windows Cluster Client Failover, Windows Cluster Shared Volume (CSV), Windows Common Log File System Driver, Windows Defender, Windows DWM Core Library, Windows Endpoint Configuration Manager, Windows Fax Compose Form, Windows Feedback Hub, Windows File Explorer, Windows File Server, Windows Installer, Windows iSCSI Target Service, Windows Kerberos, Windows Kernel, Windows Local Security Authority Subsystem Service, Windows Media, Windows Network File System, Windows PowerShell, Windows Print Spooler Components, Windows RDP, Windows Remote Procedure Call Runtime, Windows schannel, Windows SMB, Windows Telephony Server, Windows Upgrade Assistant, Windows User Profile Service, Windows Win32K, Windows Work Folder Service, and YARP reverse proxy.

See the KBs listed at the bottom of the page at April 2022 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The April 2022 Security Update Review.

 

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




 

No comments: