Executive Summary

As part of Microsoft’s Patch Tuesday, several high and critical vulnerabilities have been patched, of which at least four critical vulnerabilities affect all supported versions of Windows (Clients and Servers). These include ‘wormable’ vulnerabilities, meaning that the vulnerability can be exploited by a malicious program which can replicate itself across a network.

Security updates have also been released for other Microsoft products including Edge, Office and Active Directory Domain Services.

What’s the risk to me or my business?

Security updates are available for all supported versions of Windows, including Windows 7 to Windows 11, and Windows Server 2008 R2 to Windows Server 2022. As some of these updates address vulnerabilities that are known to be actively exploited, the updates should be applied as soon as possible.

What can I do?

Apply the available updates from Microsoft as soon as possible, while taking into consideration any potential downtime that these updates may cause.

Technical Summary

CVE-2022-24491 and CVE-2022-24497 relate to the previously mentioned ‘wormable’ vulnerability, which have CVSS scores of 9.8. They are Remote Code Execution vulnerabilities within the Windows Network File System (NFS). Further details on the individual updates and each affected Windows version can be found here: Microsoft Windows Security Updates April 2022 overview - gHacks Tech News

Need help understanding your gaps, or just want some advice? Get in touch with us.