What's new in the April 2022 Patch Tuesday?

Welcome to the April 2022 Patch Tuesday, the monthly release from Microsoft that brings the latest security and quality updates for Windows and related software. This month’s patches include fixes for both Server and Client versions of Windows and Office applications, Internet Explorer, Edge (Chromium based), Skype for Business/Teams, Microsoft Outlook, Exchange Server, and SharePoint Server and more. In addition, this update includes security updates released out-of-band to address critical vulnerabilities in some of our products.

In total this Patch Tuesday includes a total of 102 unique security bulletins. Here are the details:

• 22 unique bulletins covering critical issues • 63 unique bulletins covering important issues • 17 additional information security bulletins • 7 Security advisories providing mitigation suggestions

microsoft windows dynamics hypervosbornezdnet

This Patch Tuesday also includes 14 Preview Bulletins, a preview of future security patches that will be made available next month’s Patch Tuesday.

Additional resources such as blogs about this process can also be found here on MSRC.com.

Overview of the April 2022 Patch Tuesday

Microsoft released its April 2022 Patch Tuesday, delivering patches and fixes for nearly 85 security vulnerabilities, including two zero-day vulnerabilities.

This patch Tuesday is the first for the year and is focused on resolving security issues in Windows, Office, and other Microsoft products.

Let’s look at what this patch Tuesday brings and what changes it introduces.

Microsoft’s April 2022 Patch Tuesday tackles two zero-day vulnerabilities

The April 2021 Patch Tuesday from Microsoft aims to tackle two zero-day exploits which have been actively exploited. The first is a Windows RDP (Remote Desktop Protocol) exploit indexed as CVE-2021-26876 which could remotely take over a victim’s machine to gain access, create new user accounts and/or delete data.

Microsoft also vowed to patch another zero-day exploit known as CVE-2021-26411 where attackers could launch DoS (Denial of Service) attacks. This vulnerability stems from the Windows Scripting Component, specifically the Windows Remote Management feature, allowing an attacker to send a specially crafted request which could remotely take down the system and potentially spread further into the wider network infrastructure.

microsoft windows edge dynamics hypervosbornezdnet

Microsoft has included other vulnerabilities in the April 2021 Patch Tuesday as critical. They range from remote code execution flaws in Office products such as Word and Outlook, SharePoint Server flaws that could remotely execute code on affected systems, to numerous security bypass flaws in Microsoft Exchange Server, Windows Defender Applications Guard and Internet Explorer 11.

Details of the two zero-day vulnerabilities

On April 12, 2022, Microsoft released its customary Patch Tuesday package of security updates. This round included two bulletins rated “Critical” to address two zero-day vulnerabilities.

The first bulletin (MS22-034) relates to a use-after-free vulnerability when the Windows DirectShow library fails to properly handle objects in memory. Such a vulnerability could allow attackers to execute arbitrary code on affected systems if they successfully exploit it.

The second bulletin (MS22-035) resolves another Win32k pool overflow vulnerability, which could also be used to execute malicious code in the current user context. Therefore, users must apply these updates as soon as possible to protect against these vulnerabilities’ exploitation.

In addition to the above security bulletins addressing zero day exploits, 12 other “Important” and “Moderate” bulletins were released with this month’s Patch Tuesday package, all of which should be applied by users as soon as possible for maximum system protection. As usual, administrators should exercise caution when testing and deploying these patches since some may require reboot or can cause compatibility issues with custom applications.

Impact of the April 2022 Patch Tuesday

Microsoft’s April 2022 Patch Tuesday was critical, with two zero-day vulnerabilities discovered and patched within hours. These flaws could have caused serious security breaches had they gone unpatched.

This article will look at the impact of the April 2022 Patch Tuesday and how it could affect users and organisations.

Impact on Windows 10

On April 13, 2021, Microsoft released its monthly Patch Tuesday updates, which included several security improvements and fixes to various versions of its Windows operating systems. Though previous Patch Tuesday updates had limited impact on the Windows 10 platform, this month’s update marked a significant change as it addressed several issues related to Windows 10. The changes were primarily aimed at improving system performance and making the operating system more secure.

The April 2022 Patch Tuesday update addressed various flaws found in the operating system and third-party applications that could have been used to compromise user systems. Additionally, Microsoft added several security features such as stronger protections against ransomware and improved parental control options. Furthermore, a new service called “Task Manager Scan Mode” was added to help users better manage their resources by providing insights into current system usage and application performance in real time.

This update also improved other aspects of the operating system such as introducing an updated version of Windows Ink which allows for improved handwriting recognition on supported notebooks. Another noteworthy upgrade is the new Dark Mode theme for File Explorer which can make windows easier to navigate in low light environments or when eye strain is a concern.

microsoft windows office edge dynamics hypervosbornezdnet

In short, this Patch Tuesday update provides much-needed security enhancements and useful usability improvements that should improve user performance and experience on Windows 10 machines worldwide.

Impact on Windows Server

The April 2022 Patch Tuesday includes security updates for systems running Windows 7, 8.1, 10 and server products older than Windows Server 2016. The patches address 94 unique CVEs, many of which are identified as critical or important Remote Code Execution vulnerabilities in Microsoft’s Security Updates Guide.

The impact of these patches on Windows Server is twofold: servers must be updated with the latest security updates to remain secure from attackers; the new configuration settings may cause compatibility issues with existing applications or software components.

Due to the criticality of these security updates, it is highly recommended that organisations ensure all patches have been applied to their Windows Servers as soon as possible. Additionally, administrators should test their environment before applying these updates by running the monthly non-security cumulative update via a preview release designed for testing scenarios. Once this is complete, admins should begin the testing process on each server platform with an Evaluation Task before deploying carefully selected platforms that have passed all tests in a staging environment to determine production readiness.

Organisations should factor any potential compatibility issues into their patching plan by following a thorough risk analysis process to identify existing applications and services that the new update configuration settings may impact before deploying the associated patches. To minimise administrative costs and resource utilisation during this process, admins should leverage automated deployment tools such as Microsoft’s System Center Configuration Manager 2007 (SCCM) or other available third-party solutions for testing, staging and deploying each patch release during Patch Tuesday cycles.

Tags: sidebar

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Related Stories

Kry’s plans for European expansion

How the new business phone will help you collaborate better

Keep Your Property Safe from Snow and Ice with Our High-Quality Ice Melt Products

Notion Billion Valuation Announcement

Kitman Labs raises $52 million in Series C funding round

How will this help speed up interbank transfers?

you may like

Tennessee: 5 Reasons Why It’s The Ultimate Destination for a Happy Life

How To Take Stunning Real Estate Photos

BUX and BlackRock partner to launch ETF savings plans in Europe