zdnet[.]com/article/microsoft-april-2022-patch-tuesday-two-zero-day-vulnerabilities-tackled/
Microsoft has released over 100 security fixes for software that resolve critical issues including two zero-days.
The zero-day vulnerabilities resolved in this update are:CVE-2022-26904: This known zero-day flaw impacts the Windows User Profile Service and is described as an EoP vulnerability. The bug has been issued a CVSS severity score of 7.0 and its attack complexity is considered 'high', as "successful exploitation of this vulnerability requires an attacker to win a race condition," according to Microsoft.
CVE-2022-24521: This bug is another EoP issue found in the Windows Common Log File System Driver. Issued a CVSS score of 7.8, Microsoft says that attack complexity is low and the company has detected active exploitation, despite the flaw not being made public until now.Two other security issues, CVE-2022-26809 and CVE-2022-24491, are also of note. These vulnerabilities, impacting Remote Procedure Call Runtime and the Windows Network File System, have earned CVSS scores of 9.8 and can be exploited to trigger RCE.
So far so good -- no problems to report [yet].