Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s April 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-996 on Wednesday, April 13th.

In-The-Wild & Disclosed CVEs


While not previously publicly disclosed, Microsoft is reporting that they have seen active exploitation of this vulnerability in the wild. The vulnerability can lead to elevation of privilege by exploiting a flaw in the Windows Common Log File System (CLFS) driver. CLFS is a general-purpose logging service that can be used by both user and kernel-mode software. Patches have been released for CLFS monthly since September 2021 with only one exception – November 2021. From September 2021 until today, we have seen 18 vulnerabilities patched within CLFS.

Microsoft has rated this as Exploitation Detected on the latest software release on the Exploitability Index.


This publicly disclosed vulnerability in the Windows User Profile Service leads to elevation of privilege following successful exploitation. Microsoft has listed the attack complexity as high given that it relies on a race condition, however exploit code is already publicly available, including in the Metasploit framework.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be bold.
Tag CVE Count CVEs
Windows File Explorer 1 CVE-2022-26808
Windows Upgrade Assistant 1 CVE-2022-24543
Windows Work Folder Service 1 CVE-2022-26807
Windows Fax Compose Form 3 CVE-2022-26916, CVE-2022-26917, CVE-2022-26918
Windows iSCSI Target Service 1 CVE-2022-24498
Microsoft Local Security Authority Server (lsasrv) 1 CVE-2022-24493
Windows Installer 2 CVE-2022-24530, CVE-2022-24499
Visual Studio 3 CVE-2022-24513, CVE-2022-24765, CVE-2022-24767
Windows Common Log File System Driver 2 CVE-2022-24521, CVE-2022-24481
Windows Ancillary Function Driver for WinSock 1 CVE-2022-24494
Microsoft Windows ALPC 2 CVE-2022-24482, CVE-2022-24540
Windows PowerShell 1 CVE-2022-26788
Microsoft Office SharePoint 1 CVE-2022-24472
Windows Feedback Hub 1 CVE-2022-24479
Active Directory Domain Services 2 CVE-2022-26814, CVE-2022-26817
Windows Local Security Authority Subsystem Service 2 CVE-2022-24496, CVE-2022-24487
Windows Network File System 2 CVE-2022-24491, CVE-2022-24497
Windows Cluster Client Failover 1 CVE-2022-24489
Microsoft Windows Media Foundation 1 CVE-2022-24495
Microsoft Office Excel 2 CVE-2022-24473, CVE-2022-26901
Microsoft Graphics Component 2 CVE-2022-26920, CVE-2022-26903
Azure SDK 1 CVE-2022-26907
Windows Kernel 1 CVE-2022-24483
Windows DWM Core Library 1 CVE-2022-24546
Windows User Profile Service 1 CVE-2022-26904
Windows Telephony Server 1 CVE-2022-24550
Windows RDP 1 CVE-2022-24533
Windows Defender 1 CVE-2022-24548
Azure Site Recovery 3 CVE-2022-26896, CVE-2022-26897, CVE-2022-26898
Windows schannel 1 CVE-2022-26915
Windows Endpoint Configuration Manager 1 CVE-2022-24527
Windows File Server 2 CVE-2022-26810, CVE-2022-26827
Power BI 1 CVE-2022-23292
.NET Framework 1 CVE-2022-26832
Visual Studio Code 1 CVE-2022-26921
Role: DNS Server 16 CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-24536, CVE-2022-26815, CVE-2022-26816, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829
Windows Media 1 CVE-2022-24547
Windows Win32K 3 CVE-2022-24474, CVE-2022-26914, CVE-2022-24542
Windows AppX Package Manager 1 CVE-2022-24549
Windows Kerberos 3 CVE-2022-24486, CVE-2022-24544, CVE-2022-24545
Skype for Business 2 CVE-2022-26910, CVE-2022-26911
Microsoft Windows Codecs Library 1 CVE-2022-24532
LDAP – Lightweight Directory Access Protocol 2 CVE-2022-26919, CVE-2022-26831
Windows Print Spooler Components 15 CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803
Role: Windows Hyper-V 9 CVE-2022-22008, CVE-2022-22009, CVE-2022-23257, CVE-2022-23268, CVE-2022-24537, CVE-2022-24490, CVE-2022-24539, CVE-2022-26783, CVE-2022-26785
Windows App Store 1 CVE-2022-24488
Microsoft Edge (Chromium-based) 26 CVE-2022-24523, CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912, CVE-2022-1125, CVE-2022-1127, CVE-2022-1128, CVE-2022-1129, CVE-2022-1130, CVE-2022-1131, CVE-2022-1133, CVE-2022-1134, CVE-2022-1135, CVE-2022-1136, CVE-2022-1137, CVE-2022-1138, CVE-2022-1143, CVE-2022-1145, CVE-2022-1146, CVE-2022-1139, CVE-2022-1232
Windows Remote Procedure Call Runtime 3 CVE-2022-24528, CVE-2022-24492, CVE-2022-26809
YARP reverse proxy 1 CVE-2022-26924
Microsoft Bluetooth Driver 1 CVE-2022-26828
Microsoft Dynamics 1 CVE-2022-23259
Windows SMB 6 CVE-2022-21983, CVE-2022-24485, CVE-2022-24534, CVE-2022-24500, CVE-2022-24541, CVE-2022-26830
Windows Cluster Shared Volume (CSV) 3 CVE-2022-24484, CVE-2022-24538, CVE-2022-26784

Other Information

There were no new advisories included with the April Security Guidance.