Skip to content ↓ | Skip to navigation ↓

Tripwire’s April 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, Oracle, and Adobe.

First on the patch priority list this month is an elevation of privilege vulnerability in the Microsoft Windows User Profile Service. This vulnerability has been added to the Metasploit Exploit Framework and any vulnerable systems should be patched as soon as possible.

Next are patches for Microsoft Edge and Google Chromium. These patches resolve over 25 vulnerabilities including one zero-day vulnerability (CVE-2022-1364). The patches fix issues such as use after free, elevation of privilege, type confusion, and spoofing vulnerabilities.

Up next are patches for Microsoft Excel. These patches resolve 2 remote code execution vulnerabilities.

Following Excel are patches for Oracle Java from the Oracle April Critical Patch Update that resolve 6 Java SE vulnerabilities.

Next are patches for Adobe Reader and Acrobat. These patches resolve over 60 vulnerabilities including Use after free, out of bounds write, stack-based buffer overflow, access of uninitialized pointer, out of bounds read, and heap-based buffer overflow vulnerabilities.

Up next are patches that affect components of the Windows operating systems. These patches resolve over 65 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, DWM Core Library, Windows Defender, Media Center, Windows Installer, SMB, Print Spooler, LSA, Remote Desktop, and others.

Next are patches for the .NET, Visual Studio, and Visual Studio Code that resolve denial of service and elevation of privilege vulnerabilities.

Lastly, administrators should focus on server-side patches for Hyper-V, Skype for Business, LDAP, DNS Server, Windows Cluster Shared Volume (CSV), Power BI, Windows Endpoint Configuration Manager, Dynamics, SharePoint, and Active Directory Domain Services. These patches resolve remote code execution, spoofing, elevation of privilege, and denial of service vulnerabilities.

BULLETINCVE
Exploit Framework – MetasploitCVE-2022-26904
Microsoft Edge (Chromium-based) and Google ChromiumCVE-2022-1364, CVE-2022-1125, CVE-2022-1127, CVE-2022-1128, CVE-2022-1129, CVE-2022-1130, CVE-2022-1131, CVE-2022-1133, CVE-2022-1134, CVE-2022-1135, CVE-2022-1136, CVE-2022-1137, CVE-2022-1138, CVE-2022-1139, CVE-2022-1143, CVE-2022-1145, CVE-2022-1146, CVE-2022-1232, CVE-2022-26895,CVE-2022-26894,CVE-2022-26891,CVE-2022-24475,CVE-2022-26912,CVE-2022-26900,CVE-2022-26909,CVE-2022-26908,CVE-2022-24523
Microsoft Office ExcelCVE-2022-24473, CVE-2022-26901
Oracle JavaCVE-2022-21443, CVE-2022-21434, CVE-2022-21426, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496
APSB22-16: Adobe Reader and Acrobat ICVE-2022-24101, CVE-2022-24103, CVE-2022-24104, CVE-2022-27785, CVE-2022-24102, CVE-2022-27786, CVE-2022-27787, CVE-2022-27788, CVE-2022-27789, CVE-2022-27790, CVE-2022-27791, CVE-2022-27792, CVE-2022-27793, CVE-2022-27794, CVE-2022-27795, CVE-2022-27796, CVE-2022-27797, CVE-2022-27798, CVE-2022-27799, CVE-2022-27800, CVE-2022-27801, CVE-2022-27802, CVE-2022-28230, CVE-2022-28231, CVE-2022-28232, CVE-2022-28233, CVE-2022-28234, CVE-2022-28235, CVE-2022-28236, CVE-2022-28237
APSB22-16: Adobe Reader and Acrobat IICVE-2022-28238, CVE-2022-28239, CVE-2022-28240, CVE-2022-28241, CVE-2022-28242, CVE-2022-28243, CVE-2022-28244, CVE-2022-28245, CVE-2022-28246, CVE-2022-28247, CVE-2022-28248, CVE-2022-28249, CVE-2022-28250, CVE-2022-28251, CVE-2022-28252, CVE-2022-28253, CVE-2022-28254, CVE-2022-28255, CVE-2022-28256, CVE-2022-28257, CVE-2022-28258, CVE-2022-28259, CVE-2022-28260, CVE-2022-28261, CVE-2022-28262, CVE-2022-28263, CVE-2022-28264, CVE-2022-28265, CVE-2022-28266, CVE-2022-28267, CVE-2022-28268, CVE-2022-28269
Windows ICVE-2022-26808, CVE-2022-24543, CVE-2022-26807, CVE-2022-26918, CVE-2022-26916, CVE-2022-26917, CVE-2022-24498, CVE-2022-24493, CVE-2022-24499, CVE-2022-24530, CVE-2022-26920, CVE-2022-26903, CVE-2022-24492, CVE-2022-24528, CVE-2022-26809, CVE-2022-24495, CVE-2022-26915, CVE-2022-24532, CVE-2022-24489, CVE-2022-24496, CVE-2022-24487, CVE-2022-26788, CVE-2022-24494, CVE-2022-24483, CVE-2022-26828, CVE-2022-24550, CVE-2022-24533, CVE-2022-24546, CVE-2022-24548, CVE-2022-24479, CVE-2022-26810, CVE-2022-26827, CVE-2022-24491
Windows IICVE-2022-24497, CVE-2022-24482, CVE-2022-24540, CVE-2022-24521, CVE-2022-24481, CVE-2022-26830, CVE-2022-24485, CVE-2022-21983, CVE-2022-24534, CVE-2022-24500, CVE-2022-24541, CVE-2022-24488, CVE-2022-24547, CVE-2022-26914, CVE-2022-24474, CVE-2022-24542, CVE-2022-24549, CVE-2022-24486, CVE-2022-24544, CVE-2022-24545, CVE-2022-26787, CVE-2022-26786, CVE-2022-26789, CVE-2022-26802, CVE-2022-26790, CVE-2022-26803, CVE-2022-26801, CVE-2022-26792, CVE-2022-26793, CVE-2022-26791, CVE-2022-26796, CVE-2022-26797, CVE-2022-26794, CVE-2022-26795, CVE-2022-26798
.NET FrameworkCVE-2022-26832
Visual Studio and Visual Studio CodeCVE-2022-24767, CVE-2022-24765, CVE-2022-24513, CVE-2022-26921
Skype for BusinessCVE-2022-26911, CVE-2022-26910
Role: Windows Hyper-VCVE-2022-23268, CVE-2022-22008, CVE-2022-22009, CVE-2022-23257, CVE-2022-24537, CVE-2022-26783, CVE-2022-26785, CVE-2022-24539, CVE-2022-24490
LDAP – Lightweight Directory Access ProtocolCVE-2022-26831, CVE-2022-26919
Role: DNS ServerCVE-2022-26816, CVE-2022-26819, CVE-2022-26818, CVE-2022-26815, CVE-2022-26820, CVE-2022-26811, CVE-2022-26813, CVE-2022-26812, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-24536, CVE-2022-26829
Windows Cluster Shared Volume (CSV)CVE-2022-26784, CVE-2022-24538, CVE-2022-24484
Power BICVE-2022-23292
Windows Endpoint Configuration ManagerCVE-2022-24527
Microsoft DynamicsCVE-2022-23259
Microsoft Office SharePointCVE-2022-24472
Active Directory Domain ServicesCVE-2022-26814, CVE-2022-26817
[class^="wpforms-"]
[class^="wpforms-"]