We would like to bring to your attention, that Windows recently has addressed a total of 128 security vulnerabilities. 10 of these 128 vulnerabilities are rated with the severity Critical. Security patches for these vulnerabilities were made available by Microsoft. In the following sections, we are commenting on the ones that stuck out the most and have serious impact and risk to organizations.
2 Critical Zero-Days that lead to Privilege Escalation
Description
The actively exploited flaw identified by CVE-2022-24521 was found in the Windows Common Log File System (CLFS) and leads to Privilege Escalation on successful exploitation.
The second flaw exploited in the wild is identified by CVE-2022-26904 and leads to the elevation of privileges in the Windows User Profile Service. To successfully exploit this flaw the attacker needs access to the local system and to win a race condition. Other requirements to exploit this flaw are the following:
-
The credentials of another user on the system, different from the user the attacker is logged in as
-
A domain the second user belongs to
Proof of Concept code is publicly available for this vulnerability.
Mitigation
We recommend applying the latest available security patches to mitigate these vulnerabilities.
Vulnerabilities in the Windows RPC Runtime lead to Remote Code Execution
Description
The Windows RPC Runtime was found to be vulnerable to 3 Remote Code Execution vulnerabilities identified by CVE-2022-24528, CVE-2022-24492 and CVE-2022-26809. The CVE-2022-26809 is most likely to be exploited in the wild. Any Windows machine that exposes the port 445 without a security patch for the RPC runtime library in place is vulnerable for exploitation.
Mitigation
We recommend applying the latest available security patches to mitigate these vulnerabilities. To strengthen the general security posture it is also advised to block connections to the RPC Runtime (default port 445) externally when not specifically required by an application or process in place. To mitigate exploitation from the internal network, ensure that only required servers have access to these ports, as it could otherwise allow attackers to laterally move through the environment. Microsoft has released a guide to further secure smb traffic.
Who is affected?
All mentioned vulnerabilities are present across several Windows versions. This includes Windows 7, 8, 10 and 11, as well as Windows Server 2008, 2012, 2016, 2019 and 2022.
Keeping the environment up to date with Windows Autopatch
In regard to keeping the Windows environment up to date, Microsoft is releasing a new ‘Autopatch’ feature in July 2022, which aims to help organizations maintaining the newest versions for installations across the perimeter.
References
-
https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24521
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26904
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809
-
https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-secure-traffic
-
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-autopatch-faq/ba-p/3272081
Weaponized patience: the strategic implications of the F5 breach
The F5 breach reveals the growing danger of shared infrastructure attacks. As adversaries learn faster than defenders, the only path to resilience is continuous, adaptive testing.…
Everyone has a plan until they get punched in the face: reflections on the NCSC 2025 annual review
The NCSC Annual Review 2025 delivers a reality check. Highly significant cyber incidents have increased by 50 percent year over year. It’s time to act.
Part 3: CBEST Series – The Future of Threat-Led Penetration Testing
Regulated testing like CBEST is pivotal, but as threats shift, organizations must adopt more strategic, agile threat-led penetration testing. Discover what’s next.