Microsoft fixes 119 bugs during Patch Tuesday, one of which was abused

Spread the love

Microsoft has fixed 119 vulnerabilities in Windows, Office and other software during its monthly patch round. Two of those vulnerabilities were zero-days, one of which was actively exploited. 26 separate bugs in Edge were also fixed.

In total, Microsoft has fixed 119 vulnerabilities, 47 of which concerned a local privilege escalation and 47 others related to remote code execution. Thirteen bugs made it possible to read information from parts of the system, and nine involved a denial-of-service vulnerability. Information could be spoofed in another three cases.

The vulnerabilities are fixed in KB5012599 for Windows 10 builds 20H2, 21H1, and 21H2 and in KB5012592 for Windows 11. Ten of the vulnerabilities are rated ‘Critical’, because they enable remote code executions in, among others, the SMB protocol, LDAP, the Network File System and in Hyper-V.

Details of two of the vulnerabilities were already known. One of those zero days CVE-2022-26904, was discovered by the American intelligence agency NSA and made public. As far as is known, it is not actively exploited. That happened with CVE-2022-24521, a privilege escalation in the Windows Common Log File System Driver. Microsoft did not disclose details about how the latter was exploited.

You might also like