This Latest Windows Update Patches A Monstrous Amount Of Flaws
On April 12, 2022, Microsoft launched a massive patch with Windows Update, which included fixes for everything from the .NET Framework all the way down to Windows PowerShell. Broken down, that's 101 CVEs, 16 Knowledge Base articles, two zero-days, and 26 updates to Microsoft Edge. Even Microsoft Office Excel had its own share of fixes, including two remote code execution vulnerabilities — CVE-2022-24473 and CVE-2022-26901.
The two most significant exploits that have been patched up in the sizable April update are called "zero-days," which are basically just previously unknown vulnerabilities that may or may not have been actively targeted or exploited by a bad actor (rather, a hacker with malicious intent), but were exposed to the public on the same day that they were patched. In this case, one of the two addressed zero-days, CVE-2022-24521, had actually been reported by the NSA for having already been exploited by bad actors who could target Windows 10 systems, particularly enterprise server builds, and remotely take control of a vulnerable system by elevating access privileges through Microsoft's Server Message Block protocol. Luckily, the latest update patched that issue, so it should no longer pose a threat to Windows users.
Within the aforementioned 26 updates to Microsoft Edge, Microsoft also integrated over 17 fixes for Chromium, the open-source web browser engine used by Microsoft Edge and is actively developed by Google separately from its own Google Chrome web browser.
Microsoft continues to shore up against bad actors
On the same day as the new April patch was released, Microsoft also addressed its ongoing battle with the "high-priority state-sponsored" bad actor, HAFNIUM, which is connected to the propagation of Tarrask malware. The latter is able to hack into a vulnerable Windows system's registry, breaking into a common scheduled task's Security Descriptor and erasing its details in order to hide Tarrask's own location in the system, essentially cloaking it from schtasks /query and the Task Scheduler. It's also incredibly difficult to delete since it basically spoofs itself as part of the Windows security subsystem, or LSASS.
Of course, Microsoft is currently on the case. Its Detection and Response Team (DART) has been working alongside the Microsoft Threat Intelligence Center (MSTIC) since the threat originally became clear in March 2021. As of April 12, Microsoft has detailed its recommended best course of action for users who are looking to root Tarrask out of their own systems.
Until an official fix is issued, Windows users will have to make do with the manual security directives offered by Microsoft. However, this is just one ongoing issue, and it pales against the admittedly large collection of other fixes that were included in the April 2022 update. In all, the recent update addressed over 145 issues across many different Windows platforms, and it equates to a much more comprehensive patch than Microsoft's previous March 2022 update, which only addressed 94 issues by comparison.