Microsoft’s latest Patch Tuesday includes fixes for 96 security vulnerabilities, including six that are zero-day.
The latest patch covers a slew of Microsoft products, including the .Net Framework, Microsoft Dynamics, Microsoft Exchange, Office, Windows Defender, Remote Desktop, and more.
The zero-day vulnerabilities include the following:
- CVE-2021-22947: Open Source Curl Remote Code Execution Vulnerability
- CVE-2021-36976: Libarchive Remote Code Execution Vulnerability
- CVE-2022-21874: Windows Security Center API Remote Code Execution Vulnerability
- CVE-2022-21919: Windows User Profile Service Elevation of Privilege Vulnerability
- CVE-2022-21839: Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
- CVE-2022-21836: Windows Certificate Spoofing Vulnerability
Fortunately, Microsoft has no indication the above vulnerabilities are currently being exploited.