Two zero-day vulnerabilities – one of which has been previously disclosed and supposedly fixed twice – are among a total of 119 flaws fixed by Microsoft in its April 2022 Patch Tuesday update, alongside more than 20 Chromium vulnerabilities in the Edge browser.
The vulnerabilities in question are CVE-2022-24521, an elevation of privilege vulnerability in the Windows Common Log File System Driver, which is exploited but not public; and CVE-2022-26904, an elevation of privilege vulnerability in the Windows User Profile Service, which is public but not exploited. Both vulnerabilities carry CVSS scores of between seven and eight, rated as important.
