Virtual Administrator’s April 2022 Patch Recommendations


This month Microsoft released patches for 119 vulnerabilities with 10 rated “Critical” in severity.

All patches will be approved in our patch policy.

A large batch of patches this month. CVE-2022-24521 is being actively exploited. It’s an Elevation of Privilege vulnerability in the Windows common log file system driver. The NSA reported active attacks to Microsoft. Most concerning this month is CVE-2022-26809. This is a wormable Runtime Remote Code Execution (RCE) vulnerability. Other wormable threats include CVE-2022-24491 and CVE-2022-24497 in the Windows Network File System (NFS). Also CVE-2022-24500 is a vulnerability in the Windows Server Message Block (SMB). A whopping 18 Remote Code Execution (RCE) vulnerabilities affecting Windows DNS Server were released this month.  Late last month reports of problems using recovery disc on Windows 10/11 machines were acknowledged by Microsoft – see “Heads Up” below.  There are new SSUs for Windows 8.1 and Server 2012.

Disclosed: CVE-2022-26904

Exploited: CVE-2022-24521

FYI – Upcoming end of support

April 26, .NET Framework 4.5.2, 4.6, or 4.6.1 will reach end of support.

May 10, Windows 10 version 20H2 will reach end of servicing.

Heads Up! Recovery discs that were created by using the Backup and Restore (Windows 7) app on devices which have installed Windows updates released before January 11, 2022 are not affected by this issue and should start as expected.

KB5013438: Recovery discs created by using the “Backup and Restore (Windows 7)” app in Control Panel are unable to start

Affected systems: Windows versions affected by the recovery disc start failures includes all editions of Windows 10 versions 1607 or later and all editions of Windows 11.

Symptom: After installing the Windows updates released January 11, 2022 or later Windows versions on an affected version of Windows, recovery discs (CD or DVD) created by using the Backup and Restore (Windows 7) app in Control Panel might be unable to start.

Workaround: We are working on a resolution and will provide an update in an upcoming release.

Note No third-party backup or recovery apps are currently known to be affected by this issue

Security Update Guide

Morphus Labs patch dashboard here:

We will no longer listing “affected software” in this post. Previously Microsoft listed affected “software”. This month the list includes “products, features and roles” which makes the list too long. If you look at the month’s Release Notes on the Security Update Guide page you can view this list.

Microsoft Security Advisories

ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:04/12/2022)

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

NOTE: Some Windows 10 Security Stack Updates were released as standalone this month.

Known Issues

There is one new known issues posted by Microsoft this month for SharePoint Server Subscription Edition. Earlier this week we saw some posts about browser issues on machines running Norton and ESET antivirus. Check for AV updates if you see problems.

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

SharePoint Server Subscription Edition (5002191)

Symptom: Modern home page (or any site pages) cannot render well in Internet Explorer browser.

Workaround: To work around this issue, you can use other modern browsers such as Microsoft Edge, Google Chrome to access the page.

Symptom: In modern home page (or any site pages), you cannot do the “open the detail pane” action in the List web part and Document Library web part.

Workaround: To work around this issue, access the corresponding list or document page to do the similar operation.

Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.

Windows release health

Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022 KBs

Links are with the KB number only.

Security and Quality Rollup

  • KB5012626 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB5012670 – Windows 8.1, Windows Server 2012 R2
  • KB5012650 – Windows Server 2012
  • KB5012658 – Windows Server 2008 (ESU)

Security Only Update

  • KB5012649 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB5012639 – Windows 8.1, Windows Server 2012 R2
  • KB5012666 – Windows Server 2012
  • KB5012632 – Windows Server 2008 (ESU)

Cumulative Updates

Windows 10

  • KB5012653 – Original release version 1507 (OS Build 10240)
  • KB5012596 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB5012647 – Version 1809 “October 2018 Update” (OS Build 17763)
  • KB5012591 – Version 1909 “November 2019 Update” (OS Build 18363)
  • KB5012599 – Version 20H2 “October 2020 Update” (OS Build 19042)
  • KB5012599 – Version 21H1 “May 2021 Update” (OS Build 19043)
  • KB5012599 – Version 21H2 “November 2021 Update” (OS Build 19044)

(Versions 1511,1703,1709,1803,1903,2004 are no longer under support)

Windows 11

  • KB5012592 – Original release (OS Build 22000)

Windows Server

  • KB5012596 – Server 2016 (same KB as Windows 10 Version 1607)
  • KB5012647 – Server 2019 (same KB as Windows 10 Version 1809)
  • KB5012604 – Server 2022 (OS Build 20348)

March 2022 updates for Microsoft Office

Notable CVEs

CVE-2022-24491 | Windows Network File System Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

CVE-2022-24497 | Windows Network File System Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

CVE-2022-24500 | Windows SMB Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

CVE-2022-24521 | Windows Common Log File System Driver Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)

CVE-2022-26809 | Remote Procedure Call Runtime Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

CVE-2022-26904 | Windows User Profile Service Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)