You are currently viewing Microsoft’s Mar’22 Patch Tuesday Addresses 92 Security Vulnerabilities Including 3 Zero-days

Microsoft’s Mar’22 Patch Tuesday Addresses 92 Security Vulnerabilities Including 3 Zero-days

Microsoft has released March Patch Tuesday security updates with a total of 92 vulnerabilities, which include 3 Zero-Days, 3 CVEs rated as critical, and the rest as important. The Zero days are not known to be actively exploited in attacks, and all the 3 Critical vulnerabilities are Remote Code Execution. The products covered in March’s security updates include Windows Remote Desktop, Windows Codecs library, Microsoft Edge, Windows Kernel, etc. Microsoft Edge, with 21 CVEs, holds the highest number of vulnerabilities addressed this month.

Zero-day Vulnerabilities

CVE-2022-21990 – Remote Desktop Client Remote Code Execution Vulnerability. An attacker can perform the Remote Code Execution in the vulnerable remote desktop clients connected to the server in control of an attacker.

CVE-2022-24459 – Windows Fax and Scan Service Elevation of Privilege Vulnerability. The loosely imposed security restrictions in Windows Fax and Scan Service lead to security restrictions bypass and privilege escalation. Successful exploitation allows a local user to escalate privileges on the system.

CVE-2022-24512 – .NET and Visual Studio Remote Code Execution Vulnerability. The vulnerability is caused due to improper input validation in .NET and Visual Studio, which leads to remote code execution.

Critical Vulnerabilities

CVE-2022-23277 – Microsoft Exchange Server Remote Code Execution. Microsoft Exchange Server versions 2013, 2016, and 2019.. are vulnerable to a remote code execution. Microsoft said, “An authenticated attacker can attempt to trigger malicious code in the context of the server’s account through a network call”.

Microsoft security bulletin summary for March 2022

  • Windows Kernel
  • Microsoft Exchange Server
  • Windows Remote Desktop
  • Windows Media
  • Azure Site Recovery
  • Microsoft Office
  • Microsoft Windows
  • Visual Studio Code
  • Windows Security Support Provider Interface
  • Windows SMB Server
  • Windows HTML Platform
  • Windows Installer

Product: Microsoft Windows

CVEs/AdvisoryCVE-2022-23283CVE-2022-23293CVE-2022-23288CVE-2022-24525CVE-2022-23287CVE-2022-24503CVE-2022-24455CVE-2022-24454CVE-2022-24459CVE-2022-24502CVE-2022-23299CVE-2022-23298CVE-2022-23294CVE-2022-23290CVE-2022-23285CVE-2022-23284CVE-2022-23291CVE-2022-24460CVE-2022-23281CVE-2022-23297CVE-2022-23296CVE-2022-22010CVE-2022-21977CVE-2022-24508CVE-2022-24507CVE-2022-23253CVE-2022-21990CVE-2022-21975CVE-2022-21967CVE-2022-21973CVE-2022-24505CVE-2022-23286

Impact: Elevation of Privilege, Information Disclosure, Security Feature Bypass, Remote Code Execution, Denial of Service
KB’s : 50114915011487501149350114955011485501150350115645011560501155250115295011486
Severity: Important

Product: Azure Site Recovery VMWare to Azure
CVEs/AdvisoryCVE-2022-24519CVE-2022-24518CVE-2022-24470CVE-2022-24467CVE-2022-24515CVE-2022-24506CVE-2022-24469CVE-2022-24517CVE-2022-24468CVE-2022-24471CVE-2022-24520
Impact: Elevation of Privilege, Remote Code Execution.
Severity: Important

Product: Microsoft Visual Studio
CVEs/AdvisoryCVE-2020-8927CVE-2022-24512CVE-2022-24464
Impact: Remote Code Execution, Denial of Service
Severity: Important

Product: Microsoft Office
CVEs/AdvisoryCVE-2022-24511CVE-2022-24462CVE-2022-24461CVE-2022-24510CVE-2022-24509
Impact: Tampering, Security Feature Bypass, Remote Code Execution.
Severity: Important

SanerNow VM and SanerNow PM detect these vulnerabilities and automatically fix them by applying security updates. Use SanerNow and keep your systems updated and secure.

 

 

 

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments