Microsoft’s Patch Tuesday update for the month of March has been created formally accessible with 71 fixes spanning throughout its application products this sort of as Windows, Workplace, Exchange, and Defender, between many others.
Of the full 71 patches, 3 are rated Critical and 68 are rated Significant in severity. While none of the vulnerabilities are outlined as actively exploited, three of them are publicly known at the time of release.
It truly is value pointing out that Microsoft separately tackled 21 flaws in the Chromium-based Microsoft Edge browser before this month.
All the a few critical vulnerabilities remediated this thirty day period are distant code execution flaws impacting HEVC Video Extensions (CVE-2022-22006), Microsoft Trade Server (CVE-2022-23277), and VP9 Movie Extensions (CVE-2022-24501).
The Microsoft Exchange Server vulnerability, which was noted by researcher Markus Wulftange, is also noteworthy for the actuality that it involves the attacker to be authenticated to be able to exploit the server.
“The attacker for this vulnerability could concentrate on the server accounts in an arbitrary or distant code execution,” the Windows maker reported. “As an authenticated person, the attacker could attempt to result in malicious code in the context of the server’s account by way of a network call.”
“Critical vulnerability CVE-2022-23277 ought to also be a problem,” Kevin Breen, director of cyber menace research at Immersive Labs, claimed. “Although necessitating authentication, this vulnerability affecting on-prem Trade servers could probably be employed throughout lateral movement into a aspect of the natural environment which presents the prospect for enterprise email compromise or information theft from email.”
The 3 zero-day bugs mounted by Microsoft are as follows –
- CVE-2022-24512 (CVSS rating: 6.3) – .NET and Visible Studio Remote Code Execution Vulnerability
- CVE-2022-21990 (CVSS score: 8.8) – Remote Desktop Shopper Distant Code Execution Vulnerability
- CVE-2022-24459 (CVSS rating: 7.8) – Windows Fax and Scan Assistance Elevation of Privilege Vulnerability
Microsoft also labeled CVE-2022-21990 as “Exploitation Much more Possible” mainly because of the public availability of a proof-of-strategy (PoC) exploit, creating it important that the updates are applied as soon as probable to stay away from possible attacks.
Other problems of importance are a quantity of remote code execution flaws in Windows SMBv3 Customer/Server, Microsoft Workplace, and Paint 3D, as effectively as privilege escalation flaws in Xbox Live Auth Manager, Microsoft Defender for IoT, and Azure Internet site Restoration.
In all, the patches near out 29 distant code execution vulnerabilities, 25 elevation of privilege vulnerabilities, six info disclosure vulnerabilities, four denial-of-company vulnerabilities, 3 security characteristic bypass vulnerabilities, 3 spoofing vulnerabilities, and 1 tampering vulnerability.
Program Patches from Other Vendors
In addition to Microsoft, security updates have also been released by other distributors to rectify quite a few vulnerabilities, counting —
- Juniper Networks
- Linux distributions Oracle Linux, Purple Hat, and SUSE
- Mozilla Firefox and Firefox ESR
- Schneider Electric powered, and
Observed this post exciting? Stick to THN on Fb, Twitter and LinkedIn to read through extra exceptional content we post.
Some areas of this posting are sourced from: