March Patch Tuesday 2022 Resolves 71 Vulnerabilities
March Patch Tuesday 2022 has officially arrived — tackle the latest Microsoft updates and vulnerabilities for this month.
Microsoft Releases 71 Fixes This Month Including 3 Public Aware Threats
There are 3 patches rated Critical and 68 are rated Important. Microsoft Windows and Windows Components, Azure Site Recovery, Microsoft Defender for Endpoint and IoT, Intune, Edge (Chromium-based), Windows HTML Platforms, Office and Office Components, Skype for Chrome, .NET and Visual Studio, Windows RDP and SMB Server have all been updated.
Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.
Robert Brown, Head of Customer Success for Syxsense said, “Public Aware threats do not often go to Weaponized, but do you want to be the IT Manager who didn’t prioritize these updates? There are very few Critical severity patches this month for the release, but that doesn’t mean some of the Important updates should be ignored. Your patching strategy should be based on the risk you are prepared to take, and if the risk if too high then deploy those patches.”
Top March 2022 Patches and Vulnerabilities
Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend our customers enter the CVE numbers below into your patch management solution and deploy as soon as possible.
1. CVE-2022-21990: Remote Desktop Client Remote Code Execution Vulnerability
In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.
This vulnerability is ‘More Likely’ to be used as an entry point as suggested by Microsoft. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Syxscore
- Vendor Severity: Important
- CVSS: 8.8
- Weaponized: No
- Public Aware: Yes
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: Required
- Scope (Jump Point): Unchanged / No
2. CVE-2022-24459: Windows Fax and Scan Service Elevation of Privilege Vulnerability
Vulnerabilities details are unknown at this time but an attacker who successfully exploited the vulnerability could run arbitrary code. Keep an eye on this for changes in severity or priority.
Syxscore
- Vendor Severity: Important
- CVSS: 7.8
- Weaponized: No
- Public Aware: Yes
- Countermeasure: No
Syxscore Risk
- Attack Vector: Local
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Unchanged / No
3. CVE-2022-24508: Windows SMBv3 Client/Server Remote Code Execution Vulnerability
The vulnerability allows a remote attacker to execute arbitrary code on the target system and is ‘More Likely’ to be used as an entry point as suggested by Microsoft. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Syxscore
- Vendor Severity: Network
- CVSS: 8.8
- Weaponized: No
- Public Aware: No
- Countermeasure: Yes – see here
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Unchanged / No
Syxsense Recommendations
Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.
| Reference | Description | Vendor Severity | CVSS Score | Weaponised | Publicly Aware | Countermeasure | Syxsense Recommended |
| CVE-2022-23277 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2022-21990 | Remote Desktop Client Remote Code Execution Vulnerability | Important | 8.8 | No | Yes | No | Yes |
| CVE-2022-24459 | Windows Fax and Scan Service Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | No | Yes |
| CVE-2022-24512 | .NET and Visual Studio Remote Code Execution Vulnerability | Important | 6.3 | No | Yes | No | Yes |
| CVE-2022-24508 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2022-23285 | Remote Desktop Client Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2022-23294 | Windows Event Tracing Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2022-24469 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 8.1 | No | No | No | Yes |
| CVE-2022-22006 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2022-24501 | VP9 Video Extensions Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2022-24457 | HEIF Image Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-22007 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-23301 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-24452 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-24453 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-24456 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-23266 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-24461 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-24509 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-24510 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-23282 | Paint 3D Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-23295 | Raw Image Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-23300 | Raw Image Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-24451 | VP9 Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-24507 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-24455 | Windows CD-ROM Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-23291 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-23293 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-23290 | Windows Inking COM Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-23296 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-23299 | Windows PDEV Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-24454 | Windows Security Support Provider Interface Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Yes |
| CVE-2022-24464 | .NET and Visual Studio Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-24522 | Skype Extension for Chrome Information Disclosure Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-24467 | Azure Site Recovery Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-24468 | Azure Site Recovery Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-24470 | Azure Site Recovery Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-24471 | Azure Site Recovery Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-24517 | Azure Site Recovery Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-24520 | Azure Site Recovery Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-23265 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-23284 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.2 | No | No | No | |
| CVE-2022-21967 | Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-24460 | Tablet Windows User Interface Application Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-23283 | Windows ALPC Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-23287 | Windows ALPC Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-24505 | Windows ALPC Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-23286 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-23288 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-23298 | Windows NT OS Kernel Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-24525 | Windows Update Stack Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2022-24506 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2022-24515 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2022-24518 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2022-24519 | Azure Site Recovery Elevation of Privilege Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2020-8927 | Brotli Library Buffer Overflow Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2022-24463 | Microsoft Exchange Server Spoofing Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2022-23253 | Point-to-Point Tunnelling Protocol Denial of Service Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2022-24526 | Visual Studio Code Spoofing Vulnerability | Important | 6.1 | No | No | No | |
| CVE-2022-23278 | Microsoft Defender for Endpoint Spoofing Vulnerability | Important | 5.9 | No | No | No | |
| CVE-2022-24511 | Microsoft Office Word Tampering Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2022-24462 | Microsoft Word Security Feature Bypass Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2022-23281 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2022-21973 | Windows Media Center Update Denial of Service Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2022-23297 | Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2022-24503 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important | 5.4 | No | No | No | |
| CVE-2022-21975 | Windows Hyper-V Denial of Service Vulnerability | Important | 4.7 | No | No | No | |
| CVE-2022-22010 | Media Foundation Information Disclosure Vulnerability | Important | 4.4 | No | No | No | |
| CVE-2022-24502 | Windows HTML Platforms Security Feature Bypass Vulnerability | Important | 4.3 | No | No | No | |
| CVE-2022-21977 | Media Foundation Information Disclosure Vulnerability | Important | 3.3 | No | No | No | |
| CVE-2022-24465 | Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability | Important | 3.3 | No | No | No |
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
