- Apr 24, 2016
Today is Microsoft's March 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 71 flaws.
Microsoft has fixed 71 vulnerabilities (not including 21 Microsoft Edge vulnerabilities ) with today's update, with three classified as Critical as they allow remote code execution.
The number of bugs in each vulnerability category is listed below:
- 25 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 29 Remote Code Execution Vulnerabilities
- 6 Information Disclosure Vulnerabilities
- 4 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
- 21 Edge - Chromium Vulnerabilities
Three zero-days fixed, none actively exploitedThis month's Patch Tuesday includes fixes for three publicly disclosed zero-day vulnerabilities. The good news is that none of these vulnerabilities were actively exploited in attacks.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
The publicly disclosed vulnerabilities fixed as part of the March 2022 Patch Tuesday are:
While none of these vulnerabilities have been used in attacks, Microsoft states that there are public proof-of-concept exploits for CVE-2022-21990 and CVE-2022-24459.
- CVE-2022-21990 - Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2022-24459 - Windows Fax and Scan Service Elevation of Privilege Vulnerability
- CVE-2022-24512 - .NET and Visual Studio Remote Code Execution Vulnerability
Other vulnerabilities of interest this month that Microsoft believes are more likely to be targeted by threat actors are:
Now that Microsoft has issued patches for these vulnerabilities, it should be expected for threat actors to analyze the vulnerabilities to learn how to exploit them.
- CVE-2022-24508 - Windows SMBv3 Client/Server Remote Code Execution Vulnerability
- CVE-2022-23277 - Microsoft Exchange Server Remote Code Execution Vulnerability
Recent updates from other companiesOther vendors who released updates in March 2022 include:
- Google released Android's March security updates.
- Cisco released security updates for numerous products this month, including Cisco Cisco FXOS and NX-OS, StarOS, and Cisco Application Policy Infrastructure Controller.
- HP disclosed 16 UEFI firmware vulnerabilities that threat actors can use to install stealthy malware.