Microsoft March 2022 Patch Tuesday
This month we got patches for 92 vulnerabilities. Of these, 3 are critical, 3 were previously disclosed, and one is already being exploited according to Microsoft.
Among critical vulnerabilities, there is a remote code execution (RCE) affecting Microsoft Exchange Server (CVE-2022-23277). According to the advisory, to exploit this vulnerability the attacker, as an authenticated user, could attempt to trigger malicious code in the context of the server's account through a network call. The CVSS for this vulnerability is 8.8 - the highest for this month.
The other two critical vulnerabilities are related to RCE vulnerabilities affecting HEVC (CVE-2022-22006) and VP9 (CVE-2022-24501) video extensions. For both vulnerabilities, an attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file which could lead to a crash. The CVSS is the same for both as well: 7.8.
Now talking about the previously disclosed vulnerabilities, all three were rated as 'important'. One of them (CVE-2022-21990) is an RCE affecting Remote Desktop Client with a CVSS of 8.8 and rated as 'More likely' to be exploited in the security advisory. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.
The second is an elevation of privilege vulnerability affecting Windows Fax and Scan Service (CVE-2022-24459) with a CVSS of 7.8 and the third is an RCE on .Net and Visual Studio with a CVSS of 6.3.
Among important vulnerabilities, there is an RCE affecting Windows Event Tracing (CVE-2022-23294). The advisory says: "an attacker with non-admin credentials can potentially carry out an exploit using this vulnerability. The authenticated attacker could potentially take advantage of this vulnerability to execute malicious code through the Event Log's Remote Procedure Call (RPC) endpoint on the server-side". About mitigation factors related to this vulnerability, the advisory says: "Access to the Event Log service endpoint is blocked by default and a firewall rule change is required to make the endpoint accessible from a locally triggered attack.".
See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/
March 2022 Security Updates
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET and Visual Studio Denial of Service Vulnerability | |||||||
| CVE-2022-24464 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2022-24512 | Yes | No | Less Likely | Less Likely | Important | 6.3 | 5.5 |
| Azure Site Recovery Elevation of Privilege Vulnerability | |||||||
| CVE-2022-24506 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| CVE-2022-24515 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| CVE-2022-24469 | No | No | Less Likely | Less Likely | Important | 8.1 | 7.1 |
| CVE-2022-24518 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| CVE-2022-24519 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Azure Site Recovery Remote Code Execution Vulnerability | |||||||
| CVE-2022-24467 | No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 |
| CVE-2022-24468 | No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 |
| CVE-2022-24517 | No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 |
| CVE-2022-24470 | No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 |
| CVE-2022-24471 | No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 |
| CVE-2022-24520 | No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 |
| Brotli Library Buffer Overflow Vulnerability | |||||||
| CVE-2020-8927 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Chromium: CVE-2022-0789 Heap buffer overflow in ANGLE | |||||||
| CVE-2022-0789 | No | No | - | - | - | ||
| Chromium: CVE-2022-0790 Use after free in Cast UI | |||||||
| CVE-2022-0790 | No | No | - | - | - | ||
| Chromium: CVE-2022-0791 Use after free in Omnibox | |||||||
| CVE-2022-0791 | No | No | - | - | - | ||
| Chromium: CVE-2022-0792 Out of bounds read in ANGLE | |||||||
| CVE-2022-0792 | No | No | - | - | - | ||
| Chromium: CVE-2022-0793 Use after free in Views | |||||||
| CVE-2022-0793 | No | No | - | - | - | ||
| Chromium: CVE-2022-0794 Use after free in WebShare | |||||||
| CVE-2022-0794 | No | No | - | - | - | ||
| Chromium: CVE-2022-0795 Type Confusion in Blink Layout | |||||||
| CVE-2022-0795 | No | No | - | - | - | ||
| Chromium: CVE-2022-0796 Use after free in Media | |||||||
| CVE-2022-0796 | No | No | - | - | - | ||
| Chromium: CVE-2022-0797 Out of bounds memory access in Mojo | |||||||
| CVE-2022-0797 | No | No | - | - | - | ||
| Chromium: CVE-2022-0798 Use after free in MediaStream | |||||||
| CVE-2022-0798 | No | No | - | - | - | ||
| Chromium: CVE-2022-0799 Insufficient policy enforcement in Installer | |||||||
| CVE-2022-0799 | No | No | - | - | - | ||
| Chromium: CVE-2022-0800 Heap buffer overflow in Cast UI | |||||||
| CVE-2022-0800 | No | No | - | - | - | ||
| Chromium: CVE-2022-0801 Inappropriate implementation in HTML parser | |||||||
| CVE-2022-0801 | No | No | - | - | - | ||
| Chromium: CVE-2022-0802 Inappropriate implementation in Full screen mode | |||||||
| CVE-2022-0802 | No | No | - | - | - | ||
| Chromium: CVE-2022-0803 Inappropriate implementation in Permissions | |||||||
| CVE-2022-0803 | No | No | - | - | - | ||
| Chromium: CVE-2022-0804 Inappropriate implementation in Full screen mode | |||||||
| CVE-2022-0804 | No | No | - | - | - | ||
| Chromium: CVE-2022-0805 Use after free in Browser Switcher | |||||||
| CVE-2022-0805 | No | No | - | - | - | ||
| Chromium: CVE-2022-0806 Data leak in Canvas | |||||||
| CVE-2022-0806 | No | No | - | - | - | ||
| Chromium: CVE-2022-0807 Inappropriate implementation in Autofill | |||||||
| CVE-2022-0807 | No | No | - | - | - | ||
| Chromium: CVE-2022-0808 Use after free in Chrome OS Shell | |||||||
| CVE-2022-0808 | No | No | - | - | - | ||
| Chromium: CVE-2022-0809 Out of bounds memory access in WebXR | |||||||
| CVE-2022-0809 | No | No | - | - | - | ||
| HEIF Image Extensions Remote Code Execution Vulnerability | |||||||
| CVE-2022-24457 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||||
| CVE-2022-23301 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-22006 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
| CVE-2022-22007 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-24452 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-24453 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-24456 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Media Foundation Information Disclosure Vulnerability | |||||||
| CVE-2022-21977 | No | No | Less Likely | Less Likely | Important | 3.3 | 2.9 |
| CVE-2022-22010 | No | No | Less Likely | Less Likely | Important | 4.4 | 3.9 |
| Microsoft Defender for Endpoint Spoofing Vulnerability | |||||||
| CVE-2022-23278 | No | No | Less Likely | Less Likely | Important | 5.9 | 5.2 |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||||
| CVE-2022-23266 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||||
| CVE-2022-23265 | No | No | Less Likely | Less Likely | Important | 7.2 | 6.7 |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||||
| CVE-2022-23277 | No | No | More Likely | More Likely | Critical | 8.8 | 7.7 |
| Microsoft Exchange Server Spoofing Vulnerability | |||||||
| CVE-2022-24463 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability | |||||||
| CVE-2022-24465 | No | No | Less Likely | Less Likely | Important | 3.3 | 2.9 |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||||
| CVE-2022-24509 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-24461 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-24510 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Office Word Tampering Vulnerability | |||||||
| CVE-2022-24511 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Microsoft Word Security Feature Bypass Vulnerability | |||||||
| CVE-2022-24462 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Paint 3D Remote Code Execution Vulnerability | |||||||
| CVE-2022-23282 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Point-to-Point Tunneling Protocol Denial of Service Vulnerability | |||||||
| CVE-2022-23253 | No | No | More Likely | More Likely | Important | 6.5 | 5.7 |
| Raw Image Extension Remote Code Execution Vulnerability | |||||||
| CVE-2022-23295 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-23300 | No | No | Unlikely | Unlikely | Important | 7.8 | 6.8 |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||||
| CVE-2022-21990 | Yes | No | More Likely | More Likely | Important | 8.8 | 7.9 |
| CVE-2022-23285 | No | No | More Likely | More Likely | Important | 8.8 | 7.7 |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | |||||||
| CVE-2022-24503 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.7 |
| Skype Extension for Chrome Information Disclosure Vulnerability | |||||||
| CVE-2022-24522 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Tablet Windows User Interface Application Elevation of Privilege Vulnerability | |||||||
| CVE-2022-24460 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| VP9 Video Extensions Remote Code Execution Vulnerability | |||||||
| CVE-2022-24451 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-24501 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
| Visual Studio Code Spoofing Vulnerability | |||||||
| CVE-2022-24526 | No | No | Less Likely | Less Likely | Important | 6.1 | 5.3 |
| Windows ALPC Elevation of Privilege Vulnerability | |||||||
| CVE-2022-23283 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| CVE-2022-23287 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| CVE-2022-24505 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||||
| CVE-2022-24507 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
| Windows CD-ROM Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2022-24455 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2022-23286 | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
| Windows Common Log File System Driver Information Disclosure Vulnerability | |||||||
| CVE-2022-23281 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||||
| CVE-2022-23291 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-23288 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Event Tracing Remote Code Execution Vulnerability | |||||||
| CVE-2022-23294 | No | No | More Likely | More Likely | Important | 8.8 | 7.7 |
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2022-23293 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Fax and Scan Service Elevation of Privilege Vulnerability | |||||||
| CVE-2022-24459 | Yes | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| Windows HTML Platforms Security Feature Bypass Vulnerability | |||||||
| CVE-2022-24502 | No | No | More Likely | More Likely | Important | 4.3 | 3.9 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2022-21975 | No | No | Less Likely | Less Likely | Important | 4.7 | 4.1 |
| Windows Inking COM Elevation of Privilege Vulnerability | |||||||
| CVE-2022-23290 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Installer Elevation of Privilege Vulnerability | |||||||
| CVE-2022-23296 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Media Center Update Denial of Service Vulnerability | |||||||
| CVE-2022-21973 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | |||||||
| CVE-2022-23297 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows NT OS Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2022-23298 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows PDEV Elevation of Privilege Vulnerability | |||||||
| CVE-2022-23299 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
| CVE-2022-23284 | No | No | Less Likely | Less Likely | Important | 7.2 | 6.5 |
| Windows SMBv3 Client/Server Remote Code Execution Vulnerability | |||||||
| CVE-2022-24508 | No | No | More Likely | More Likely | Important | 8.8 | 7.7 |
| Windows Security Support Provider Interface Elevation of Privilege Vulnerability | |||||||
| CVE-2022-24454 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||||
| CVE-2022-24525 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability | |||||||
| CVE-2022-21967 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments
Anonymous
Mar 8th 2022
3 years ago