71 security vulnerabilities were fixed by Microsoft in its March 2022 Patch Tuesday, three of which rated critical and the rest rated as important.
The Three Critical Vulnerabilities in March 2022 Patch Tuesday
Fortunately, none of them is listed as being actively exploited in the wild so far. The bugs are located in many Microsoft products, including Microsoft Windows and Windows Components, Azure Site Recovery, Microsoft Defender for Endpoint and IoT, Intune, Edge (Chromium-based), Windows HTML Platforms, Office and Office Components, Skype, .NET and Visual Studio, Windows RDP, SMB Server.
It’s noteworthy that all three cause remote code execution:
- CVE-2022-22006 is a vulnerability in HEVC Video Extensions with a CVSS rating of 7.8;
- CVE-2022-24501 is located in VP9 Video Extensions and is rated 7.8;
- CVE-2022-23277 resides in Microsoft Exchange Server, with a CVSS rating of 8.8.
Greg Wiseman, product manager at Rapid7, said that three security flaws addressed this month have been previously disclosed, potentially allowing attackers to find ways to exploit them. Those include remote code execution bugs CVE-2022-24512 in .NET and Visual Studio, and CVE-2022-21990, in Remote Desktop Client. CVE-2022-24459, on the other hand, is an issue in Windows Fax and Scan service. All three publicly disclosed vulnerabilities have been rated important.
More information about this month’s round of patches is available at SANS Internet Storm Center.