Home / About / Threat Intelligence / Patch Tuesday March 2022

Overview

Microsoft has released 92 bug fixes as part of their monthly patching cycle, including 29 Remote Code Execution vulnerabilities.

Three vulnerabilities have public proof-of-concept (PoC) code, although no active exploitation has been seen so far. The worst of these, CVE-2022-21990, would allow an attacker with control over a Remote Desktop server to execute code on a client when a victim connects to the machine. The others were a Windows Fax and Scan Service privilege escalation (CVE-2022-24459), and a .NET and Visual studio Remote Code Execution vulnerability (CVE-2022-24512).

Other severe vulnerabilities include an SMB RCE (CVE-2022-24508) and an exchange RCE (CVE-2022-23277). No public PoC code exists for these yet, but malicious actors are known to reverse patches to find how to exploit the bugs that they fix.

Affected Products

.NET and Visual Studio
Azure Site Recovery
Microsoft Defender for Endpoint
Microsoft Defender for IoT
Microsoft Edge (Chromium-based)
Microsoft Exchange Server
Microsoft Intune
Microsoft Office Visio
Microsoft Office Word
Microsoft Windows ALPC
Microsoft Windows Codecs Library
Paint 3D
Role: Windows Hyper-V
Skype Extension for Chrome
Tablet Windows User Interface
Visual Studio Code
Windows Ancillary Function Driver for WinSock
Windows CD-ROM Driver
Windows Cloud Files Mini Filter Driver
Windows COM
Windows Common Log File System Driver
Windows DWM Core Library
Windows Event Tracing
Windows Fastfat Driver
Windows Fax and Scan Service
Windows HTML Platform
Windows Installer
Windows Kernel
Windows Media
Windows PDEV
Windows Point-to-Point Tunneling Protocol
Windows Print Spooler Components
Windows Remote Desktop
Windows Security Support Provider Interface
Windows SMB Server
Windows Update Stack
XBox

Containment, Mitigations & Remediations

Update installation: Microsoft has released several security updates for vulnerabilities. Our recommendation is to install these updates immediately to protect your environment.

Indicators of Compromise

None published at this time.

Mitre Methodologies

T1068 – Exploitation for Privilege Escalation
T1210 – Exploitation of Remote Services

Further Information

March 2022 Security Updates

Remote Desktop Client Remote Code Execution Vulnerability

Windows Fax and Scan Service Elevation of Privilege Vulnerability

.NET and Visual Studio Remote Code Execution Vulnerability

Windows SMBv3 Client/Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability