Microsoft released 71 fixes this month, 3 of which are rated Critical and 68 Important. While three are publicly known at the time they were released, none are believed to be in active use by hackers.
Microsoft released an update for CVE-2022-21990, which is a Remote Desktop Client (RDP) remote code execution flaw that an attacker could use to trick an affected client connecting to a malicious RDP server. In turn, the hacker could run code on the affected client.
A remote code execution bug (CVE-2022-24508) in the Windows SMBv3 client and server components gets patched. While this is hard to exploit because the attacker must be authenticated, it could let a malicious actor move laterally around your network, so it’s wise to get this bug patched quickly.
There are some critical bug fixes for the HEVC and VP9 video extensions in Windows. If you have them installed, these components should update automatically via the Microsoft Store. Provided you haven’t turned off automatic updates for Store apps.
Some escalation of privileges bugs in the following Windows components also get fixes:
Hyper-V gets a patch for a denial of service (DoS) flaw. And another DoS flaw is patched in the Point-to-Point Tunneling (PPTP) protocol.
This month Azure gets fixes for 11 CVEs that are connected to the Azure Site Recovery service. There are fixes for five elevation of privilege flaws and six remote code execution bugs in the service software. So, if you are using Azure Site Recovery for your organization’s disaster recovery, it’s worth looking at what needs to be updated as soon as you can.
There’s a patch for a remote code execution bug in Microsoft Exchange Server (CVE-2022-21990). The flaw could let an authenticated attacker run code with admin rights using a network call. Because this bug is easy to exploit, you should patch your Exchange servers as soon as possible. But of course, only after testing the patch.
It’s not often I mention Visio here, in fact this might be a first. But this month, there are three patches for Microsoft’s diagramming software.
And Microsoft Word gets a patch for a tampering flaw that could let an attacker steal information from an affected client using the Preview Pane.
And if you are a developer using Visual Studio, make sure you update your software this month to get patches for publicly known remote code execution vulnerabilities in .NET and Visual Studio.
Table 1 – Microsoft Patch Tuesday updates, March 2022
Product | Impact | Severity | Article | Download | Details |
Microsoft Defender for Endpoint EDR sensor | Spoofing | Important | Information | Security Update | CVE-2022-23278 |
Windows 10 for 32-bit Systems | Elevation of Privilege | Important | 5011491 | Security Update | CVE-2022-23283 |
Windows Server 2016 (Server Core installation) | Elevation of Privilege | Important | 5011495 | Security Update | CVE-2022-23293 |
Windows 10 Version 21H1 for 32-bit Systems | Elevation of Privilege | Important | 5011487 | Security Update | CVE-2022-23288 |
Windows 10 Version 21H1 for 32-bit Systems | Elevation of Privilege | Important | 5011487 | Security Update | CVE-2022-24525 |
Windows Server 2016 (Server Core installation) | Elevation of Privilege | Important | 5011495 | Security Update | CVE-2022-23287 |
Microsoft Visual Studio 2022 version 17.0 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2020-8927 |
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 – 16.8) | Remote Code Execution | Important | Release Notes | Security Update | CVE-2022-24512 |
Microsoft Exchange Server 2019 Cumulative Update 11 | Spoofing | Important | 5012698 | Security Update | CVE-2022-24463 |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Tampering | Important | Click to Run | Security Update | CVE-2022-24511 |
Microsoft Office LTSC 2021 for 32-bit editions | Security Feature Bypass | Important | Click to Run | Security Update | CVE-2022-24462 |
Windows 10 Version 21H1 for 32-bit Systems | Information Disclosure | Important | 5011487 | Security Update | CVE-2022-24503 |
Windows 10 Version 1909 for ARM64-based Systems | Elevation of Privilege | Important | 5011485 | Security Update | CVE-2022-24455 |
Windows Server, version 20H2 (Server Core Installation) | Elevation of Privilege | Important | 5011487 | Security Update | CVE-2022-24454 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Elevation of Privilege | Important | 5011534 | Monthly Rollup | CVE-2022-24459 |
Windows 10 Version 20H2 for x64-based Systems | Security Feature Bypass | Important | 5011487 | Security Update | CVE-2022-24502 |
Windows Server, version 20H2 (Server Core Installation) | Elevation of Privilege | Important | 5011487 | Security Update | CVE-2022-23299 |
Windows Server 2022 | Elevation of Privilege | Important | 5011497 | Security Update | CVE-2022-23298 |
Windows 10 Version 1809 for 32-bit Systems | Remote Code Execution | Important | 5011503 | Security Update | CVE-2022-23294 |
Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5011564 | Monthly Rollup | CVE-2022-23290 |
Windows RT 8.1 | Remote Code Execution | Important | 5011486 | IE Cumulative | CVE-2022-23285 |
Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5011564 | Monthly Rollup | CVE-2022-23284 |
Windows 10 Version 21H2 for x64-based Systems | Elevation of Privilege | Important | 5011487 | Security Update | CVE-2022-23291 |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2022-24461 |
Windows 11 for x64-based Systems | Elevation of Privilege | Important | 5011493 | Security Update | CVE-2022-24460 |
Windows 10 for x64-based Systems | Information Disclosure | Important | 5011491 | Security Update | CVE-2022-23281 |
Windows 10 Version 1607 for x64-based Systems | Information Disclosure | Important | 5011495 | Security Update | CVE-2022-23297 |
Windows 8.1 for x64-based systems | Elevation of Privilege | Important | 5011564 | Monthly Rollup | CVE-2022-23296 |
Windows 10 Version 21H2 for x64-based Systems | Information Disclosure | Important | 5011487 | Security Update | CVE-2022-22010 |
Windows 10 Version 21H2 for 32-bit Systems | Information Disclosure | Important | 5011487 | Security Update | CVE-2022-21977 |
Windows 10 Version 21H1 for 32-bit Systems | Remote Code Execution | Important | 5011487 | Security Update | CVE-2022-24508 |
Microsoft Exchange Server 2019 Cumulative Update 11 | Remote Code Execution | Critical | 5012698 | Security Update | CVE-2022-23277 |
Windows Server 2016 (Server Core installation) | Elevation of Privilege | Important | 5011495 | Security Update | CVE-2022-24507 |
Microsoft Defender for IoT | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2022-23266 |
Microsoft Defender for IoT | Remote Code Execution | Important | Release Notes | Security Update | CVE-2022-23265 |
Windows Server 2012 R2 (Server Core installation) | Denial of Service | Important | 5011564 | Monthly Rollup | CVE-2022-23253 |
Windows 10 Version 21H2 for ARM64-based Systems | Remote Code Execution | Important | 5011487 | Security Update | CVE-2022-21990 |
Azure Site Recovery VMWare to Azure | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2022-24519 |
Azure Site Recovery VMWare to Azure | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2022-24518 |
Azure Site Recovery VMWare to Azure | Remote Code Execution | Important | Release Notes | Security Update | CVE-2022-24470 |
Azure Site Recovery VMWare to Azure | Remote Code Execution | Important | Release Notes | Security Update | CVE-2022-24467 |
Azure Site Recovery VMWare to Azure | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2022-24515 |
Azure Site Recovery VMWare to Azure | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2022-24506 |
Microsoft Visual Studio 2022 version 17.0 | Denial of Service | Important | Release Notes | Security Update | CVE-2022-24464 |
Skype Extension for Chrome | Information Disclosure | Important | Release Notes | Security Update | CVE-2022-24522 |
Intune Company Portal for iOS | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2022-24465 |
Visual Studio Code | Spoofing | Important | Release Notes | Security Update | CVE-2022-24526 |
Microsoft Office LTSC 2021 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2022-24510 |
Windows 10 Version 20H2 for x64-based Systems | Denial of Service | Important | 5011487 | Security Update | CVE-2022-21975 |
Microsoft Office LTSC 2021 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2022-24509 |
Azure Site Recovery VMWare to Azure | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2022-24469 |
Azure Site Recovery VMWare to Azure | Remote Code Execution | Important | Release Notes | Security Update | CVE-2022-24517 |
Azure Site Recovery VMWare to Azure | Remote Code Execution | Important | Release Notes | Security Update | CVE-2022-24468 |
Azure Site Recovery VMWare to Azure | Remote Code Execution | Important | Release Notes | Security Update | CVE-2022-24471 |
Azure Site Recovery VMWare to Azure | Remote Code Execution | Important | Release Notes | Security Update | CVE-2022-24520 |
Windows 10 Version 1607 for x64-based Systems | Elevation of Privilege | Important | 5011495 | Security Update | CVE-2022-21967 |
HEIF Image Extension | Remote Code Execution | Important | Update Information | Security Update | CVE-2022-24457 |
VP9 Video Extensions | Remote Code Execution | Important | MS Store Information | Security Update | CVE-2022-24451 |
Raw Image Extension | Remote Code Execution | Important | Update Information | Security Update | CVE-2022-23300 |
VP9 Video Extensions | Remote Code Execution | Critical | MS Store Information | Security Update | CVE-2022-24501 |
Raw Image Extension | Remote Code Execution | Important | Update Information | Security Update | CVE-2022-23295 |
HEVC Video Extensions | Remote Code Execution | Important | Update Information | Security Update | CVE-2022-24456 |
HEVC Video Extensions | Remote Code Execution | Important | Update Information | Security Update | CVE-2022-24453 |
HEVC Video Extensions | Remote Code Execution | Important | Update Information | Security Update | CVE-2022-24452 |
HEVC Video Extensions | Remote Code Execution | Important | Update Information | Security Update | CVE-2022-22007 |
HEVC Video Extensions | Remote Code Execution | Critical | Update Information | Security Update | CVE-2022-22006 |
Windows Server 2012 R2 (Server Core installation) | Denial of Service | Important | 5011564 | Monthly Rollup | CVE-2022-21973 |
HEVC Video Extensions | Remote Code Execution | Important | Update Information | Security Update | CVE-2022-23301 |
Paint 3D | Remote Code Execution | Important | Release Notes | Security Update | CVE-2022-23282 |
Windows Server 2016 (Server Core installation) | Elevation of Privilege | Important | 5011495 | Security Update | CVE-2022-24505 |
Windows 10 Version 21H2 for x64-based Systems | Elevation of Privilege | Important | 5011487 | Security Update | CVE-2022-23286 |
Last but never least, Adobe released three security patches in March that plug holes in six CVEs in the following products:
The patches for After Effects and Illustrator are rated Critical, both addressing buffer overflows. And the fix for Photoshop patches a memory leak, which is rated Important.
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
Best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.
If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.
But that is it for another month and happy patching!