Description:
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar
Reports indicated that the technical details of multiple vulnerabilities in Microsoft Windows and Server, as well as .NET Framework and Visual Studio software (CVE-2022-21990, CVE-2022-24459 and CVE-2022-24512) were publicly disclosed. Remote code execution vulnerabilities in Microsoft Exchange Server and Windows SMBv3 Client/Server (CVE-2022-23277 and CVE-2022-24508) are at a high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Affected Systems:
- Microsoft Windows 7, 8.1, RT 8.1, 10, 11
- Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2022 Azure Edition Core Hotpatch
- Microsoft Windows Server, version 20H2
- Microsoft Office 2019, 2019 for Mac, LTSC 2021, LTSC for Mac 2021
- Microsoft Word 2013, 2013 RT, 2016
- Microsoft 365 Apps for Enterprise
- Microsoft Exchange Server 2013, 2016, 2019
- Microsoft Visual Studio 2019, 2022
- .NET 5.0, 6.0
- .NET Core 3.1
- Azure Site Recovery VMWare to Azure
- HEVC Video Extensions
- Paint 3D
- Raw Image Extension
- Remote Desktop client for Windows Desktop
- Skype Extension for Chrome
- Visual Studio Code
- VP9 Video Extensions
Impact:
Depending on the vulnerability exploited, a successful attack could lead to remote code execution, elevation of privilege, information disclosure, denial of service, security feature bypass, spoofing and tampering.
Recommendation:
Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
More Information:
- https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar
- https://www.cisa.gov/uscert/ncas/current-activity/2022/03/08/microsoft-releases-march-2022-security-updates
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21967
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21973
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21975
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21977
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21990
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22006
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22007
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22010
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23253
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23265
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23266
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23277
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23278
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23281 (to CVE-2022-23288)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23290
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23291
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23293 (to CVE-2022-23301)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24451 (to CVE-2022-24457)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24459 (to CVE-2022-24465)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24467 (to CVE-2022-24471)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24501 (to CVE-2022-24503)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24505 (to CVE-2022-24512)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24515
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24517 (to CVE-2022-24520)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24522
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24525
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24526