Best News Network

Microsoft March 2022 Patch Tuesday: 71 vulnerabilities fixed | ZDNet

Microsoft has released 71 security fixes for software, including 41 patches for Microsoft Windows vulnerabilities, five vulnerabilities in Microsoft Office and two in Microsoft Exchange. 

Two of the vulnerabilities are rated critical — CVE-2022-22006 and CVE-2022-24501 — while the rest are rated important.

In the Redmond giant’s latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, Microsoft has fixed problems including remote code execution (RCE) vulnerabilities, denial of service bugs, privilege escalation bugs, spoofing issues, information leaks, and policy bypass exploits. 

None of the vulnerabilities are being actively exploited, but Sophos noted that a public proof-of-concept has been released for CVE-2022-21990.

March’s security update impacted products include Exchange, Visual Studio, the Xbox app for Windows, Intune, Microsoft Defender, Express Logic, Azure Site Recovery, and the Chromium-based Microsoft Edge browser, which had 21 vulnerabilities. 

Some of the other vulnerabilities of interest in this update are: 

  • CVE-2022-24502: Internet Explorer Security Feature Bypass Vulnerability
  • CVE-2022-24508: SMB Server Remote Code Execution Vulnerability
  • CVE-2022-24512: .NET and Visual Studio Remote Code Execution Vulnerability
  • CVE-2022-21990: Remote Desktop Client Remote Code Execution Vulnerability
  • CVE-2022-23277: Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2022-24459: Windows Fax and Scan Service Elevation of Privilege Vulnerability

Microsoft also announced a slate of updates to Windows 11 on Tuesday. 

Recorded Future’s Allan Liska noted that Microsoft labeled CVE-2022-21990 as “Exploitation More Likely” because there is Proof of Concept code publicly available. 

“In order to exploit this vulnerability, the attacker must control the Remote Desktop Server that the client is connected to and launch the attack from there,” Liska said. 

“We have seen a number of similar vulnerabilities against the Remote Desktop Client over the last few years, none of which have been widely exploited in the wild. Even though previous vulnerabilities of this type have not been widely exploited, that doesn’t mean this one won’t be.”

Liska added that CVE-2022-24501 and CVE-2022-22006 can be exploited if an attacker convinces a victim to download a “specially crafted file” which would crash and exploit the vulnerability when it is opened.

“This is the kind of attack that a sophisticated phishing campaign could easily carry out,” Liska explained. 

Also: Microsoft is working on these new Windows 11 features hidden in test builds

In February, the tech giant released 48 security fixes for software, including a patch for a zero-day bug but no critical-severity flaws.

Cisco and Google also published security updates on Tuesday.  

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.