Microsoft fixed 71 vulnerabilities as part of Patch Tuesday for March 2022. Three of them were critical.

Remote code execution vulnerabilities ranked first in terms of prevalence (40.8%), followed by privilege escalation vulnerabilities (35.2%).

Microsoft has fixed the following:

CVE-2022-23277 is a critical RCE vulnerability in Microsoft Exchange Server that allowed an authorized user to execute arbitrary code on an affected server.

CVE-2022-23285 and CVE-2022-21990 are RCE vulnerabilities in the Remote Desktop Client with a score of 8.8 on the CVSSv3 scale. To exploit, the hacker had to convince the user to connect to a malicious server in order to remotely execute code on the system, install malware, modify or delete data, and create a new account with full privileges;

CVE-2022-24508 is an RCE vulnerability in the Microsoft Server Message Block 3.0 (SMBv3) client and server that was discovered in Windows 10 (version 2004), so it only affects newer supported versions of Windows. An attacker must be authenticated to exploit this vulnerability;

CVE-2022-24459 is a privilege escalation vulnerability affecting Windows Fax and Scan service with a CVSSv3 score of 7.8. It could be exploited by local authorized attackers;

CVE-2022-24512 is an RCE vulnerability in Microsoft.NET and Visual Studio that requires user interaction to activate a payload in an affected application. This requires actions using social engineering, and this problem is exploited along with other vulnerabilities.

Previously, Windows 11 improved the way Bluetooth devices are displayed on the taskbar with a new interactive battery life overview and connection options for these devices in an upcoming update.

bbabo.Net