Microsoft Rolls out the Patch Tuesday Update for March to Fix the Bugs

Usama AnjumLast Updated: Mar 9, 2022
patch tuesday

Microsoft’s Patch Tuesday update for March has been made official, and it includes 71 patches for Windows, Office, Exchange, and Defender, among other Microsoft software products.

Three of the 71 patches are classified as ‘Critical,’ while the remaining 68 are classified as ‘Important.’  While none of the vulnerabilities are currently being exploited, three of them were publicly known at the time of release. Furthermore, it’s worth noting that earlier this month, Microsoft fixed 21 issues in the Chromium-based Microsoft Edge browser.

Microsoft Rolls out the Patch Tuesday Update for March to Fix the Bugs

Remote code execution problems affecting HEVC Video Extensions (CVE-2022-22006), Microsoft Exchange Server (CVE-2022-23277), and VP9 Video Extensions have all been fixed this month (CVE-2022-24501).

The Microsoft Exchange System vulnerability, which was discovered by researcher Markus Wulftange, is notable as it requires the attacker’s authentication in order to exploit the server. According to Microsoft,

The attacker for this vulnerability could target the server accounts in arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.

Kevin Breen, head of cyber threat research at Immersive Labs, said, “Critical vulnerability CVE-2022-23277 should also be a concern.” “While requiring authentication, this vulnerability affecting on-prem Exchange servers could potentially be used during lateral movement into a part of the environment which presents the opportunity for business email compromise or data theft from email.”

The three zero-day bugs fixed by the company are as follows:

  • CVE-2022-24512 (CVSS score: 6.3)
  • CVE-2022-21990 (CVSS score: 8.8)
  • CVE-2022-24459 (CVSS score: 7.8)

Microsoft also labeled CVE-2022-21990 as “Exploitation More Likely” due to the public availability of a proof-of-concept (PoC) exploit, making the updates critical to be applied as soon as possible to counter any potential phishing attacks.

Check out? Microsoft Xbox Cloud Gaming service to Get Keyboard Mouse Support

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!
Usama AnjumLast Updated: Mar 9, 2022
Photo of Usama Anjum

Usama Anjum

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Get Alerts!

PhoneWorld Logo

Join the groups below to get the latest updates!

💼PTA Tax Updates
💬WhatsApp Channel

>