The Redmond giant’s monthly scheduled updates have arrived this week. With March Patch Tuesday, Microsoft has addressed a total of 71 different vulnerabilities, including 3 zero-day flaws.
Zero-Day Bugs Fixed This Month
The first of the three zero-days that Microsoft fixed in March Patch Tuesday includes a remote code execution flaw in Windows Remote Desktop Client. The vulnerability, CVE-2022-21990, received an important severity rating with a CVSS score of 8.3.
Exploiting the bug merely required an attacker to trick the target client into connecting to a malicious RDP server.
Then, the second zero-day (CVE-2022-24459), an important-severity bug achieving a CVSS score of 7.8, affected Windows Fax and Scan Service. Exploiting the bug could lead to privileges escalation.
Finally, the tech giant described the third security bug (CVE-2022-24512) as a remote code execution in .NET and Visual Studio. Microsoft listed it as an important-severity vulnerability that attained a CVSS score of 6.3.
Microsoft confirmed that all three vulnerabilities escaped active exploitation. But, since the bugs were publicly known before patches, they demand attention from the users.
Other Microsoft Patch Tuesday March Updates
Among the regular updates in Patch Tuesday March, Microsoft fixed three critical vulnerabilities leading to remote code execution upon exploitation. These vulnerabilities affected Microsoft Exchange Server (CVE-2022-23277, CVSS: 8.8), VP9 Video Extensions (CVE-2022-24501, CVSS: 7.8), and HEVC Video Extensions (CVE-2022-22006, CVSS: 7.8).
Besides, all other vulnerabilities include important-severity bugs resulting in privilege escalation, remote code execution, spoofing, and information disclosure. Some of the noteworthy bugs include,
- CVE-2022-24508: remote code execution flaw (CVSS 8.8) in Windows SMBv3 Client/Server
- CVE-2022-23266: privilege escalation (CVSS 7.8) in Microsoft Defender for IoT
- CVE-2022-23285: remote code execution (CVSS 8.8) affecting Remote Desktop Client
- CVE-2022-24464: denial of service bug (CVSS 7.5) affecting .NET and Visual Studio
Since the updates are just released, it might take a while to reach all the users globally. Nonetheless, all Windows end-users must update their systems at the earliest to avoid any risks.