Microsoft has released 71 security patches for its March Patch Tuesday rollout. Of the 71 CVEs addressed, three are ranked as Important zero-days. This month the quantity of patches for Critical vulnerabilities remains low; however, the total number of updates is nearly double what was offered in February 2022.
As vulnerabilities and patches continue to be released, and as stories around patch updates change (see Log4j as an example), it’s vitally important for SecOps teams to maintain a careful remediation and mitigation plan around all vulnerabilities relating to their environments. CrowdStrike’s vulnerability research team offers details and analysis on the vulnerabilities affecting most organizations; however, your company may use a more particular set of Microsoft products. We recommend that you review the vendor’s research accordingly, along with your standard prioritization and remediation plan.
The three zero-day vulnerabilities reported and patched this month only garner CVSS scores between 6.3 and 8.8, or a rank of Important. Nonetheless, these vulnerabilities are relevant to any organization using the affected products. For a more accurate understanding of how these zero-day vulnerabilities could affect your organization, trial CrowdStrike Falcon Spotlight ExPRT.AI. It will provide valuable data and insights, predicting when and how these vulnerabilities could affect your environment.
This month, the zero-days cover a broad range of Microsoft products:
CVE-2022-21990**:** Remote Desktop Client remote code execution (RCE) vulnerability. This client-side vulnerability should not impact organizations as much as a server-side RDP vulnerability, but its listing as publicly known warrants attention for SecOps teams, and it should be patched promptly. This CVE has the highest CVSS score (8.8) out of this month’s three publicly known flaws. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a RCE attack on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.
CVE-2022-24512**:** .NET and Visual Studio remote code execution vulnerability. Rated as Important with a CVSS of 6.3, this vulnerability does not require any type of privileges to be exploited; however, successful exploitation of this vulnerability requires user interaction — in this case, a user triggering the payload in the application.
CVE-2022-24459: Windows Fax and Scan Service elevation of privilege vulnerability. This affects all versions of Microsoft Server and Windows 10 and does not require user interaction or privileges. Because this has a CVSS score of 7.8 and a proof-of-concept exploit code is available, CrowdStrike recommends careful consideration of this vulnerability.
Remote Desktop Client Remote Code Execution Vulnerability
Windows Fax and Scan Service Elevation of Privilege Vulnerability