www.belgium.be Logo of the federal government

MICROSOFT PATCH TUESDAY MARCH 2022

Reference: 
Advisory #2022-005
Version: 
1.0
Affected software: 
Microsoft Windows Server
Microsoft Exchange
Microsoft Office suite (Word, Excel, SharePoint)
Microsoft Defender for Endpoint
Windows Remote Desktop
Windows SMB Server
For more information consult the release notes on: https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar
Type: 
Several types, ranging from spoofing to privilege escalation and remote code execution.
CVE/CVSS: 

3 vulnerabilities rated as critical:

 

  •       3 Remote Code Execution vulnerabilities

68 vulnerabilities rated as important:

  •      26 Remote Code Execution vulnerabilities
  •      25 Elevation of Privilege vulnerabilities
  •       6 Information Disclosure vulnerabilities
  •       4 Denial of Service vulnerabilities
  •       3 Spoofing vulnerabilities
  •       3 Security Feature Bypass vulnerabilities
  •       1 Tampering vulnerability
Datum: 
09/03/2022

Sources

https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar

Risks

This month’s Patch Tuesday includes 3 critical and 68 important vulnerabilities for a wide range of Microsoft products, impacting Microsoft Server and Workstations.

Currently, none of this month’s list of vulnerabilities is known to be exploited in the wild.

Description

Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday”, and contain security fixes for Microsoft devices and software.

This month’s release covers 71 vulnerabilities. Three RCE vulnerabilities are marked as critical and are described in more detail below. All other vulnerabilities are marked as important. some are more likely to be exploited in the near future and urgent patching is advised.  This is the first patch tuesday which includes a patch for the XBox gaming console specifically so don't forget to include your gaming gear in your patch cycle.

Highlighted Vulnerabilities

CVE-2022-23277 is a critical RCE vulnerability in Microsoft Exchange Server with a CVSS3.1 score of 8.8 / 7.7. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call. No user interaction is required. Microsoft considers exploitation to be more likely.

CVE-2022-24501 and CVE-2022-22006 are critical RCE vulnerabilities in VP9 Video Extensions and HEVC Video Extensions respectively. CVS3.1 score is of 7.8 / 6.8 for both CVEs. An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file which could lead to a crash. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.

CVE-2022-24508 is an important RCE vulnerability in Windows SMBv3 Client/Server with a CVS3.1 score of 8.8 / 7.7. You can disable compression to block authenticated attackers from exploiting the vulnerability against an SMBv3 Server with the PowerShell command below:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place.

Recommended Actions

The CCB recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

References

https://www.tenable.com/blog/microsofts-march-2022-patch-tuesday-address...