Microsoft’s March 2022 Patch Tuesday Comment Addresses 71 CVEs
“This month’s Patch Tuesday release includes fixes for 71 CVEs — three that are rated critical and three zero-days that were publicly disclosed but have not been exploited in the wild. Microsoft addressed CVE-2022-23277, a remote code execution vulnerability in Microsoft Exchange. Microsoft notes that an attacker must be authenticated to exploit this vulnerability. Given the prevalence of attacks against Microsoft Exchange flaws in the past, organizations should apply the available updates immediately.
“This month, Microsoft also patched two remote code execution vulnerabilities in the Remote Desktop Client, both rated Exploitation More Likely. Both of these flaws require a user to connect to an attacker-controlled server from a vulnerable Remote Desktop Client in order to exploit the vulnerabilities. One of these two flaws, CVE-2022-23285, is credited to researchers at Sangfor, who also discovered several Microsoft vulnerabilities in the past, notably in Print Spooler. The other, CVE-2022-21990, is one of the three zero-days addressed in this month’s release.” — Claire Tills, Senior Research Engineer, Tenable
