March 2022 Patch Tuesday Index

Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in March's Patch Tuesday Index below.

Microsoft released 71 vulnerability fixes this month, with only 3 being rated Critical. Similarly, Adobe posted 3 security bulletins, all of which were given Adobe Priority 3.

A CVSS 7.8 vulnerability disclosed in Linux Kernel, dubbed “Dirty Pipe”, was disclosed Monday morning. Dirty Pipe, or CVE-2022-0847, allows overwriting data in arbitrary read-only files. This can lead to privilege escalation and code injection into root processes. Given the prevalence of Linux in highly sensitive infrastructure, it is highly recommended that admins prioritize remediation of this vulnerability in the next 24 hours to reduce organizational risk.

The Chrome team announced the promotion of Chrome 99 to the stable channel for Windows, Mac and Linux on March 1, 2022. This will roll out over the coming days/weeks. In the desktop version, a total of 28 vulnerabilities were closed. Of these, 11 were classified as high, 15 as medium and 2 as low.

Mozilla released an out-of-band patch for Firefox that addresses two critical vulnerabilities. Both are actively exploited in the wild as zero-days. Given these are actively exploited zero-days, it’s recommended that IT admins prioritize patching these within 24 hours to reduce exposure to malicious actors. Mozilla also released two other High-rated security advisories for Firefox 98 and Firefox ESR 91.7.

We encourage you to join us for our Automox Patch Tuesday Webinar: March 2022. Automox’s Eric Feldman and Adam Whitman will be back to review the latest security patches from Microsoft, Adobe, Google, and other third-party applications. We’ll also have David Van Heerden, Manager of IT Operations, joining this month’s discussion.

Last Updated 1:46 PM ET - March 8, 2021.

firefox Mozilla Firefox
Product

Title

Identifier

Severity

Mozilla Products 2 security vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 MFSA 2022-09 High
Firefox 98 7 security vulnerabilities fixed in Firefox 98 MFSA 2022-10 High
Firefox ESR 91.7 5 security vulnerabilities fixed in Firefox ESR 91.7 MFSA 2022-11 High
chrome Google Chrome
Product

Title

Identifier

Severity

Google Chrome 28 security vulnerabilities fixed in Chrome 99.0.4844.51 Chrome 99 High
adobe Adobe
Product

Title

Identifier

Severity

Adobe Photoshop 4 security vulnerabilities fixed in Adobe Photoshop APSB22-14 Adobe Priority 3
Adobe Illustrator 1 security vulnerability fixed in Adobe Illustrator APSB22-15 Adobe Priority 3
Adobe After Effects 4 security vulnerabilities fixed in Adobe After Effects APSB22-17 Adobe Priority 3
microsoft Microsoft
Product

Title

Identifier

Severity

Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2022-23277 Critical
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2022-22006 Critical
Microsoft Windows Codecs Library VP9 Video Extensions Remote Code Execution Vulnerability CVE-2022-24501 Critical
.NET and Visual Studio .NET and Visual Studio Remote Code Execution Vulnerability CVE-2022-24512 High
Windows Fax and Scan Service Windows Fax and Scan Service Elevation of Privilege Vulnerability CVE-2022-24459 High
Windows Remote Desktop Remote Desktop Client Remote Code Execution Vulnerability CVE-2022-21990 High
.NET and Visual Studio Brotli Library Buffer Overflow Vulnerability CVE-2020-8927 High
.NET and Visual Studio .NET and Visual Studio Denial of Service Vulnerability CVE-2022-24464 High
Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability CVE-2022-24506 High
Azure Site Recovery Azure Site Recovery Remote Code Execution Vulnerability CVE-2022-24467 High
Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability CVE-2022-24515 High
Azure Site Recovery Azure Site Recovery Remote Code Execution Vulnerability CVE-2022-24468 High
Azure Site Recovery Azure Site Recovery Remote Code Execution Vulnerability CVE-2022-24517 High
Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability CVE-2022-24469 High
Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability CVE-2022-24518 High
Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability CVE-2022-24519 High
Azure Site Recovery Azure Site Recovery Remote Code Execution Vulnerability CVE-2022-24471 High
Azure Site Recovery Azure Site Recovery Remote Code Execution Vulnerability CVE-2022-24520 High
Azure Site Recovery Azure Site Recovery Remote Code Execution Vulnerability CVE-2022-24470 High
Microsoft Defender for Endpoint Microsoft Defender for Endpoint Spoofing Vulnerability CVE-2022-23278 High
Microsoft Defender for IoT Microsoft Defender for IoT Elevation of Privilege Vulnerability CVE-2022-23266 High
Microsoft Defender for IoT Microsoft Defender for IoT Remote Code Execution Vulnerability CVE-2022-23265 High
Microsoft Exchange Server Microsoft Exchange Server Spoofing Vulnerability CVE-2022-24463 High
Microsoft Intune Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability CVE-2022-24465 High
Microsoft Office Visio Microsoft Office Visio Remote Code Execution Vulnerability CVE-2022-24509 High
Microsoft Office Visio Microsoft Office Visio Remote Code Execution Vulnerability CVE-2022-24510 High
Microsoft Office Visio Microsoft Office Visio Remote Code Execution Vulnerability CVE-2022-24461 High
Microsoft Office Word Microsoft Word Security Feature Bypass Vulnerability CVE-2022-24462 High
Microsoft Office Word Microsoft Office Word Tampering Vulnerability CVE-2022-24511 High
Microsoft Windows ALPC Windows ALPC Elevation of Privilege Vulnerability CVE-2022-23287 High
Microsoft Windows ALPC Windows ALPC Elevation of Privilege Vulnerability CVE-2022-24505 High
Microsoft Windows ALPC Windows ALPC Elevation of Privilege Vulnerability CVE-2022-23283 High
Microsoft Windows Codecs Library Media Foundation Information Disclosure Vulnerability CVE-2022-21977 High
Microsoft Windows Codecs Library Raw Image Extension Remote Code Execution Vulnerability CVE-2022-23300 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2022-22007 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2022-23301 High
Microsoft Windows Codecs Library VP9 Video Extensions Remote Code Execution Vulnerability CVE-2022-24451 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2022-24452 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2022-24453 High
Microsoft Windows Codecs Library HEIF Image Extensions Remote Code Execution Vulnerability CVE-2022-24457 High
Microsoft Windows Codecs Library Raw Image Extension Remote Code Execution Vulnerability CVE-2022-23295 High
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2022-24456 High
Microsoft Windows Codecs Library Media Foundation Information Disclosure Vulnerability CVE-2022-22010 High
Paint 3D Paint 3D Remote Code Execution Vulnerability CVE-2022-23282 High
Role: Windows Hyper-V Windows Hyper-V Denial of Service Vulnerability CVE-2022-21975 High
Skype Extension for Chrome Skype Extension for Chrome Information Disclosure Vulnerability CVE-2022-24522 High
Tablet Windows User Interface Tablet Windows User Interface Application Elevation of Privilege Vulnerability CVE-2022-24460 High
Windows Ancillary Function Driver for WinSock Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2022-24507 High
Windows CD-ROM Driver Windows CD-ROM Driver Elevation of Privilege Vulnerability CVE-2022-24455 High
Windows Cloud Files Mini Filter Driver Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2022-23286 High
Windows COM Windows Inking COM Elevation of Privilege Vulnerability CVE-2022-23290 High
Windows Common Log File System Driver Windows Common Log File System Driver Information Disclosure Vulnerability CVE-2022-23281 High
Windows DWM Core Library Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2022-23291 High
Windows DWM Core Library Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2022-23288 High
Windows Event Tracing Windows Event Tracing Remote Code Execution Vulnerability CVE-2022-23294 High
Windows Fastfat Driver Windows Fast FAT File System Driver Elevation of Privilege Vulnerability CVE-2022-23293 High
Windows HTML Platform Windows HTML Platforms Security Feature Bypass Vulnerability CVE-2022-24502 High
Windows Installer Windows Installer Elevation of Privilege Vulnerability CVE-2022-23296 High
Windows Kernel Windows NT OS Kernel Elevation of Privilege Vulnerability CVE-2022-23298 High
Windows Kernel Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability CVE-2022-23297 High
Windows Media Windows Media Center Update Denial of Service Vulnerability CVE-2022-21973 High
Windows PDEV Windows PDEV Elevation of Privilege Vulnerability CVE-2022-23299 High
Windows Point-to-Point Tunneling Protocol Point-to-Point Tunneling Protocol Denial of Service Vulnerability CVE-2022-23253 High
Windows Print Spooler Components Windows Print Spooler Elevation of Privilege Vulnerability CVE-2022-23284 High
Windows Remote Desktop Remote Desktop Protocol Client Information Disclosure Vulnerability CVE-2022-24503 High
Windows Remote Desktop Remote Desktop Client Remote Code Execution Vulnerability CVE-2022-23285 High
Windows Security Support Provider Interface Windows Security Support Provider Interface Elevation of Privilege Vulnerability CVE-2022-24454 High
Windows SMB Server SMB Server Remote Code Execution Vulnerability CVE-2022-24508 High
Visual Studio Code Visual Studio Code Spoofing Vulnerability CVE-2022-24526 High
Windows Update Stack Windows Update Stack Elevation of Privilege Vulnerability CVE-2022-24525 High
XBox Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability CVE-2022-21967 High

 

About Automox for IT Operations

Today’s IT leaders deserve better than tedious legacy tools to manage their infrastructure. From our single cloud-native platform, automate and scale your IT operations to meet the growing business demands of the modern workforce. With complete visibility of your entire environment, you can easily monitor, identify, and respond to issues in real-time across any endpoint, regardless of OS or location.

Demo Automox to see how you can immediately gain effortless command of your endpoints.

Dive deeper into this topic

loading...