VERT Threat Alert: March 2022 Patch Tuesday Analysis | The State of Security


Today’s VERT Alert addresses Microsoft’s March 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-989 on Wednesday, March 9th.

In-The-Wild & Disclosed CVEs

CVE-2022-21990

CVE-2022-21990 describes a code execution vulnerability within Remote Desktop Client. The vulnerability requires that a malicious actor control the Remote Desktop Server to which the client has connected. Upon connecting to the malicious server, code is executed on the client system. While Microsoft has said that exploitation is more likely, the fact that an attacker must control a malicious server and that the user must willingly connect to it will mitigate the risk presented by this vulnerability.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE-2022-24459

A local privilege escalation vulnerability exists within the Windows Fax and Scan Service that could allow privilege escalation on all supported versions of Windows. In order to exploit this vulnerability, an attacker would need to already have authenticated access to the system. Unfortunately, not a lot of details are available to help us determine exactly where the vulnerability exists.  

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2022-24512

This is an interesting vulnerability when you read everything that Microsoft has written about it. The confidentiality, integrity, and availability aspects of the CVSS score are set to low with Microsoft stating that the ability to exploit the vulnerability is limited because it must be used in combination with other vulnerabilities. Additionally, a user must perform an action to trigger the payload. The fact that this requires the user to take action and that other vulnerabilities be used is interesting when paired with the fact that Microsoft listed Privileges Required as None.  The multitude of factors needed to create exploit conditions indicates that it is unlikely that we will see exploits surface for this vulnerability.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be bold.
Tag CVE Count CVEs
Windows Fastfat Driver 1 CVE-2022-23293
Tablet Windows User Interface 1 CVE-2022-24460
Microsoft Office Word 2 CVE-2022-24462, CVE-2022-24511
Windows Media 1 CVE-2022-21973
Windows Installer 1 CVE-2022-23296
Windows Common Log File System Driver 1 CVE-2022-23281
Microsoft Defender for IoT 2 CVE-2022-23265, CVE-2022-23266
Microsoft Windows ALPC 3 CVE-2022-23283, CVE-2022-23287, CVE-2022-24505
Microsoft Windows Codecs Library 13 CVE-2022-21977, CVE-2022-22010, CVE-2022-23295, CVE-2022-23300, CVE-2022-23301, CVE-2022-22006, CVE-2022-22007, CVE-2022-24451, CVE-2022-24452, CVE-2022-24453, CVE-2022-24501, CVE-2022-24456, CVE-2022-24457
Visual Studio Code 1 CVE-2022-24526
Windows Cloud Files Mini Filter Driver 1 CVE-2022-23286
Windows Security Support Provider Interface 1 CVE-2022-24454
Windows Ancillary Function Driver for WinSock 1 CVE-2022-24507
XBox 1 CVE-2022-21967
Windows Event Tracing 1 CVE-2022-23294
Windows Kernel 2 CVE-2022-23298, CVE-2022-23297
Windows DWM Core Library 2 CVE-2022-23291, CVE-2022-23288
Microsoft Exchange Server 2 CVE-2022-24463, CVE-2022-23277
Windows Point-to-Point Tunneling Protocol 1 CVE-2022-23253
Windows Remote Desktop 3 CVE-2022-21990, CVE-2022-24503, CVE-2022-23285
Microsoft Office Visio 3 CVE-2022-24509, CVE-2022-24461, CVE-2022-24510
Azure Site Recovery 11 CVE-2022-24506, CVE-2022-24515, CVE-2022-24467, CVE-2022-24468, CVE-2022-24469, CVE-2022-24517, CVE-2022-24470, CVE-2022-24518, CVE-2022-24519, CVE-2022-24471, CVE-2022-24520
Windows CD-ROM Driver 1 CVE-2022-24455
Paint 3D 1 CVE-2022-23282
.NET and Visual Studio 3 CVE-2022-24512, CVE-2022-24464, CVE-2020-8927
Windows Update Stack 1 CVE-2022-24525
Windows Print Spooler Components 1 CVE-2022-23284
Role: Windows Hyper-V 1 CVE-2022-21975
Windows PDEV 1 CVE-2022-23299
Windows HTML Platform 1 CVE-2022-24502
Microsoft Defender for Endpoint 1 CVE-2022-23278
Microsoft Edge (Chromium-based) 21 CVE-2022-0789, CVE-2022-0790, CVE-2022-0791, CVE-2022-0792, CVE-2022-0793, CVE-2022-0794, CVE-2022-0795, CVE-2022-0796, CVE-2022-0797, CVE-2022-0798, CVE-2022-0799, CVE-2022-0800, CVE-2022-0801, CVE-2022-0802, CVE-2022-0803, CVE-2022-0804, CVE-2022-0805, CVE-2022-0806, CVE-2022-0807, CVE-2022-0808, CVE-2022-0809
Windows COM 1 CVE-2022-23290
Windows SMB Server 1 CVE-2022-24508
Windows Fax and Scan Service 1 CVE-2022-24459
Microsoft Intune 1 CVE-2022-24465
Skype Extension for Chrome 1 CVE-2022-24522

Other Information

There were no new advisories included with the March Security Guidance.



Source link