March 2022 Patch Tuesday Index

Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in March's Patch Tuesday Index below.

Microsoft released 71 vulnerability fixes this month, with only 3 being rated Critical. Similarly, Adobe posted 3 security bulletins, all of which were given Adobe Priority 3.

A CVSS 7.8 vulnerability disclosed in Linux Kernel, dubbed “Dirty Pipe”, was disclosed Monday morning. Dirty Pipe, or CVE-2022-0847, allows overwriting data in arbitrary read-only files. This can lead to privilege escalation and code injection into root processes. Given the prevalence of Linux in highly sensitive infrastructure, it is highly recommended that admins prioritize remediation of this vulnerability in the next 24 hours to reduce organizational risk.

The Chrome team announced the promotion of Chrome 99 to the stable channel for Windows, Mac and Linux on March 1, 2022. This will roll out over the coming days/weeks. In the desktop version, a total of 28 vulnerabilities were closed. Of these, 11 were classified as high, 15 as medium and 2 as low.

Mozilla released an out-of-band patch for Firefox that addresses two critical vulnerabilities. Both are actively exploited in the wild as zero-days. Given these are actively exploited zero-days, it’s recommended that IT admins prioritize patching these within 24 hours to reduce exposure to malicious actors. Mozilla also released two other High-rated security advisories for Firefox 98 and Firefox ESR 91.7.

We encourage you to join us for our Automox Patch Tuesday Webinar: March 2022. Automox’s Eric Feldman and Adam Whitman will be back to review the latest security patches from Microsoft, Adobe, Google, and other third-party applications. We’ll also have David Van Heerden, Manager of IT Operations, joining this month’s discussion.

Last Updated 1:46 PM ET - March 8, 2021.

Mozilla Firefox
Product	Title	Identifier	Severity
Mozilla Products	2 security vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0	MFSA 2022-09	High
Firefox 98	7 security vulnerabilities fixed in Firefox 98	MFSA 2022-10	High
Firefox ESR 91.7	5 security vulnerabilities fixed in Firefox ESR 91.7	MFSA 2022-11	High
Google Chrome
Product	Title	Identifier	Severity
Google Chrome	28 security vulnerabilities fixed in Chrome 99.0.4844.51	Chrome 99	High
Adobe
Product	Title	Identifier	Severity
Adobe Photoshop	4 security vulnerabilities fixed in Adobe Photoshop	APSB22-14	Adobe Priority 3
Adobe Illustrator	1 security vulnerability fixed in Adobe Illustrator	APSB22-15	Adobe Priority 3
Adobe After Effects	4 security vulnerabilities fixed in Adobe After Effects	APSB22-17	Adobe Priority 3
Microsoft
Product	Title	Identifier	Severity
Microsoft Exchange Server	Microsoft Exchange Server Remote Code Execution Vulnerability	CVE-2022-23277	Critical
Microsoft Windows Codecs Library	HEVC Video Extensions Remote Code Execution Vulnerability	CVE-2022-22006	Critical
Microsoft Windows Codecs Library	VP9 Video Extensions Remote Code Execution Vulnerability	CVE-2022-24501	Critical
.NET and Visual Studio	.NET and Visual Studio Remote Code Execution Vulnerability	CVE-2022-24512	High
Windows Fax and Scan Service	Windows Fax and Scan Service Elevation of Privilege Vulnerability	CVE-2022-24459	High
Windows Remote Desktop	Remote Desktop Client Remote Code Execution Vulnerability	CVE-2022-21990	High
.NET and Visual Studio	Brotli Library Buffer Overflow Vulnerability	CVE-2020-8927	High
.NET and Visual Studio	.NET and Visual Studio Denial of Service Vulnerability	CVE-2022-24464	High
Azure Site Recovery	Azure Site Recovery Elevation of Privilege Vulnerability	CVE-2022-24506	High
Azure Site Recovery	Azure Site Recovery Remote Code Execution Vulnerability	CVE-2022-24467	High
Azure Site Recovery	Azure Site Recovery Elevation of Privilege Vulnerability	CVE-2022-24515	High
Azure Site Recovery	Azure Site Recovery Remote Code Execution Vulnerability	CVE-2022-24468	High
Azure Site Recovery	Azure Site Recovery Remote Code Execution Vulnerability	CVE-2022-24517	High
Azure Site Recovery	Azure Site Recovery Elevation of Privilege Vulnerability	CVE-2022-24469	High
Azure Site Recovery	Azure Site Recovery Elevation of Privilege Vulnerability	CVE-2022-24518	High
Azure Site Recovery	Azure Site Recovery Elevation of Privilege Vulnerability	CVE-2022-24519	High
Azure Site Recovery	Azure Site Recovery Remote Code Execution Vulnerability	CVE-2022-24471	High
Azure Site Recovery	Azure Site Recovery Remote Code Execution Vulnerability	CVE-2022-24520	High
Azure Site Recovery	Azure Site Recovery Remote Code Execution Vulnerability	CVE-2022-24470	High
Microsoft Defender for Endpoint	Microsoft Defender for Endpoint Spoofing Vulnerability	CVE-2022-23278	High
Microsoft Defender for IoT	Microsoft Defender for IoT Elevation of Privilege Vulnerability	CVE-2022-23266	High
Microsoft Defender for IoT	Microsoft Defender for IoT Remote Code Execution Vulnerability	CVE-2022-23265	High
Microsoft Exchange Server	Microsoft Exchange Server Spoofing Vulnerability	CVE-2022-24463	High
Microsoft Intune	Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability	CVE-2022-24465	High
Microsoft Office Visio	Microsoft Office Visio Remote Code Execution Vulnerability	CVE-2022-24509	High
Microsoft Office Visio	Microsoft Office Visio Remote Code Execution Vulnerability	CVE-2022-24510	High
Microsoft Office Visio	Microsoft Office Visio Remote Code Execution Vulnerability	CVE-2022-24461	High
Microsoft Office Word	Microsoft Word Security Feature Bypass Vulnerability	CVE-2022-24462	High
Microsoft Office Word	Microsoft Office Word Tampering Vulnerability	CVE-2022-24511	High
Microsoft Windows ALPC	Windows ALPC Elevation of Privilege Vulnerability	CVE-2022-23287	High
Microsoft Windows ALPC	Windows ALPC Elevation of Privilege Vulnerability	CVE-2022-24505	High
Microsoft Windows ALPC	Windows ALPC Elevation of Privilege Vulnerability	CVE-2022-23283	High
Microsoft Windows Codecs Library	Media Foundation Information Disclosure Vulnerability	CVE-2022-21977	High
Microsoft Windows Codecs Library	Raw Image Extension Remote Code Execution Vulnerability	CVE-2022-23300	High
Microsoft Windows Codecs Library	HEVC Video Extensions Remote Code Execution Vulnerability	CVE-2022-22007	High
Microsoft Windows Codecs Library	HEVC Video Extensions Remote Code Execution Vulnerability	CVE-2022-23301	High
Microsoft Windows Codecs Library	VP9 Video Extensions Remote Code Execution Vulnerability	CVE-2022-24451	High
Microsoft Windows Codecs Library	HEVC Video Extensions Remote Code Execution Vulnerability	CVE-2022-24452	High
Microsoft Windows Codecs Library	HEVC Video Extensions Remote Code Execution Vulnerability	CVE-2022-24453	High
Microsoft Windows Codecs Library	HEIF Image Extensions Remote Code Execution Vulnerability	CVE-2022-24457	High
Microsoft Windows Codecs Library	Raw Image Extension Remote Code Execution Vulnerability	CVE-2022-23295	High
Microsoft Windows Codecs Library	HEVC Video Extensions Remote Code Execution Vulnerability	CVE-2022-24456	High
Microsoft Windows Codecs Library	Media Foundation Information Disclosure Vulnerability	CVE-2022-22010	High
Paint 3D	Paint 3D Remote Code Execution Vulnerability	CVE-2022-23282	High
Role: Windows Hyper-V	Windows Hyper-V Denial of Service Vulnerability	CVE-2022-21975	High
Skype Extension for Chrome	Skype Extension for Chrome Information Disclosure Vulnerability	CVE-2022-24522	High
Tablet Windows User Interface	Tablet Windows User Interface Application Elevation of Privilege Vulnerability	CVE-2022-24460	High
Windows Ancillary Function Driver for WinSock	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	CVE-2022-24507	High
Windows CD-ROM Driver	Windows CD-ROM Driver Elevation of Privilege Vulnerability	CVE-2022-24455	High
Windows Cloud Files Mini Filter Driver	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	CVE-2022-23286	High
Windows COM	Windows Inking COM Elevation of Privilege Vulnerability	CVE-2022-23290	High
Windows Common Log File System Driver	Windows Common Log File System Driver Information Disclosure Vulnerability	CVE-2022-23281	High
Windows DWM Core Library	Windows DWM Core Library Elevation of Privilege Vulnerability	CVE-2022-23291	High
Windows DWM Core Library	Windows DWM Core Library Elevation of Privilege Vulnerability	CVE-2022-23288	High
Windows Event Tracing	Windows Event Tracing Remote Code Execution Vulnerability	CVE-2022-23294	High
Windows Fastfat Driver	Windows Fast FAT File System Driver Elevation of Privilege Vulnerability	CVE-2022-23293	High
Windows HTML Platform	Windows HTML Platforms Security Feature Bypass Vulnerability	CVE-2022-24502	High
Windows Installer	Windows Installer Elevation of Privilege Vulnerability	CVE-2022-23296	High
Windows Kernel	Windows NT OS Kernel Elevation of Privilege Vulnerability	CVE-2022-23298	High
Windows Kernel	Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability	CVE-2022-23297	High
Windows Media	Windows Media Center Update Denial of Service Vulnerability	CVE-2022-21973	High
Windows PDEV	Windows PDEV Elevation of Privilege Vulnerability	CVE-2022-23299	High
Windows Point-to-Point Tunneling Protocol	Point-to-Point Tunneling Protocol Denial of Service Vulnerability	CVE-2022-23253	High
Windows Print Spooler Components	Windows Print Spooler Elevation of Privilege Vulnerability	CVE-2022-23284	High
Windows Remote Desktop	Remote Desktop Protocol Client Information Disclosure Vulnerability	CVE-2022-24503	High
Windows Remote Desktop	Remote Desktop Client Remote Code Execution Vulnerability	CVE-2022-23285	High
Windows Security Support Provider Interface	Windows Security Support Provider Interface Elevation of Privilege Vulnerability	CVE-2022-24454	High
Windows SMB Server	SMB Server Remote Code Execution Vulnerability	CVE-2022-24508	High
Visual Studio Code	Visual Studio Code Spoofing Vulnerability	CVE-2022-24526	High
Windows Update Stack	Windows Update Stack Elevation of Privilege Vulnerability	CVE-2022-24525	High
XBox	Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability	CVE-2022-21967	High

About Automox for IT Operations

Today’s IT leaders deserve better than tedious legacy tools to manage their infrastructure. From our single cloud-native platform, automate and scale your IT operations to meet the growing business demands of the modern workforce. With complete visibility of your entire environment, you can easily monitor, identify, and respond to issues in real-time across any endpoint, regardless of OS or location.

Demo Automox to see how you can immediately gain effortless command of your endpoints.