Microsoft Patches 92 Vulnerabilities, Including 3 Critical RCE Flaws
Microsoft has addressed 92 security vulnerabilities in its March 2022 update, including three critical Remote Code Execution (RCE) flaws. The Microsoft Security Response Center (MSRC) has patched issues in various Microsoft 365 products, from Windows OS to Azure services.
Among the patched vulnerabilities are three publicly disclosed zero-days. One, CVE-2022-23277, affects Microsoft Exchange Server and has a CVSSv3.1 score of 8.8/10. Another, CVE-2022-24469, is an Azure Site Recovery Elevation of Privilege vulnerability with a score of 8.1/10. Two more, CVE-2022-21990 and CVE-2022-23285, are Remote Desktop Client RCE vulnerabilities, each with a score of 8.8/10.
Microsoft Edge saw 21 vulnerabilities fixed, while the Windows SMBv3 Client/Server RCE flaw, CVE-2022-24508, also scored 8.8/10. Adobe, meanwhile, has released updates for AfterEffects, Illustrator, and Photoshop, addressing six CVEs with five classified as critical.
Qualys VMDR has been helping customers detect and remediate these new vulnerabilities rapidly. The company also hosts a monthly webinar series to assist customers in leveraging the integration between Qualys Vulnerability Management Detection Response (VMDR) and Patch Management (PM).
In total, Microsoft 365 has patched 92 vulnerabilities, with three critical ones allowing Remote Code Execution. Users are advised to apply the latest updates to protect against these security threats. Adobe users should also update their software to benefit from the six fixed CVEs.
Read also:
- Electric-powered vessels take to the waters of Maine
- Elon Musk accused by Sam Altman of exploiting X for personal gain
- Comparing the value of top electric scooters: Kinetic DX versus Bajaj Chetak versus TVS iQube - Which one offers the best bang for the buck?
- American Eagle's risque promotional effort featuring Sydney Sweeney leads to the brand being categorized as a 'trendy stock' among teenagers.
