Vulnerability Watch

Forum Discussion

snarang's avatar
snarang
Product Team
3 years ago

Microsoft's March 2022 Patch Tuesday Addresses 71 CVEs...

Microsoft's March 2022 Patch Tuesday Addresses 71 CVEs

On March 8, Microsoft released its monthly Patch Tuesday security update. This month, Microsoft addressed 71 CVEs, three of which were rated critical, while 68 were rated as important. Three vulnerabilities were publicly disclosed as zero-days but were not exploited in the wild.

Microsoft addressed CVE-2022-23277, a critical remote code execution vulnerability in Microsoft Exchange Server. An authenticated attacker could exploit this vulnerability to execute arbitrary code on a vulnerable server. Microsoft says this vulnerability is More Likely to be exploited. Threat actors are fond of targeting Exchange Server vulnerabilities like ProxyLogon, which was the top vulnerability in our 2021 Threat Landscape Retrospective report. Therefore, it is important for organizations to prioritize patching flaws like these.

This month’s update includes patches for:

  • .NET and Visual Studio
  • Azure Site Recovery
  • Microsoft Defender for Endpoint
  • Microsoft Defender for IoT
  • Microsoft Edge (Chromium-based)
  • Microsoft Exchange Server
  • Microsoft Intune
  • Microsoft Office Visio
  • Microsoft Office Word
  • Microsoft Windows ALPC
  • Microsoft Windows Codecs Library
  • Paint 3D
  • Role: Windows Hyper-V
  • Skype Extension for Chrome
  • Tablet Windows User Interface
  • Visual Studio Code
  • Windows Ancillary Function Driver for WinSock
  • Windows CD-ROM Driver
  • Windows Cloud Files Mini Filter Driver
  • Windows COM
  • Windows Common Log File System Driver
  • Windows DWM Core Library
  • Windows Event Tracing
  • Windows Fastfat Driver
  • Windows Fax and Scan Service
  • Windows HTML Platform
  • Windows Installer
  • Windows Kernel
  • Windows Media
  • Windows PDEV
  • Windows Point-to-Point Tunneling Protocol
  • Windows Print Spooler Components
  • Windows Remote Desktop
  • Windows Security Support Provider Interface
  • Windows SMB Server
  • Windows Update Stack
  • XBox

For more information about the notable vulnerabilities in this month’s Patch Tuesday, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

2 Replies

  • t_alsharari's avatar
    t_alsharari
    3 years ago

    Is there a Plugin for this 'CVE-2022-23277'? in tenable sc+. I'm trying to run scan against this vuln, but doesn't seem that there is one in Advanced scan

  • snarang's avatar
    snarang
    Product Team
    3 years ago

    Hi @Thamer Alsharari​,

    Thanks for reaching out. I believe a plugin for Security Updates for Exchange will be released soon. Please check again within the next day and let me know if you do not see it after the plugins have been released.

    The plugin should appear here when it's available: https://www.tenable.com/plugins/search?q=cves%3A%28%22CVE-2022-23277%22%29&sort=&page=1