Patch Tuesday – March 2022

It’s Patch Tuesday again, the second Tuesday of the month when Microsoft and other organizations regularly release security patches for their products. This month Microsoft released patches to cover 71 vulnerabilities, 2 are rated as Critical, 68 Important, and 1 Moderate. Three of the Moderate vulnerabilities have already been publicly disclosed, including a Remote Desktop Client Remote Code Execution Vulnerability (CVE-2022-21990), Windows Fax and Scan Service Elevation of Privilege Vulnerability (CVE-2022-24459), and a .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2022-24512).

The 2 Critical vulnerabilities include a new Microsoft Exchange RCE vulnerability (CVE-2022-23277) and an RCE in VP9 video extensions. The latest Exchange vulnerability requires the attacker to be authenticated to remotely trigger malicious code in the context of the server’s account. VP9 is an open video format developed by Google supported by modern browsers and used in some online streaming services such as YouTube and requires the victim to download and open a specially crafted malicious file.

There are a total of 29 Remote Code Execution (RCE) and 24 Elevation of Privilege vulnerabilities. Of the 29 RCE vulnerabilities, 13 are vulnerabilities in different Windows codecs. There are 11 vulnerabilities patched for Azure Site Recovery, including 5 privilege escalation and 6 RCE vulnerabilities.

For a full break down of all the patches released this month, we recommend you check out the Patch Tuesday Dashboard by Morphus Labs. Also refer to the table below for all the relevant Microsoft KB articles.


KB Article

Applies To


Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2


Windows 10, version 1607, Windows Server 2016


Windows Server 2022


Windows 10, version 1809, Windows Server 2019


Windows Server 2008 (Security-only update)


Windows Server 2012 (Security-only update)


Windows 7, Windows Server 2008 R2 (Security-only update)


Windows Server 2008 (Monthly Rollup)


Windows Server 2012 (Monthly Rollup)


Windows 7, Windows Server 2008 R2 (Monthly Rollup)


Windows 8.1, Windows Server 2012 R2 (Security-only update)


Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

The CRU has been reviewing the data from today’s Patch Tuesday and obtained a few PoCs for some. We will release any new detection content based on these vulnerabilities that we develop as they become available.