-
EDR / MDRIdentify, contain, respond, and stop malicious activity on endpoints
-
SIEMCentralize threat visibility and analysis, backed by cutting-edge threat intelligence
-
Risk Assessment & Vulnerability ManagementIdentify unknown cyber risks and routinely scan for vulnerabilities
-
Identity ManagementSecure and streamline client access to devices and applications with strong authentication and SSO
-
Cloud App SecurityMonitor and manage security risk for SaaS apps
-
SASEZero trust secure access for users, locations, and devices
-
SOC ServicesProvide 24/7 threat monitoring and response backed by ConnectWise SOC experts
-
Policy ManagementCreate, deploy, and manage client security policies and profiles
-
Incident Response ServiceOn-tap cyber experts to address critical security incidents
-
Cybersecurity GlossaryGuide to the most common, important terms in the industry
Patch Tuesday – March 2022
It’s Patch Tuesday again, the second Tuesday of the month when Microsoft and other organizations regularly release security patches for their products. This month Microsoft released patches to cover 71 vulnerabilities, 2 are rated as Critical, 68 Important, and 1 Moderate. Three of the Moderate vulnerabilities have already been publicly disclosed, including a Remote Desktop Client Remote Code Execution Vulnerability (CVE-2022-21990), Windows Fax and Scan Service Elevation of Privilege Vulnerability (CVE-2022-24459), and a .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2022-24512).
The 2 Critical vulnerabilities include a new Microsoft Exchange RCE vulnerability (CVE-2022-23277) and an RCE in VP9 video extensions. The latest Exchange vulnerability requires the attacker to be authenticated to remotely trigger malicious code in the context of the server’s account. VP9 is an open video format developed by Google supported by modern browsers and used in some online streaming services such as YouTube and requires the victim to download and open a specially crafted malicious file.
There are a total of 29 Remote Code Execution (RCE) and 24 Elevation of Privilege vulnerabilities. Of the 29 RCE vulnerabilities, 13 are vulnerabilities in different Windows codecs. There are 11 vulnerabilities patched for Azure Site Recovery, including 5 privilege escalation and 6 RCE vulnerabilities.
For a full break down of all the patches released this month, we recommend you check out the Patch Tuesday Dashboard by Morphus Labs. Also refer to the table below for all the relevant Microsoft KB articles.
|
KB Article |
Applies To |
|
Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2 |
|
|
Windows 10, version 1607, Windows Server 2016 |
|
|
Windows Server 2022 |
|
|
Windows 10, version 1809, Windows Server 2019 |
|
|
Windows Server 2008 (Security-only update) |
|
|
Windows Server 2012 (Security-only update) |
|
|
Windows 7, Windows Server 2008 R2 (Security-only update) |
|
|
Windows Server 2008 (Monthly Rollup) |
|
|
Windows Server 2012 (Monthly Rollup) |
|
|
Windows 7, Windows Server 2008 R2 (Monthly Rollup) |
|
|
Windows 8.1, Windows Server 2012 R2 (Security-only update) |
|
|
Windows 8.1, Windows Server 2012 R2 (Monthly Rollup) |
The CRU has been reviewing the data from today’s Patch Tuesday and obtained a few PoCs for some. We will release any new detection content based on these vulnerabilities that we develop as they become available.