• Products & Services
  • Community & Resources
  • Why ConnectWise
  • Support
Get Started
Explore Business Management
PSA
Professional services automation designed to run your as-a-service business
CPQ
Advanced quote and proposal automation to streamline your quoting
BrightGauge
KPI dashboards and reporting for real-time business insights
ITBoost
Centralized, intuitive IT documentation
Service Leadership
Increase shareholder value and profitability
SmileBack
Customer service feedback for MSPs
WisePay
Payments automation to increase cash flow and streamline processes
Business Management Packages
Curated packages designed to streamline, standardize, and automate your business processes
PSA
Professional services automation designed to run your as-a-service business
CPQ
Advanced quote and proposal automation to streamline your quoting
BrightGauge
KPI dashboards and reporting for real-time business insights
ITBoost
Centralized, intuitive IT documentation
Service Leadership
Increase shareholder value and profitability
SmileBack
Customer service feedback for MSPs
WisePay
WisePay
Payment automation to increase cashflow and streamline processes
Business Management Packages
Optimize your business operations through curated packages designed to streamline, standardize, and automate your business processes
Explore Business Management

See new and upcoming product enhancements in our monthly innovation webinar series!
Register now>>

Explore Cybersecurity
MDR
Monitor and stop malicious activity on endpoints
SIEM
Centralize threat visibility and analysis
SaaS Security
Deliver, manage, and monetize cloud security more easily
Vulnerability Management
Identify cybersecurity risks and routinely scan for vulnerabilities
Access Management
Eliminate shared admin passwords and protect customers
Secure Access Service Edge (SASE)
Apply zero trust secure access for users, locations, and devices
MDR
Monitor and stop malicious activity on endpoints
MDR for Microsoft 365
Monitor, protect, and remediate Microsoft 365 exposures
SIEM
Centralize threat visibility and analysis
Co-Managed SIEM
Deploy 24/7 managed detection and response with SOC services
Vulnerability Management
Identify cybersecurity risks and routinely scan for vulnerabilities
Access Management
Eliminate shared admin passwords and protect customers
Secure Access Service Edge (SASE)
Apply zero trust secure access for users, locations, and devices
Security Dashboard
AI-Driven MSP cybersecurity solutions
Explore Data Protection
SaaS Backup
Safeguard customer cloud app data
Co-Managed Backup
Streamline third-party backup management
x360Recover
Hyper-flexible disaster recovery and business continuity
Cloud Backup
Intelligent data protection for Microsoft 365
x360Cloud
SaaS application data protection
SaaS Backup
Safeguard customer cloud app data
Co-Managed Backup
Streamline third-party backup management
Backup360
Comprehensive MSP backup management
Explore Cybersecurity and Data Protection

See new and upcoming product enhancements in our monthly innovation webinar series!
Register now >>

  • IT Nation

    Industry events and networking

  • ConnectWise

    Peer groups and product training

  • Open Ecosystem

    Top-rated vendors and integrations

  • Resources

    Business-driving insights and guidance

IT Nation
IT Nation Connect
Premier MSP industry conference
IT Nation Secure
MSP cybersecurity industry conference
IT Nation Evolve
Peer groups
IT Nation Grow
Expert guidance for business transition
IT Nation PitchIT
Accelerator program for incubating growth
Wise Up Podcast
Insights and strategies to help your business
IT Nation Europe
Regional MSP industry conference
IT Nation Sydney
APAC MSP Industry Conference
Automation Nation
AI & hyperautomation training
IT Nation Connect
Premier MSP industry conference
IT Nation Secure
MSP cybersecurity industry conference
IT Nation Evolve
Peer groups
IT Nation Grow
Expert guidance for business transition
IT Nation PitchIT
Accelerator program for incubating growth
Wise Up Podcast
Insights and strategies to help your business
IT Nation Europe
Regional MSP industry conference
IT Nation Sydney
APAC MSP Industry Conference
Automation Nation
AI & hyperautomation training
Explore The IT Nation

Join the premier thought-leadership conference for MSPs.
Register Now>>

  • About Us

    Company profile, values, and leaders

  • News

    The latest ConnectWise updates

  • Markets

    Roles and industries we support

The only truly unified platform purpose-built for MSPs.
Learn more >>

  • Partner Support

    ConnectWise solution resources

  • Partner Education

    Certifications and resources

Patch Tuesday – March 2022

It’s Patch Tuesday again, the second Tuesday of the month when Microsoft and other organizations regularly release security patches for their products. This month Microsoft released patches to cover 71 vulnerabilities, 2 are rated as Critical, 68 Important, and 1 Moderate. Three of the Moderate vulnerabilities have already been publicly disclosed, including a Remote Desktop Client Remote Code Execution Vulnerability (CVE-2022-21990), Windows Fax and Scan Service Elevation of Privilege Vulnerability (CVE-2022-24459), and a .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2022-24512).

The 2 Critical vulnerabilities include a new Microsoft Exchange RCE vulnerability (CVE-2022-23277) and an RCE in VP9 video extensions. The latest Exchange vulnerability requires the attacker to be authenticated to remotely trigger malicious code in the context of the server’s account. VP9 is an open video format developed by Google supported by modern browsers and used in some online streaming services such as YouTube and requires the victim to download and open a specially crafted malicious file.

There are a total of 29 Remote Code Execution (RCE) and 24 Elevation of Privilege vulnerabilities. Of the 29 RCE vulnerabilities, 13 are vulnerabilities in different Windows codecs. There are 11 vulnerabilities patched for Azure Site Recovery, including 5 privilege escalation and 6 RCE vulnerabilities.

For a full break down of all the patches released this month, we recommend you check out the Patch Tuesday Dashboard by Morphus Labs. Also refer to the table below for all the relevant Microsoft KB articles.

 

KB Article

Applies To

5011487

Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2

5011495

Windows 10, version 1607, Windows Server 2016

5011497

Windows Server 2022

5011503

Windows 10, version 1809, Windows Server 2019

5011525

Windows Server 2008 (Security-only update)

5011527

Windows Server 2012 (Security-only update)

5011529

Windows 7, Windows Server 2008 R2 (Security-only update)

5011534

Windows Server 2008 (Monthly Rollup)

5011535

Windows Server 2012 (Monthly Rollup)

5011552

Windows 7, Windows Server 2008 R2 (Monthly Rollup)

5011560

Windows 8.1, Windows Server 2012 R2 (Security-only update)

5011564

Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

The CRU has been reviewing the data from today’s Patch Tuesday and obtained a few PoCs for some. We will release any new detection content based on these vulnerabilities that we develop as they become available.