Microsoft’s March security update for multiple high-risk product vulnerabilities

Microsoft’s March security update for multiple high-risk product vulnerabilities

março 14, 2022 | Jie Ji

Overview

On March 9, NSFOCUS CERT detected that Microsoft released the March security update patch, which fixed 71 security issues, involving Windows, Exchange Server, Remote Desktop Client, Azure, etc., including privilege escalation, remote code execution and other high-risk vulnerability types.

Among the vulnerabilities fixed by Microsoft’s update this month, there are 3 critical vulnerabilities and 68 important vulnerabilities, including 3 0-day vulnerabilities:

Remote Desktop Client Remote Code Execution Vulnerability (CVE-2022-21990)

Windows Fax and Scan Service Privilege Escalation Vulnerability (CVE-2022-24459)

.NET and Visual Studio Remote Code Execution Vulnerability (CVE-2022-24512)

Relevant users are requested to update patches as soon as possible for protection. For a complete list of vulnerabilities, please refer to the appendix.

NSFOCUS Remote Security Assessment System (RSAS) has the ability to detect most of the vulnerabilities in Microsoft’s patch update (including CVE-2022-21990, CVE-2022-23285, CVE-2022-23278, CVE-2022-24508 and other high-risk vulnerabilities), please pay attention to the update of the NSFOCUS Remote Security Assessment System plug-in upgrade package, and upgrade to V6.0R02F01.2608 in time. Official website link: http://update.nsfocus.com/update/listRsasDetail/v/vulsys

Reference link: https://msrc.microsoft.com/update-guide/en-us/releaseNote/2022-Mar

Description of Major Vulnerabilities

According to the popularity of the product and the importance of the vulnerability, the most influential vulnerabilities contained in this update are screened out. Please pay attention to the relevant users:

Remote Desktop Client Remote Code Execution Vulnerability (CVE-2022-21990/CVE-2022-23285):

In the case of a remote desktop connection, when the victim’s remote desktop client is connected to the attacking server, an attacker controlling the remote desktop server could trigger the vulnerability on the RDP client computer to execute arbitrary arbitrary execution with user rights on the target system. code. The CVSS score was 8.8.

Reference link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21990

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23285

Windows Fax and Scan Service Privilege Escalation Vulnerability (CVE-2022-24459):

A privilege escalation vulnerability exists in Windows Fax and Scan Service, which can be exploited by a local attacker with ordinary user privileges to escalate to SYSTEM privileges without user interaction. The CVSS score was 7.8.

Windows Fax and Scan Service (Fax and Scan Service) is a component developed by Microsoft and built into Microsoft Windows for faxing and scanning documents. It only appears in some Windows Vista versions of the operating system.

Reference link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24459

NET and Visual Studio Remote Code Execution Vulnerability (CVE-2022-24512):

A remote code execution vulnerability exists in .NET and Visual Studio, which can be exploited by a remote attacker without authentication to execute code arbitrarily with user privileges on the target system.

Reference link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512

HEVC Video Extensions Remote Code Execution Vulnerability (CVE-2022-22006):

By crafting a malicious file, an attacker who successfully induces a user to download and open the malicious file on the affected system can exploit this vulnerability to execute arbitrary code with user privileges on the target system. The CVSS score was 7.8.

HEVC Video Extensions is a video extension application developed by Microsoft Corporation that allows computers and utility devices to read High Efficiency Video Coding or HEVC videos.

Reference link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22006

VP9 Video Extensions Remote Code Execution Vulnerability (CVE-2022-24501):

By crafting a malicious file, an attacker who successfully induces a user to download and open the malicious file on the affected system can exploit this vulnerability to execute arbitrary code with user privileges on the target system. The CVSS score was 7.8.

Reference link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24501

Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2022-23277):

A remote code execution vulnerability in Exchange Server could allow an authenticated remote attacker to trigger malicious code in the server account via a network call to execute arbitrary code on the target system.

Reference link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23277

Azure Site Recovery Privilege Escalation Vulnerability (CVE-2022-24469):

A privilege escalation vulnerability exists in Azure Site Recovery. An attacker with low privileges needs to establish a network connection to the replication device, which can ultimately be exploited to escalate to SYSTEM privileges on the target system without user interaction.

Reference link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24469

Windows SMBv3 Client/Server Remote Code Execution Vulnerability (CVE-2022-24508):

A remote code execution vulnerability exists in Windows SMBv3 Client/Server, which can be exploited by a remote attacker with low privileges to execute arbitrary code with user privileges on the target system without user interaction. The CVSS score was 8.8.

Reference link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24508

Scope of Impact

The following are the affected product versions that focus on the vulnerability. For other products affected by the vulnerability, please refer to the official announcement link.

Vulnerability No.Affected Product Version
CVE-2022-21990  Windows 10 Version 21H2 for ARM64
Windows 10 Version 21H2 for 32
Windows 11 for ARM64
Windows Server 2016  (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64
Windows 10 Version 1607 for 32
Windows 10 for x64
Windows 10 for 32
Windows 10 Version 21H2 for x64
Windows 11 for x64
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64
Windows 10 Version 20H2 for 32
Windows 10 Version 20H2 for x64
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32
Windows 10 Version 21H1 for ARM64
Windows 10 Version 21H1 for x64
Remote Desktop client for Windows Desktop
Windows 10 Version 1909 for ARM64
Windows 10 Version 1909 for x64
Windows 10 Version 1909 for 32
Windows Server 2019  (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64
Windows 10 Version 1809 for x64
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64
Windows Server 2008 R2 for x64
Windows Server 2008 for x64
Windows Server 2008 for x64
Windows Server 2008 for 32
Windows Server 2008 for 32
Windows RT 8.1
Windows 8.1 for x64
Windows 8.1 for 32
Windows 7 for x64
Windows 7 for 32
Windows 10 Version 1809 for 32
CVE-2022-23285  Windows RT 8.1
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64
Windows 10 Version 1809 for x64
Windows 10 Version 1809 for 32
Windows Server 2012
Windows Server 2008 R2 for x64
Windows Server 2008 R2 for x64
Windows 10 Version 20H2 for x64
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32
Windows 10 Version 21H1 for ARM64
Windows 10 Version 21H1 for x64
Windows 10 Version 1909 for ARM64
Windows 10 Version 1909 for x64
Windows 10 Version 1909 for 32
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows 8.1 for x64
Windows 8.1 for 32
Windows 7 for x64
Windows 7 for 32
Windows Server 2016  (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64
Windows 10 Version 1607 for 32
Windows 10 for x64
Windows 10 for 32
Windows 10 Version 21H2 for x64
Windows 10 Version 21H2 for ARM64
Windows 10 Version 21H2 for 32
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64
Windows 10 Version 20H2 for 32
CVE-2022-24459  Windows Server 2008 for x64
Windows Server 2008 for x64
Windows Server 2008 for 32
Windows Server 2008 for 32
Windows RT 8.1
Windows 10 for 32
Windows Server 2008 R2 for x64
Windows Server 2008 R2 for x64
Windows 10 Version 21H2 for x64
Windows 10 Version 21H2 for ARM64
Windows 10 Version 21H2 for 32
Windows 11 for ARM64
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows 8.1 for x64
Windows 8.1 for 32
Windows 7 for x64
Windows 7 for 32
Windows Server 2016  (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64
Windows 10 Version 1607 for 32
Windows 10 for x64
Windows 10 Version 1809 for 32
Windows 11 for x64
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64
Windows 10 Version 20H2 for 32
Windows 10 Version 20H2 for x64
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32
Windows 10 Version 21H1 for ARM64
Windows 10 Version 21H1 for x64
Windows 10 Version 1909 for ARM64
Windows 10 Version 1909 for x64
Windows 10 Version 1909 for 32
Windows Server 2019  (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64
Windows 10 Version 1809 for x64
CVE-2022-24512Microsoft Visual Studio 2019 version 16.9 (includes 16.0)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
.NET Core 3.1
.NET 6.0
.NET 5.0
Microsoft Visual Studio 2022 version 17.0
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)
CVE-2022-22006HEVC Video Extensions
CVE-2022-24501VP9 Video Extensions
CVE-2022-23277Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2016 Cumulative Update 21
Microsoft Exchange Server 2013 Cumulative Update 23
CVE-2022-24469Azure Site Recovery VMWare to Azure
CVE-2022-24508Windows 10 Version 21H1 for 32
Windows 10 Version 21H1 for ARM64
Windows 10 Version 21H1 for x64
Windows 10 Version 20H2 for 32
Windows 10 Version 20H2 for x64
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H2 for x64
Windows 10 Version 21H2 for ARM64
Windows 10 Version 21H2 for 32
Windows 11 for ARM64
Windows 11 for x64
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64

Mitigation

At present, Microsoft has officially released a security patch to fix the above vulnerabilities for supported product versions. It is strongly recommended that affected users install the patch as soon as possible for protection. The official download link:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2022-Mar

Note: Due to network problems, computer environment problems, etc., the patch update of Windows Update may fail. After installing the patch, the user should promptly check whether the patch is successfully updated.

Right-click the Windows icon, select “Settings (N)”, select “Update and Security” – “Windows Update”, and view the prompt information on this page. You can also click “View Update History” to view the historical update status.

For updates that are not successfully installed, you can click the update name to jump to the official Microsoft download page. It is recommended that users click the link on this page and go to the “Microsoft Update Catalog” website to download and install the independent package.

Appendix

CVE IDVulnerability NameSeverity
CVE-2022-23277Microsoft Exchange Server Remote Code Execution VulnerabilityCritical
CVE-2022-22006HEVC Video Extensions Remote Code Execution VulnerabilityCritical
CVE-2022-24501VP9 Video Extensions Remote Code Execution VulnerabilityCritical
CVE-2022-24512.NET and Visual Studio Remote Code Execution VulnerabilityImportant
CVE-2022-24464.NET and Visual Studio Denial of Service VulnerabilityImportant
CVE-2020-8927Brotli Library Buffer Overflow VulnerabilityImportant
CVE-2022-24506Azure Site Recovery Elevation of Privilege VulnerabilityImportant
CVE-2022-24517Azure Site Recovery Remote Code Execution VulnerabilityImportant
CVE-2022-24470Azure Site Recovery Remote Code Execution VulnerabilityImportant
CVE-2022-24471Azure Site Recovery Remote Code Execution VulnerabilityImportant
CVE-2022-24520Azure Site Recovery Remote Code Execution VulnerabilityImportant
CVE-2022-24518Azure Site Recovery Elevation of Privilege VulnerabilityImportant
CVE-2022-24519Azure Site Recovery Elevation of Privilege VulnerabilityImportant
CVE-2022-24515Azure Site Recovery Elevation of Privilege VulnerabilityImportant
CVE-2022-24467Azure Site Recovery Remote Code Execution VulnerabilityImportant
CVE-2022-24468Azure Site Recovery Remote Code Execution VulnerabilityImportant
CVE-2022-24469Azure Site Recovery Elevation of Privilege VulnerabilityImportant
CVE-2022-23278Microsoft Defender Endpoint Spoofing VulnerabilityImportant
CVE-2022-23265Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant
CVE-2022-23266Microsoft Defender for IoT Elevation of Privilege VulnerabilityImportant
CVE-2022-24463Microsoft Exchange Server Spoofing VulnerabilityImportant
CVE-2022-24465Microsoft Intune Portal for iOS Security Feature Bypass VulnerabilityImportant
CVE-2022-24510Microsoft Office Visio Remote Code Execution VulnerabilityImportant
CVE-2022-24509Microsoft Office Visio Remote Code Execution VulnerabilityImportant
CVE-2022-24461Microsoft Office Visio Remote Code Execution VulnerabilityImportant
CVE-2022-24462Microsoft Word Security Feature Bypass VulnerabilityImportant
CVE-2022-24511Microsoft Office Word Tampering VulnerabilityImportant
CVE-2022-23287Windows ALPC Elevation of Privilege VulnerabilityImportant
CVE-2022-24505Windows ALPC Elevation of Privilege VulnerabilityImportant
CVE-2022-23283Windows ALPC Elevation of Privilege VulnerabilityImportant
CVE-2022-24451VP9 Video Extensions Remote Code Execution VulnerabilityImportant
CVE-2022-22007HEVC Video Extensions Remote Code Execution VulnerabilityImportant
CVE-2022-24452HEVC Video Extensions Remote Code Execution VulnerabilityImportant
CVE-2022-24453HEVC Video Extensions Remote Code Execution VulnerabilityImportant
CVE-2022-24457HEIF Image Extensions Remote Code Execution VulnerabilityImportant
CVE-2022-24456HEVC Video Extension Remote Code Execution VulnerabilityImportant
CVE-2022-22010Media Foundation Information Disclosure VulnerabilityImportant
CVE-2022-21977Media Foundation Information Disclosure VulnerabilityImportant
CVE-2022-23295Raw Image Extension Remote Code Execution VulnerabilityImportant
CVE-2022-23300Raw Image Extension Remote Code Execution VulnerabilityImportant
CVE-2022-23301HEVC Video Extension Remote Code Execution VulnerabilityImportant
CVE-2022-23282Paint 3D Remote Code Execution VulnerabilityImportant
CVE-2022-21975Windows Hyper-V Denial of Service VulnerabilityImportant
CVE-2022-24522Skype Extension for Chrome Information Disclosure VulnerabilityImportant
CVE-2022-24460Tablet Windows User Interface Application Elevation of Privilege VulnerabilityImportant
CVE-2022-24526Visual Studio Code Spoofing VulnerabilityImportant
CVE-2022-24507Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
CVE-2022-24455Windows CD-ROM Driver Elevation of Privilege VulnerabilityImportant
CVE-2022-23286Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
CVE-2022-23290Windows Inking COM Elevation of Privilege VulnerabilityImportant
CVE-2022-23281Windows Common Log File System Driver Information Disclosure VulnerabilityImportant
CVE-2022-23291Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
CVE-2022-23288Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
CVE-2022-23294Windows Event Tracing Remote Code Execution VulnerabilityImportant
CVE-2022-23293Windows Fast FAT File System Driver Elevation of Privilege VulnerabilityImportant
CVE-2022-24459Windows Fax and Scan Service Elevation of Privilege VulnerabilityImportant
CVE-2022-24502Windows HTML Platforms Security Feature Bypass VulnerabilityImportant
CVE-2022-23296Windows Installer Elevation of Privilege VulnerabilityImportant
CVE-2022-23297Windows NT Lan Manager Datagram Receiver Driver Information Disclosure VulnerabilityImportant
CVE-2022-23298Windows NT OS Kernel Elevation of Privilege VulnerabilityImportant
CVE-2022-21973Windows Media Center Update Denial of Service VulnerabilityImportant
CVE-2022-23299Windows PDEV Elevation of Privilege VulnerabilityImportant
CVE-2022-23253Point-to-Point Tunneling Protocol Denial of Service VulnerabilityImportant
CVE-2022-23284Windows Print Spooler Elevation of Privilege VulnerabilityImportant
CVE-2022-21990Remote Desktop Client Remote Code Execution VulnerabilityImportant
CVE-2022-23285Remote Desktop Client Remote Code Execution VulnerabilityImportant
CVE-2022-24503Remote Desktop Client Remote Code Execution VulnerabilityImportant
CVE-2022-24454Windows Security Support Provider Interface Elevation of Privilege VulnerabilityImportant
CVE-2022-24508Windows SMBv3 Client/Server Remote Code Execution VulnerabilityImportant
CVE-2022-24525Windows Update Stack Elevation of Privilege VulnerabilityImportant
CVE-2022-21967Xbox Live Auth Manager for Windows Elevation of Privilege VulnerabilityImportant

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.