Remote code execution vulnerabilities accounted for 40.8% of the total number of problems.
Microsoft fixed 71 vulnerabilities as part of March 2022 Patch Tuesday, including three critical ones. Remote code execution (RCE) vulnerabilities accounted for 40.8% of the total number of issues fixed this month, followed by privilege escalation vulnerabilities (35.2%).
CVE-2022-23277 is a critical RCE vulnerability in Microsoft Exchange Server. An authorized user could exploit the vulnerability to execute arbitrary code on an affected server. Since vulnerabilities in Exchange are being actively exploited by hackers, organizations should prioritize fixing this issue.
CVE-2022-23285 and CVE-2022-21990 are RCE vulnerabilities in the Remote Desktop Client. Both vulnerabilities received a score of 8.8 on the CVSSv3 scale. To exploit the vulnerabilities, an attacker needs to trick a user into connecting to a malicious server. Successful exploitation will allow the criminal to remotely execute code on the system, install malware, modify or delete data, and create a new account with full privileges.
CVE-2022-24508 is an RCE vulnerability in the Microsoft Server Message Block 3.0 (SMBv3) client and server. The vulnerability was discovered in Windows 10 (version 2004), so it only affects newer supported versions of Windows. Although an attacker would be required to authenticate to exploit this vulnerability, Microsoft strongly recommends that you correct or apply the proposed mitigation as soon as possible.
CVE-2022-24459 is a privilege escalation vulnerability affecting the Fax and Scan service in Windows. The vulnerability received a score of 7.8 on the CVSSv3 scale and could be exploited by a local authorized attacker.
CVE-2022-24512 is an RCE vulnerability affecting Microsoft.NET and Visual Studio. According to Microsoft, exploitation of the vulnerability requires user interaction to activate the payload in the affected application. The attacker is most likely able to force the user to perform the necessary actions using social engineering. To successfully compromise a system, a hacker will also need to exploit this problem along with other vulnerabilities.