Microsoft fixes 71 CVEs this month, with three rated as Critical

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • A pretty busy month for a Microsoft Patch Tuesday release, with 71 CVEs.
  • Out of all the CVEs, 68 were marked as important, and none as moderate.
  • However, the Redmond tech giant had to deal with three nasty Critical bugs.
  • We've included each and everyone in this article, with direct links as well.
patch tuesday windows cve

It’s that time of the month again, and everyone is looking towards Microsoft, in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve already provided the direct download links for the cumulative updates released today for Windows 10 and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again.

In terms of heft, this month’s release coincides with Merch releases from previous years, which are usually around 60-70 CVEs.

Let’s dive right into it and see what vulnerabilities are completely gone from our lives, now that these patches are live.

Three critical bugs dealt with this month

For the third month of 2022, Microsoft released 71 new patches. This is in addition to the 21 CVEs patched by Microsoft Edge (Chromium-based) earlier this month, which brings the March total to 92 CVEs.

So, the 71 new patches that became available today address CVEs in:

  • .NET and Visual Studio
  • Azure Site Recovery
  • Microsoft Defender for Endpoint
  • Microsoft Defender for IoT
  • Microsoft Edge (Chromium-based)
  • Microsoft Exchange Server
  • Microsoft Intune
  • Microsoft Office Visio
  • Microsoft Office Word
  • Microsoft Windows ALPC
  • Microsoft Windows Codecs Library
  • Paint 3D
  • Role: Windows Hyper-V
  • Skype Extension for Chrome
  • Tablet Windows User Interface
  • Visual Studio Code
  • Windows Ancillary Function Driver for WinSock
  • Windows CD-ROM Driver
  • Windows Cloud Files Mini Filter Driver
  • Windows COM
  • Windows Common Log File System Driver
  • Windows DWM Core Library
  • Windows Event Tracing
  • Windows Fastfat Driver
  • Windows Fax and Scan Service
  • Windows HTML Platform
  • Windows Installer
  • Windows Kernel
  • Windows Media
  • Windows PDEV
  • Windows Point-to-Point Tunneling Protocol
  • Windows Print Spooler Components
  • Windows Remote Desktop
  • Windows Security Support Provider Interface
  • Windows SMB Server
  • Windows Update Stack
  • XBox

What’s also important to mention is that, out of the 71 CVEs released today, three are rated Critical and 68 are rated Important in severity.

The number of Critical-rated patches is again strangely low for this number of bugs, according to experts and some of the more tech-savvy users.

Furthermore, it is still uncertain if this low percentage of bugs is just a coincidence or if Microsoft might be evaluating the severity using different calculus than in the past.

CVE Title Severity CVSS Public Exploited Type
CVE-2022-24512 .NET and Visual Studio Remote Code Execution Vulnerability Important 6.3 Yes No RCE
CVE-2022-21990 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 Yes No RCE
CVE-2022-24459 Windows Fax and Scan Service Elevation of Privilege Vulnerability Important 7.8 Yes No EoP
CVE-2022-22006 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2022-24501 VP9 Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2022-24508 Windows SMBv3 Client/Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-21967 Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-24464 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-24469 Azure Site Recovery Elevation of Privilege Vulnerability Important 8.1 No No EoP
CVE-2022-24506 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-24515 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-24518 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-24519 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-24467 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-24468 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-24470 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-24471 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-24517 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-24520 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2020-8927 * Brotli Library Buffer Overflow Vulnerability Important 6.5 No No N/A
CVE-2022-24457 HEIF Image Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-22007 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-23301 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-24452 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-24453 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-24456 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-21977 Media Foundation Information Disclosure Vulnerability Important 3.3 No No Info
CVE-2022-22010 Media Foundation Information Disclosure Vulnerability Important 4.4 No No Info
CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability Important 5.9 No No Spoofing
CVE-2022-23266 Microsoft Defender for IoT Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-23265 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-24463 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No Spoofing
CVE-2022-24465 Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability Important 3.3 No No SFB
CVE-2022-24461 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-24509 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-24510 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-24511 Microsoft Office Word Tampering Vulnerability Important 5.5 No No Tampering
CVE-2022-24462 Microsoft Word Security Feature Bypass Vulnerability Important 5.5 No No SFB
CVE-2022-23282 Paint 3D Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-23253 Point-to-Point Tunneling Protocol Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2022-23295 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-23300 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-23285 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-24503 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 5.4 No No Info
CVE-2022-24522 Skype Extension for Chrome Information Disclosure Vulnerability Important 7.5 No No Info
CVE-2022-24460 Tablet Windows User Interface Application Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-24526 Visual Studio Code Spoofing Vulnerability Important 6.1 No No Spoofing
CVE-2022-24451 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-23283 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-23287 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-24505 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-24507 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24455 Windows CD-ROM Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-23286 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-23281 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-23288 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-23291 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-23294 Windows Event Tracing Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-23293 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24502 Windows HTML Platforms Security Feature Bypass Vulnerability Important 4.3 No No SFB
CVE-2022-21975 Windows Hyper-V Denial of Service Vulnerability Important 4.7 No No DoS
CVE-2022-23290 Windows Inking COM Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-23296 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-21973 Windows Media Center Update Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2022-23297 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-23298 Windows NT OS Kernel Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-23299 Windows PDEV Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-23284 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.2 No No EoP
CVE-2022-24454 Windows Security Support Provider Interface Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-24525 Windows Update Stack Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-0789 Chromium: Heap buffer overflow in ANGLE High N/A No No RCE
CVE-2022-0797 Chromium: Out of bounds memory access in Mojo High N/A No No RCE
CVE-2022-0792 Chromium: Out of bounds read in ANGLE High N/A No No RCE
CVE-2022-0795 Chromium: Type Confusion in Blink Layout High N/A No No RCE
CVE-2022-0790 Chromium: Use after free in Cast UI High N/A No No RCE
CVE-2022-0796 Chromium: Use after free in Media High N/A No No RCE
CVE-2022-0791 Chromium: Use after free in Omnibox High N/A No No RCE
CVE-2022-0793 Chromium: Use after free in Views High N/A No No RCE
CVE-2022-0794 Chromium: Use after free in WebShare High N/A No No RCE
CVE-2022-0800 Chromium: Heap buffer overflow in Cast UI Medium N/A No No RCE
CVE-2022-0807 Chromium: Inappropriate implementation in Autofill Medium N/A No No Info
CVE-2022-0802 Chromium: Inappropriate implementation in Full screen mode Medium N/A No No Info
CVE-2022-0804 Chromium: Inappropriate implementation in Full screen mode Medium N/A No No Info
CVE-2022-0801 Chromium: Inappropriate implementation in HTML parser Medium N/A No No Tampering
CVE-2022-0803 Chromium: Inappropriate implementation in Permissions Medium N/A No No SFB
CVE-2022-0799 Chromium: Insufficient policy enforcement in Installer Medium N/A No No SFB
CVE-2022-0809 Chromium: Out of bounds memory access in WebXR Medium N/A No No RCE
CVE-2022-0805 Chromium: Use after free in Browser Switcher Medium N/A No No RCE
CVE-2022-0808 Chromium: Use after free in Chrome OS Shell Medium N/A No No RCE
CVE-2022-0798 Chromium: Use after free in MediaStream Medium N/A No No RCE

Keep in mind that none of the bugs is listed as under active exploit this month, while three are listed as publicly known at the time of release.

These are all the CVEs addressed with this month’s Patch Tuesday release. Overall, this was a pretty hefty but secure month, compared to previous situations.

The next Patch Tuesday batch of software will come on April 12 and we’re all curious to see what Microsoft comes up with until then.

Let’s all hope that we won’t have to deal with critical problems, and that’s it will only be smooth sailing from now on.

Was this article helpful to you? Share your opinion in the comments section below.

This article covers:Topics: