Microsoft fixes 71 CVEs this month, with three rated as Critical

Reading time icon 7 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • A pretty busy month for a Microsoft Patch Tuesday release, with 71 CVEs.
  • Out of all the CVEs, 68 were marked as important, and none as moderate.
  • However, the Redmond tech giant had to deal with three nasty Critical bugs.
  • We've included each and everyone in this article, with direct links as well.
patch tuesday windows cve

It’s that time of the month again, and everyone is looking towards Microsoft, in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve already provided the direct download links for the cumulative updates released today for Windows 10 and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again.

In terms of heft, this month’s release coincides with Merch releases from previous years, which are usually around 60-70 CVEs.

Let’s dive right into it and see what vulnerabilities are completely gone from our lives, now that these patches are live.

Three critical bugs dealt with this month

For the third month of 2022, Microsoft released 71 new patches. This is in addition to the 21 CVEs patched by Microsoft Edge (Chromium-based) earlier this month, which brings the March total to 92 CVEs.

So, the 71 new patches that became available today address CVEs in:

  • .NET and Visual Studio
  • Azure Site Recovery
  • Microsoft Defender for Endpoint
  • Microsoft Defender for IoT
  • Microsoft Edge (Chromium-based)
  • Microsoft Exchange Server
  • Microsoft Intune
  • Microsoft Office Visio
  • Microsoft Office Word
  • Microsoft Windows ALPC
  • Microsoft Windows Codecs Library
  • Paint 3D
  • Role: Windows Hyper-V
  • Skype Extension for Chrome
  • Tablet Windows User Interface
  • Visual Studio Code
  • Windows Ancillary Function Driver for WinSock
  • Windows CD-ROM Driver
  • Windows Cloud Files Mini Filter Driver
  • Windows COM
  • Windows Common Log File System Driver
  • Windows DWM Core Library
  • Windows Event Tracing
  • Windows Fastfat Driver
  • Windows Fax and Scan Service
  • Windows HTML Platform
  • Windows Installer
  • Windows Kernel
  • Windows Media
  • Windows PDEV
  • Windows Point-to-Point Tunneling Protocol
  • Windows Print Spooler Components
  • Windows Remote Desktop
  • Windows Security Support Provider Interface
  • Windows SMB Server
  • Windows Update Stack
  • XBox

What’s also important to mention is that, out of the 71 CVEs released today, three are rated Critical and 68 are rated Important in severity.

The number of Critical-rated patches is again strangely low for this number of bugs, according to experts and some of the more tech-savvy users.

Furthermore, it is still uncertain if this low percentage of bugs is just a coincidence or if Microsoft might be evaluating the severity using different calculus than in the past.

CVETitleSeverityCVSSPublicExploitedType
CVE-2022-24512.NET and Visual Studio Remote Code Execution VulnerabilityImportant6.3YesNoRCE
CVE-2022-21990Remote Desktop Client Remote Code Execution VulnerabilityImportant8.8YesNoRCE
CVE-2022-24459Windows Fax and Scan Service Elevation of Privilege VulnerabilityImportant7.8YesNoEoP
CVE-2022-22006HEVC Video Extensions Remote Code Execution VulnerabilityCritical7.8NoNoRCE
CVE-2022-23277Microsoft Exchange Server Remote Code Execution VulnerabilityCritical8.8NoNoRCE
CVE-2022-24501VP9 Video Extensions Remote Code Execution VulnerabilityCritical7.8NoNoRCE
CVE-2022-24508Windows SMBv3 Client/Server Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2022-21967Xbox Live Auth Manager for Windows Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2022-24464.NET and Visual Studio Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2022-24469Azure Site Recovery Elevation of Privilege VulnerabilityImportant8.1NoNoEoP
CVE-2022-24506Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-24515Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-24518Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-24519Azure Site Recovery Elevation of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-24467Azure Site Recovery Remote Code Execution VulnerabilityImportant7.2NoNoRCE
CVE-2022-24468Azure Site Recovery Remote Code Execution VulnerabilityImportant7.2NoNoRCE
CVE-2022-24470Azure Site Recovery Remote Code Execution VulnerabilityImportant7.2NoNoRCE
CVE-2022-24471Azure Site Recovery Remote Code Execution VulnerabilityImportant7.2NoNoRCE
CVE-2022-24517Azure Site Recovery Remote Code Execution VulnerabilityImportant7.2NoNoRCE
CVE-2022-24520Azure Site Recovery Remote Code Execution VulnerabilityImportant7.2NoNoRCE
CVE-2020-8927 *Brotli Library Buffer Overflow VulnerabilityImportant6.5NoNoN/A
CVE-2022-24457HEIF Image Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-22007HEVC Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-23301HEVC Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-24452HEVC Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-24453HEVC Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-24456HEVC Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-21977Media Foundation Information Disclosure VulnerabilityImportant3.3NoNoInfo
CVE-2022-22010Media Foundation Information Disclosure VulnerabilityImportant4.4NoNoInfo
CVE-2022-23278Microsoft Defender for Endpoint Spoofing VulnerabilityImportant5.9NoNoSpoofing
CVE-2022-23266Microsoft Defender for IoT Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-23265Microsoft Defender for IoT Remote Code Execution VulnerabilityImportant7.2NoNoRCE
CVE-2022-24463Microsoft Exchange Server Spoofing VulnerabilityImportant6.5NoNoSpoofing
CVE-2022-24465Microsoft Intune Portal for iOS Security Feature Bypass VulnerabilityImportant3.3NoNoSFB
CVE-2022-24461Microsoft Office Visio Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-24509Microsoft Office Visio Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-24510Microsoft Office Visio Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-24511Microsoft Office Word Tampering VulnerabilityImportant5.5NoNoTampering
CVE-2022-24462Microsoft Word Security Feature Bypass VulnerabilityImportant5.5NoNoSFB
CVE-2022-23282Paint 3D Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-23253Point-to-Point Tunneling Protocol Denial of Service VulnerabilityImportant6.5NoNoDoS
CVE-2022-23295Raw Image Extension Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-23300Raw Image Extension Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-23285Remote Desktop Client Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2022-24503Remote Desktop Protocol Client Information Disclosure VulnerabilityImportant5.4NoNoInfo
CVE-2022-24522Skype Extension for Chrome Information Disclosure VulnerabilityImportant7.5NoNoInfo
CVE-2022-24460Tablet Windows User Interface Application Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2022-24526Visual Studio Code Spoofing VulnerabilityImportant6.1NoNoSpoofing
CVE-2022-24451VP9 Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-23283Windows ALPC Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2022-23287Windows ALPC Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2022-24505Windows ALPC Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2022-24507Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-24455Windows CD-ROM Driver Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-23286Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2022-23281Windows Common Log File System Driver Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2022-23288Windows DWM Core Library Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2022-23291Windows DWM Core Library Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-23294Windows Event Tracing Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2022-23293Windows Fast FAT File System Driver Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-24502Windows HTML Platforms Security Feature Bypass VulnerabilityImportant4.3NoNoSFB
CVE-2022-21975Windows Hyper-V Denial of Service VulnerabilityImportant4.7NoNoDoS
CVE-2022-23290Windows Inking COM Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-23296Windows Installer Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-21973Windows Media Center Update Denial of Service VulnerabilityImportant5.5NoNoDoS
CVE-2022-23297Windows NT Lan Manager Datagram Receiver Driver Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2022-23298Windows NT OS Kernel Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2022-23299Windows PDEV Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-23284Windows Print Spooler Elevation of Privilege VulnerabilityImportant7.2NoNoEoP
CVE-2022-24454Windows Security Support Provider Interface Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-24525Windows Update Stack Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2022-0789Chromium: Heap buffer overflow in ANGLEHighN/ANoNoRCE
CVE-2022-0797Chromium: Out of bounds memory access in MojoHighN/ANoNoRCE
CVE-2022-0792Chromium: Out of bounds read in ANGLEHighN/ANoNoRCE
CVE-2022-0795Chromium: Type Confusion in Blink LayoutHighN/ANoNoRCE
CVE-2022-0790Chromium: Use after free in Cast UIHighN/ANoNoRCE
CVE-2022-0796Chromium: Use after free in MediaHighN/ANoNoRCE
CVE-2022-0791Chromium: Use after free in OmniboxHighN/ANoNoRCE
CVE-2022-0793Chromium: Use after free in ViewsHighN/ANoNoRCE
CVE-2022-0794Chromium: Use after free in WebShareHighN/ANoNoRCE
CVE-2022-0800Chromium: Heap buffer overflow in Cast UIMediumN/ANoNoRCE
CVE-2022-0807Chromium: Inappropriate implementation in AutofillMediumN/ANoNoInfo
CVE-2022-0802Chromium: Inappropriate implementation in Full screen modeMediumN/ANoNoInfo
CVE-2022-0804Chromium: Inappropriate implementation in Full screen modeMediumN/ANoNoInfo
CVE-2022-0801Chromium: Inappropriate implementation in HTML parserMediumN/ANoNoTampering
CVE-2022-0803Chromium: Inappropriate implementation in PermissionsMediumN/ANoNoSFB
CVE-2022-0799Chromium: Insufficient policy enforcement in InstallerMediumN/ANoNoSFB
CVE-2022-0809Chromium: Out of bounds memory access in WebXRMediumN/ANoNoRCE
CVE-2022-0805Chromium: Use after free in Browser SwitcherMediumN/ANoNoRCE
CVE-2022-0808Chromium: Use after free in Chrome OS ShellMediumN/ANoNoRCE
CVE-2022-0798Chromium: Use after free in MediaStreamMediumN/ANoNoRCE

Keep in mind that none of the bugs is listed as under active exploit this month, while three are listed as publicly known at the time of release.

These are all the CVEs addressed with this month’s Patch Tuesday release. Overall, this was a pretty hefty but secure month, compared to previous situations.

The next Patch Tuesday batch of software will come on April 12 and we’re all curious to see what Microsoft comes up with until then.

Let’s all hope that we won’t have to deal with critical problems, and that’s it will only be smooth sailing from now on.

Was this article helpful to you? Share your opinion in the comments section below.

More about the topics: patch tuesday

User forum

0 messages