Remote Desktop client for Windows Multiple Vulnerabilities (March 2022)

2022-03-09T00:00:00

Description

The Windows Remote Desktop client for Windows installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990) - An information disclosure vulnerability An authenticated, remote attacker can exploit this, via [VECTOR], to read small portions of heap memory. (CVE-2022-24503) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

{"id": "SMB_NT_MS22_MAR_RDC.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Remote Desktop client for Windows Multiple Vulnerabilities (March 2022)", "description": "The Windows Remote Desktop client for Windows installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990)\n\n - An information disclosure vulnerability An authenticated, remote attacker can exploit this, via [VECTOR], to read small portions of heap memory. (CVE-2022-24503)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2022-03-09T00:00:00", "modified": "2022-04-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/158759", "reporter": "This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24503", "http://www.nessus.org/u?7ca1f8f1", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21990", "http://www.nessus.org/u?51f17db8", "http://www.nessus.org/u?dbd96878"], "cvelist": ["CVE-2022-21990", "CVE-2022-24503"], "immutableFields": [], "lastseen": "2022-06-15T18:18:01", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "avleonov", "idList": ["AVLEONOV:84C227D6BCF2EBE9D3A584B815D5145A"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0071"]}, {"type": "cve", "idList": ["CVE-2022-21990", "CVE-2022-23285", "CVE-2022-24503"]}, {"type": "githubexploit", "idList": ["5DE1B404-0368-5986-856A-306EA0FE0C09", "E899CC4B-A3FD-5288-BB62-A4201F93FDCC"]}, {"type": "hivepro", "idList": ["HIVEPRO:A5B7D647C96534217BDBB923076B548D", "HIVEPRO:B25417250BE7F8A7BBB1186F85A865F9"]}, {"type": "kaspersky", "idList": ["KLA12479", "KLA12483"]}, {"type": "krebs", "idList": ["KREBS:70E7A65FDA90E9E3D3C07E6FEB92E7BE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:D665E50AE0C4F93CD38E58AB1A0BACF5"]}, {"type": "mscve", "idList": ["MS:CVE-2022-21990", "MS:CVE-2022-23285", "MS:CVE-2022-24503"]}, {"type": "nessus", "idList": ["SMB_NT_MS22_MAR_5011485.NASL", "SMB_NT_MS22_MAR_5011487.NASL", "SMB_NT_MS22_MAR_5011491.NASL", "SMB_NT_MS22_MAR_5011493.NASL", "SMB_NT_MS22_MAR_5011495.NASL", "SMB_NT_MS22_MAR_5011497.NASL", "SMB_NT_MS22_MAR_5011503.NASL", "SMB_NT_MS22_MAR_5011525.NASL", "SMB_NT_MS22_MAR_5011535.NASL", "SMB_NT_MS22_MAR_5011552.NASL", "SMB_NT_MS22_MAR_5011560.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:1DF61FC59A36E7A3EDD995846DA52055"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:C62665D003B287EB5E4FC604B7578606"]}, {"type": "thn", "idList": ["THN:F6E88D18F2D7ABA51DCC332CC3FBCF68"]}, {"type": "threatpost", "idList": ["THREATPOST:305513A61FA2B0EF500854C82DF34A9C"]}]}, "score": {"value": 6.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "avleonov", "idList": ["AVLEONOV:84C227D6BCF2EBE9D3A584B815D5145A"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0071"]}, {"type": "cve", "idList": ["CVE-2022-21990"]}, {"type": "hivepro", "idList": ["HIVEPRO:A5B7D647C96534217BDBB923076B548D"]}, {"type": "kaspersky", "idList": ["KLA12479", "KLA12483"]}, {"type": "krebs", "idList": ["KREBS:70E7A65FDA90E9E3D3C07E6FEB92E7BE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:D665E50AE0C4F93CD38E58AB1A0BACF5"]}, {"type": "mscve", "idList": ["MS:CVE-2022-21990"]}, {"type": "nessus", "idList": ["SMB_NT_MS22_MAR_5011485.NASL", "SMB_NT_MS22_MAR_5011487.NASL", "SMB_NT_MS22_MAR_5011491.NASL", "SMB_NT_MS22_MAR_5011493.NASL", "SMB_NT_MS22_MAR_5011495.NASL", "SMB_NT_MS22_MAR_5011497.NASL", "SMB_NT_MS22_MAR_5011503.NASL", "SMB_NT_MS22_MAR_5011525.NASL", "SMB_NT_MS22_MAR_5011535.NASL", "SMB_NT_MS22_MAR_5011552.NASL", "SMB_NT_MS22_MAR_5011560.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:1DF61FC59A36E7A3EDD995846DA52055"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:C62665D003B287EB5E4FC604B7578606"]}, {"type": "thn", "idList": ["THN:F6E88D18F2D7ABA51DCC332CC3FBCF68"]}]}, "vulnersScore": 6.2}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "pluginID": "158759", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158759);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/15\");\n\n script_cve_id(\"CVE-2022-21990\", \"CVE-2022-24503\");\n script_xref(name:\"IAVA\", value:\"2022-A-0111-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0112-S\");\n\n script_name(english:\"Remote Desktop client for Windows Multiple Vulnerabilities (March 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Windows app installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows Remote Desktop client for Windows installed on the remote host is missing security updates. It is, therefore,\naffected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2022-21990)\n\n - An information disclosure vulnerability An authenticated, remote attacker can exploit this, via [VECTOR],\n to read small portions of heap memory. (CVE-2022-24503)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21990\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ca1f8f1\");\n # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24503\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?51f17db8\");\n # https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dbd96878\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to client version 1.2.2925 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21990\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"remote_desktop_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Remote Desktop\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar appname = \"Microsoft Remote Desktop\";\n\nvar app_info = vcf::get_app_info(app:appname, win_local:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvar constraints = [\n { 'fixed_version' : '1.2.2925' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "naslFamily": "Windows", "cpe": ["cpe:/o:microsoft:windows"], "solution": "Upgrade to client version 1.2.2925 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2022-21990", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2022-03-08T00:00:00", "vulnerabilityPublicationDate": "2022-03-08T00:00:00", "exploitableWith": []}

{"mscve": [{"lastseen": "2022-03-16T07:40:59", "description": "Remote Desktop Protocol Client Information Disclosure Vulnerability. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-03-08T08:00:00", "type": "mscve", "title": "Remote Desktop Protocol Client Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24503"], "modified": "2022-03-08T08:00:00", "id": "MS:CVE-2022-24503", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24503", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-17T17:43:59", "description": "Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23285. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-08T08:00:00", "type": "mscve", "title": "Remote Desktop Client Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21990", "CVE-2022-23285"], "modified": "2022-03-08T08:00:00", "id": "MS:CVE-2022-21990", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21990", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-17T17:43:42", "description": "Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21990. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-08T08:00:00", "type": "mscve", "title": "Remote Desktop Client Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21990", "CVE-2022-23285"], "modified": "2022-03-16T07:00:00", "id": "MS:CVE-2022-23285", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23285", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-05-23T19:07:38", "description": "Remote Desktop Protocol Client Information Disclosure Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-03-09T17:15:00", "type": "cve", "title": "CVE-2022-24503", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24503"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:*", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:20h2"], "id": "CVE-2022-24503", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24503", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-22T21:48:10", "description": "Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21990.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-09T17:15:00", "type": "cve", "title": "CVE-2022-23285", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21990", "CVE-2022-23285"], "modified": "2022-03-14T16:55:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2022-23285", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23285", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-23T19:08:13", "description": "Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23285.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-09T17:15:00", "type": "cve", "title": "CVE-2022-21990", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21990", "CVE-2022-23285"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_server:2022", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server:20h2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-21990", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21990", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"]}], "checkpoint_advisories": [{"lastseen": "2022-03-14T19:47:13", "description": "A remote code execution vulnerability exists in Microsoft Remote Desktop Client. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-08T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Remote Desktop Client Remote Code Execution (CVE-2022-21990)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21990"], "modified": "2022-03-08T00:00:00", "id": "CPAI-2022-0071", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "krebs": [{"lastseen": "2022-03-14T21:27:34", "description": "**Microsoft** on Tuesday released software updates to plug at least 70 security holes in its **Windows** operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users, and relatively few "critical" fixes. And yet we know from experience that attackers are already trying to work out how to turn these patches into a roadmap for exploiting the flaws they fix. Here's a look at the security weaknesses Microsoft says are most likely to be targeted first.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2020/08/windowsec.png)\n\n**Greg Wiseman**, product manager at **Rapid7**, notes that three vulnerabilities fixed this month have been previously disclosed, potentially giving attackers a head start in working out how to exploit them. Those include remote code execution bugs [CVE-2022-24512](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512>), affecting **.NET** and **Visual Studio**, and [CVE-2022-21990](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21990>), affecting **Remote Desktop Client**. [CVE-2022-24459](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24459>) is a vulnerability in the **Windows Fax and Scan** service. All three publicly disclosed vulnerabilities are rated "[Important](<https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system?SilentAuth=1&wa=wsignin1.0>)" by Microsoft.\n\nJust three of the fixes this month earned Microsoft's most-dire "**Critical**" rating, which Redmond assigns to bugs that can be exploited to remotely compromise a Windows PC with little to no help from users. Two of those critical flaws involve Windows video codecs. Perhaps the most concerning critical bug quashed this month is [CVE-2022-23277](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23277>), a remote code execution flaw affecting **Microsoft Exchange Server**.\n\n"Thankfully, this is a post-authentication vulnerability, meaning attackers need credentials to exploit it," Wiseman said. "Although passwords can be obtained via phishing and other means, this one shouldn\u2019t be as rampantly exploited as the [deluge of Exchange vulnerabilities we saw throughout 2021](<https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/>). Exchange administrators should still patch as soon as reasonably possible."\n\n[CVE-2022-24508](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24508>) is a remote code execution bug affecting **Windows SMBv3**, the technology that handles file sharing in Windows environments.\n\n"This has potential for widespread exploitation, assuming an attacker can put together a suitable exploit," Wiseman said. "Luckily, like this month's Exchange vulnerabilities, this, too, requires authentication."\n\n**Kevin Breen**, director of cyber threat research at **Immersive Labs**, called attention to a trio of bugs fixed this month in the **Windows Remote Desktop Protocol** (RDP), which is a favorite target of ransomware groups.\n\n"[CVE-2022-23285](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23285>), [CVE-2022-21990](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21990>) and [CVE-2022-24503](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24503>) are a potential concern especially as this infection vector is commonly used by ransomware actors," Breen said. "While exploitation is not trivial, requiring an attacker to set up bespoke infrastructure, it still presents enough of a risk to be a priority."\n\nMarch's Patch Tuesday also brings an unusual update ([CVE-2022-21967](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21967>)) that might just be the first security patch involving Microsoft's **Xbox** device.\n\n\u201cThis appears to be the first security patch impacting Xbox specifically,\u201d said **Dustin Childs** from **Trend Micro's Zero Day Initiative**. \u201cThere was an advisory for an inadvertently disclosed Xbox Live certificate back in 2015, but this seems to be the first security-specific update for the device itself.\u201d\n\nAlso on Tuesday, Adobe [released updates](<https://helpx.adobe.com/security.html>) addressing six vulnerabilities in **Adobe Photoshop**, **Illustrator** and **After Effects**.\n\nFor a complete rundown of all patches released by Microsoft today and indexed by severity and other metrics, check out the [always-useful Patch Tuesday roundup](<https://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/>) from the **SANS Internet Storm Center**. And it\u2019s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: [AskWoody.com](<https://www.askwoody.com/2022/march-madness-patching-begins/>) usually has the lowdown on any patches that may be causing problems for Windows users.\n\nAs always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these patches, please drop a note about it here in the comments.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-09T16:22:12", "type": "krebs", "title": "Microsoft Patch Tuesday, March 2022 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21967", "CVE-2022-21990", "CVE-2022-23277", "CVE-2022-23285", "CVE-2022-24459", "CVE-2022-24503", "CVE-2022-24508", "CVE-2022-24512"], "modified": "2022-03-09T16:22:12", "id": "KREBS:70E7A65FDA90E9E3D3C07E6FEB92E7BE", "href": "https://krebsonsecurity.com/2022/03/microsoft-patch-tuesday-march-2022-edition/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2022-03-15T23:27:35", "description": "### Microsoft Patch Tuesday Summary \n\nMicrosoft has fixed 92 vulnerabilities, including 21 Microsoft Edge vulnerabilities, in the March 2022 update, with three (3) classified as **_Critical_** as they allow Remote Code Execution (RCE). This month's Patch Tuesday release includes fixes for three (3) publicly disclosed zero-day vulnerabilities as well. As of this writing, none of this month\u2019s list of vulnerabilities is known to be actively exploited in the wild. \n\nMicrosoft has fixed several problems in their software including Denial of Service, Edge \u2013 Chromium, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, and Spoofing vulnerabilities. \n\n### Notable Microsoft Vulnerabilities Patched \n\nThis month's advisory covers multiple Microsoft products, including, but not limited to, .NET and Visual Studio, Azure Site Recovery, Defender, Edge (Chromium-based), Exchange Server, HEIF Image Extension, HEVC Video Extension, Intune, Microsoft 365 Apps, Office, Paint 3D, Remote Desktop, SMB Server and Windows OS. \n\n**[CVE-2022-21990](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21990>) and [CVE-2022-23285](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23285>) - Remote Desktop Client Remote Code Execution (RCE) Vulnerability **\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. \n\nExploitability Assessment: **_Exploitation More Likely_**. \n\n**[CVE-2022-23277](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277>) \u2013 Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability **\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10. The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution (RCE). As an _authenticated user_, the attacker could attempt to trigger malicious code in the context of the server's account through a network call. \n\nExploitability Assessment: **_Exploitation More Likely._** \n\n**[CVE-2022-24469](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24469>) - Azure Site Recovery Elevation of Privilege Vulnerability **\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10. An attacker can call Azure Site Recovery APIs provided by the Configuration Server and in turn, get access to configuration data including credentials for the protected systems. Using the APIs, the attacker can also modify/delete configuration data which in turn will impact Site Recovery operation. \n\nExploitability Assessment: **_Exploitation Less Likely_**. \n\n**[CVE-2022-24508](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24508>) \u2013 Windows SMBv3 Client/Server Remote Code Execution (RCE) Vulnerability **\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10. In addition to releasing an update for this vulnerability, Microsoft has also provided a workaround that may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place: This vulnerability exists in a new feature that was added to Windows 10 version 2004 and exists in newer supported versions of Windows. _Older versions of Windows are not affected_. \n\nExploitability Assessment:** ****_Exploitation More Likely_**. \n\n### Notable Adobe Vulnerabilities Patched \n\nAdobe released updates to fix six (6) CVEs affecting AfterEffects, Illustrator, and Photoshop. Of these six (6) vulnerabilities, five (5) are treated as **_Critical_**. \n\n**[APSB22-14](<https://helpx.adobe.com/security/products/photoshop/apsb22-14.html>) : Security update available for Adobe Photoshop**\n\nThis update resolves an **_Important_** vulnerability. Successful exploitation could lead to memory leak in the context of the current user. \n\n**[APSB22-15](<https://helpx.adobe.com/security/products/illustrator/apsb22-15.html>) : Security update available for Adobe Illustrator**\n\nThis update resolves a **_Critical_** vulnerability that could lead to arbitrary code execution. \n\n**[APSB22-17](<https://helpx.adobe.com/security/products/after_effects/apsb22-17.html>) : Security update available for Adobe After Effects **\n\nThis update addresses**_ Critical_** security vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n\n### Discover and Prioritize Patch Tuesday Vulnerabilities in VMDR\n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB).\n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query: \n \n \n vulnerabilities.vulnerability:( qid:`50119` OR qid:`91868` OR qid:`91869` OR qid:`91870` OR qid:`91871` OR qid:`91872` OR qid:`91873` OR qid:`91874` OR qid:`91875` OR qid:`100417` OR qid:`110403` OR qid:`376453` OR qid:`376454` )\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/VMDR-March2022-1070x488.png)\n\n### Respond by Patching\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday: \n \n \n ( qid:`50119` OR qid:`91868` OR qid:`91869` OR qid:`91870` OR qid:`91871` OR qid:`91872` OR qid:`91873` OR qid:`91874` OR qid:`91875` OR qid:`100417` OR qid:`110403` OR qid:`376453` OR qid:`376454` )\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/PATCH-March2022-1070x488.png)\n\n### Monthly Webinar Series: This Month in Vulnerabilities & Patches \n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/image-1070x560.jpeg)\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management Detection Response (VMDR) and Patch Management (PM). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Patch Management. \n\n* * *\n\n******Join the webinar: This Month in Vulnerabilities & Patches******\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)\n\n* * *\n\n### About Patch Tuesday \n\nQualys Patch Tuesday QIDs are published as [**Security Alerts**](<https://www.qualys.com/research/security-alerts/>)**,** typically, late in the evening on the day of [**Patch Tuesday**](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [**Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard**](<https://success.qualys.com/discussions/s/article/000006821>)**.** \n\n### Contributor \n\n[**Bharat Jogi**](<https://blog.qualys.com/author/bharat_jogi>), Director, Vulnerability and Threat Research, Qualys", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-08T22:20:59", "type": "qualysblog", "title": "March 2022 Patch Tuesday: Microsoft Releases 92 Vulnerabilities with 3 Critical; Adobe Releases 3 Advisories, 6 Vulnerabilities with 5 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21990", "CVE-2022-23277", "CVE-2022-23285", "CVE-2022-24469", "CVE-2022-24508"], "modified": "2022-03-08T22:20:59", "id": "QUALYSBLOG:1DF61FC59A36E7A3EDD995846DA52055", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2022-03-09T15:52:17", "description": "Microsoft has addressed 71 security vulnerabilities in its scheduled March Patch Tuesday update \u2013 only three of which are rated critical in severity. The other 68 are all rated \u201cimportant.\u201d\n\nThree of the bugs are listed as publicly known zero-days, but none of them are listed as having been exploited in the wild (thus far).\n\nThe issues affect the gamut of the computing giant\u2019s portfolio, including Microsoft Windows and Windows Components, Azure Site Recovery, Microsoft Defender for Endpoint and IoT, Intune, Edge (Chromium-based), Windows HTML Platforms, Office and Office Components, Skype, .NET and Visual Studio, Windows RDP, SMB Server.\n\nNotably, the tranche also contains the first-ever patch for the Xbox gaming console.\n\nIt\u2019s worth noting that the update marks the second month in a row with a surprisingly low number of critical patches; in fact, February\u2019s Patch Tuesday update [didn\u2019t list any](<https://threatpost.com/microsoft-february-patch-tuesday-zero-day/178286/>).\n\n\u201cThe number of critical-rated patches is again strangely low for this number of bugs,\u201d Trend Micro Zero-Day Initiative researcher Dustin Childs noted in an email. \u201cIt\u2019s unclear if this low percentage of bugs is just a coincidence, or if Microsoft might be evaluating the severity using different calculus than in the past.\u201d\n\n## **Critical-Rated Microsoft Security Bugs**\n\nThe three critical bugs, all of which could lead to remote code execution, are:\n\n * [CVE-2022-22006](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22006>): HEVC Video Extensions (CVSS rating of 7.8)\n * [CVE-2022-24501](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24501>): VP9 Video Extensions (CVSS rating of 7.8)\n * [CVE-2022-23277](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277>): Microsoft Exchange Server (CVSS rating of 8.8)\n\nBoth video extensions bugs, in HEVC and VP9, require social engineering; an attacker would need to convince a victim to download and open a specially crafted file, which could lead to a crash, according to Microsoft\u2019s advisory.\n\nThe video extensions are coding standards for video compression that Windows is able to run so that users can watch high-fidelity videos. Paul Laudanski, head of threat intelligence at Tessian, noted that the likelihood of compromise is low, thanks to the user-interaction requirement.\n\nThat said, the VP9 bug is more crucial for patching, he said: \u201cVP9 is supported by modern day browsers except for Internet Explorer, so it is critical for users to ensure they are updating them. While VP9 is open and royalty free, the other file code affected, HEVC, is one that users have to purchase a license for.\u201d\n\nThe vulnerability in Exchange Server meanwhile would allow an authenticated attacker to target server accounts with the aim of executing code with elevated privileges, through a network call. Laudanski added that the vulnerability arises from the server not correctly handling objects in memory, which can lead to code execution.\n\nHere, the attacker must be authenticated. Even so, \u201cthis is also listed as low complexity with exploitation more likely, so it wouldn\u2019t surprise me to see this bug exploited in the wild soon,\u201d Childs noted. \u201cTest and deploy this to your Exchange servers quickly.\u201d\n\nKevin Breen, director of cyber-threat research at Immersive Labs, agreed. \u201cWhile requiring authentication, this vulnerability affecting on-prem Exchange servers could potentially be used during lateral movement into a part of the environment which presents the opportunity for business email compromise or data theft from email,\u201d he said via email.\n\nClaire Tills, senior research engineer at Tenable, meanwhile told Threatpost: \u201d Given the prevalence of attacks against Microsoft Exchange flaws in the past, organizations should apply the available updates immediately.\u201d\n\n## **Publicly Known Bugs**\n\nMeanwhile, the three zero-day issues are:\n\n * [CVE-2022-21990](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21990>) \u2013 Remote Desktop Client (CVSS rating of 8.8, allows RCE)\n * [CVE-2022-24512](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512>) \u2013 .NET and Visual Studio (CVSS rating of 6.3, allows RCE)\n * [CVE-2022-24459](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24459>) \u2013 Windows Fax and Scan Service (CVSS rating of 7.8, allows elevation of privilege)\n\nThe RDP client issue deserves to be treated as though it was designated critical, Childs said.\n\n\u201cThis client-side bug doesn\u2019t have the same punch as server-side-related RDP, but since it\u2019s listed as publicly known, it makes sense to treat this as a critical-rated bug,\u201d he said. \u201cThis isn\u2019t as severe as BlueKeep or some of the other RDP server bugs, but it definitely shouldn\u2019t be overlooked.\u201d\n\nWith regards to attack vector, a threat actor would need to lure an affected RDP client to connect to a malicious RDP server, which would allow the person to trigger code execution on the targeted client, Childs explained.\n\nBreen pointed out that the bug is one of three RCE bugs affecting RDP included in the advisory; the other two are [CVE-2022-23285](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23285>) (CVSS 8.8) and [CVE-2022-24503](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24503>) (CVSS 5.4).\n\n\u201cWith the increase in remote working driving the expansion of the attack surface presented by RDP, a trio of RCE vulnerabilities affecting this protocol should be on security teams\u2019 radar,\u201d Breen said via email. \u201c[They] are a potential concern especially as this infection vector is commonly used by ransomware actors. While exploitation is not trivial, requiring an attacker to set up bespoke infrastructure, it still presents enough of a risk to be a priority.\u201d\n\nThe second known RCE bug is much less of a concern, according to Microsoft\u2019s advisory.\n\n\u201cWhile we cannot rule out the impact to confidentiality, integrity and availability, the ability to exploit this vulnerability by itself is limited,\u201d according to the company. \u201cAn attacker would need to combine this with other vulnerabilities to perform an attack.\u201d\n\nPlus, a targeted user would need to be lured to trigger a payload within the application.\n\nMicrosoft offered no technical details about the third publicly known bug.\n\n## **Other March Vulnerabilities of Interest**\n\nResearchers flagged a handful of other issues to patch quickly, including [CVE-2022-24508](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24508>), which exists in the Windows SMBv3 client and server, and which could lead to RCE on Windows 10 version 2004 and newer systems.\n\n\u201cAuthentication is required here, but since this affected both clients and servers, an attacker could use this for lateral movement within a network,\u201d Childs explained. \u201cThis is another one I would treat as critical and mitigate quickly.\u201d\n\nBreen again agreed, and noted that Microsoft offered additional mitigations.\n\n\u201cAnother potential component of lateral movement, remotely executable CVE-2022-24508 in Windows SMB v3, seems to be one to watch out for,\u201d he said. \u201cWhile successful exploitation requires valid credentials, Microsoft provides advice on limiting SMB traffic in lateral and external connections. While this is a strong step in providing defense in depth, blocking such connections can also have an adverse effect on other tools using these connections, something to be considered in mitigation attempts.\u201d\n\nHe also flagged three privilege-escalation vulnerabilities ([CVE-2022-23286](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23286>) in the Windows Cloud Files Mini Filter Driver; [CVE-2022-24507](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24507>) in the Windows Ancillary Function Driver for WinSock; and [CVE-2022-23299](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23299>) in Windows PDEV) as ones to prioritize, since they \u201ccould form the connective tissue in any multi-stage attack, are marked as more likely to be exploited and also therefore warrant interest. Addressing these will stop a potentially limited incursion becoming more serious.\u201d\n\nAnd finally, the Xbox bug ([CVE-2022-21967](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21967>)) exists in the Xbox Live authentication manager for Windows, and can allow elevation of privilege. It\u2019s notable for its uniqueness.\n\n\u201cThis appears to be the first security patch impacting Xbox specifically,\u201d Childs said. \u201cThere was an advisory for an inadvertently disclosed Xbox Live certificate back in 2015, but this seems to be the first security-specific update for the device itself.\u201d\n\n**_Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our _**[**_FREE downloadable eBook_**](<https://bit.ly/3Jy6Bfs>)**_, \u201cCloud Security: The Forecast for 2022.\u201d_** **_We explore organizations\u2019 top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists. _**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-08T21:42:06", "type": "threatpost", "title": "Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2022-21967", "CVE-2022-21990", "CVE-2022-22006", "CVE-2022-23277", "CVE-2022-23285", "CVE-2022-23286", "CVE-2022-23299", "CVE-2022-24459", "CVE-2022-24501", "CVE-2022-24503", "CVE-2022-24507", "CVE-2022-24508", "CVE-2022-24512"], "modified": "2022-03-08T21:42:06", "id": "THREATPOST:305513A61FA2B0EF500854C82DF34A9C", "href": "https://threatpost.com/microsoft-zero-days-critical-bugsmarch-patch-tuesday/178817/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-06-10T21:06:28", "description": "The remote Windows host is missing security update 5011529 or cumulative update 5011529. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-23290, CVE-2022-23293, CVE-2022-23296, CVE-2022-23298, CVE-2022-23299, CVE-2022-24454, CVE-2022-24459)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-23253)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990, CVE-2022-23285)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2022-24502)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "KB5011529: Windows Server 2008 R2 (March 2022) Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21990", "CVE-2022-23253", "CVE-2022-23281", "CVE-2022-23283", "CVE-2022-23285", "CVE-2022-23290", "CVE-2022-23293", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-24454", "CVE-2022-24459", "CVE-2022-24502", "CVE-2022-24503"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAR_5011552.NASL", "href": "https://www.tenable.com/plugins/nessus/158718", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158718);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-21990\",\n \"CVE-2022-23253\",\n \"CVE-2022-23281\",\n \"CVE-2022-23283\",\n \"CVE-2022-23285\",\n \"CVE-2022-23290\",\n \"CVE-2022-23293\",\n \"CVE-2022-23296\",\n \"CVE-2022-23297\",\n \"CVE-2022-23298\",\n \"CVE-2022-23299\",\n \"CVE-2022-24454\",\n \"CVE-2022-24459\",\n \"CVE-2022-24502\",\n \"CVE-2022-24503\"\n );\n script_xref(name:\"MSKB\", value:\"5011529\");\n script_xref(name:\"MSKB\", value:\"5011552\");\n script_xref(name:\"MSFT\", value:\"MS22-5011529\");\n script_xref(name:\"MSFT\", value:\"MS22-5011552\");\n script_xref(name:\"IAVA\", value:\"2022-A-0112-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0111-S\");\n\n script_name(english:\"KB5011529: Windows Server 2008 R2 (March 2022) Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5011529\nor cumulative update 5011529. It is, therefore, affected by\nmultiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-23290, CVE-2022-23293,\n CVE-2022-23296, CVE-2022-23298, CVE-2022-23299,\n CVE-2022-24454, CVE-2022-24459)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2022-23253)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2022-23281, CVE-2022-23297,\n CVE-2022-24503)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2022-21990,\n CVE-2022-23285)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2022-24502)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5011529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5011552\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5011529 or Cumulative Update KB5011529.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24459\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23285\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-03';\nkbs = make_list(\n '5011552',\n '5011529'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1',\n sp:1,\n rollup_date:'03_2022',\n bulletin:bulletin,\n rollup_kb_list:[5011552, 5011529])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T21:06:24", "description": "The remote Windows host is missing security update 5011535 or cumulative update 5011527. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2022-23290, CVE-2022-23284, CVE-2022-24459, CVE-2022-23299, CVE-2022-23298, CVE-2022-24455, CVE-2022-24454, CVE-2022-23283, CVE-2022-23296, CVE-2022-23293)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2022-24502)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-23285 CVE-2022-23294, CVE-2022-21990)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-24503, CVE-2022-22010, CVE-2022-23297, CVE-2022-23281)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "KB5011527: Windows Server 2012 Security Update (March 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21973", "CVE-2022-21990", "CVE-2022-22010", "CVE-2022-23253", "CVE-2022-23281", "CVE-2022-23283", "CVE-2022-23284", "CVE-2022-23285", "CVE-2022-23290", "CVE-2022-23293", "CVE-2022-23294", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-24454", "CVE-2022-24455", "CVE-2022-24459", "CVE-2022-24502", "CVE-2022-24503"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAR_5011535.NASL", "href": "https://www.tenable.com/plugins/nessus/158713", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158713);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-21973\",\n \"CVE-2022-21990\",\n \"CVE-2022-22010\",\n \"CVE-2022-23253\",\n \"CVE-2022-23281\",\n \"CVE-2022-23283\",\n \"CVE-2022-23284\",\n \"CVE-2022-23285\",\n \"CVE-2022-23290\",\n \"CVE-2022-23293\",\n \"CVE-2022-23294\",\n \"CVE-2022-23296\",\n \"CVE-2022-23297\",\n \"CVE-2022-23298\",\n \"CVE-2022-23299\",\n \"CVE-2022-24454\",\n \"CVE-2022-24455\",\n \"CVE-2022-24459\",\n \"CVE-2022-24502\",\n \"CVE-2022-24503\"\n );\n script_xref(name:\"MSKB\", value:\"5011527\");\n script_xref(name:\"MSKB\", value:\"5011535\");\n script_xref(name:\"MSFT\", value:\"MS22-5011527\");\n script_xref(name:\"MSFT\", value:\"MS22-5011535\");\n script_xref(name:\"IAVA\", value:\"2022-A-0112-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0111-S\");\n\n script_name(english:\"KB5011527: Windows Server 2012 Security Update (March 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5011535\nor cumulative update 5011527. It is, therefore, affected by\nmultiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2022-23290, CVE-2022-23284, CVE-2022-24459,\n CVE-2022-23299, CVE-2022-23298, CVE-2022-24455,\n CVE-2022-24454, CVE-2022-23283, CVE-2022-23296,\n CVE-2022-23293)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2022-24502)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2022-23285\n CVE-2022-23294, CVE-2022-21990)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2022-24503, CVE-2022-22010, CVE-2022-23297,\n CVE-2022-23281)\n\nNote that Nessus has not tested for this issue but has instead \nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5011527.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23284\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-03';\nkbs = make_list(\n '5011535',\n '5011527'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2',\n sp:0,\n rollup_date:'03_2022',\n bulletin:bulletin,\n rollup_kb_list:[5011535, 5011527])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T23:09:41", "description": "The remote Windows host is missing security update 5011560 or cumulative update 5011560. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-23284, CVE-2022-23290, CVE-2022-23293, CVE-2022-23296, CVE-2022-23298, CVE-2022-23299, CVE-2022-24454, CVE-2022-24455, CVE-2022-24459)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21977, CVE-2022-22010, CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2022-24502)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-21973, CVE-2022-21975, CVE-2022-23253)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990, CVE-2022-23285, CVE-2022-23294)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "KB5011560: Windows Server 2012 R2 Security Update (March 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21973", "CVE-2022-21975", "CVE-2022-21977", "CVE-2022-21990", "CVE-2022-22010", "CVE-2022-23253", "CVE-2022-23281", "CVE-2022-23283", "CVE-2022-23284", "CVE-2022-23285", "CVE-2022-23290", "CVE-2022-23293", "CVE-2022-23294", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-24454", "CVE-2022-24455", "CVE-2022-24459", "CVE-2022-24502", "CVE-2022-24503"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAR_5011560.NASL", "href": "https://www.tenable.com/plugins/nessus/158702", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158702);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-21973\",\n \"CVE-2022-21975\",\n \"CVE-2022-21977\",\n \"CVE-2022-21990\",\n \"CVE-2022-22010\",\n \"CVE-2022-23253\",\n \"CVE-2022-23281\",\n \"CVE-2022-23283\",\n \"CVE-2022-23284\",\n \"CVE-2022-23285\",\n \"CVE-2022-23290\",\n \"CVE-2022-23293\",\n \"CVE-2022-23294\",\n \"CVE-2022-23296\",\n \"CVE-2022-23297\",\n \"CVE-2022-23298\",\n \"CVE-2022-23299\",\n \"CVE-2022-24454\",\n \"CVE-2022-24455\",\n \"CVE-2022-24459\",\n \"CVE-2022-24502\",\n \"CVE-2022-24503\"\n );\n script_xref(name:\"MSKB\", value:\"5011560\");\n script_xref(name:\"MSKB\", value:\"5011564\");\n script_xref(name:\"MSFT\", value:\"MS22-5011560\");\n script_xref(name:\"MSFT\", value:\"MS22-5011564\");\n script_xref(name:\"IAVA\", value:\"2022-A-0112-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0111-S\");\n\n script_name(english:\"KB5011560: Windows Server 2012 R2 Security Update (March 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5011560\nor cumulative update 5011560. It is, therefore, affected by\nmultiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-23284, CVE-2022-23290,\n CVE-2022-23293, CVE-2022-23296, CVE-2022-23298,\n CVE-2022-23299, CVE-2022-24454, CVE-2022-24455,\n CVE-2022-24459)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2022-21977, CVE-2022-22010,\n CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2022-24502)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2022-21973,\n CVE-2022-21975, CVE-2022-23253)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2022-21990,\n CVE-2022-23285, CVE-2022-23294)\n\nNote that Nessus has not tested for this issue but has instead relied \nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5011560.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23284\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-03';\nkbs = make_list(\n '5011564',\n '5011560'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3',\n sp:0,\n rollup_date:'03_2022',\n bulletin:bulletin,\n rollup_kb_list:[5011564, 5011560])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T23:06:45", "description": "The remote Windows host is missing security update 5011491. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-24459, CVE-2022-23284, CVE-2022-23296, CVE-2022-23287, CVE-2022-23298, CVE-2022-23290, CVE-2022-24454, CVE-2022-24460, CVE-2022-23299, CVE-2022-23293, CVE-2022-24455, CVE-2022-21967, CVE-2022-24505)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2022-24502)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990 CVE-2022-23294, CVE-2022-23285)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-23281, CVE-2022-23297, CVE-2022-21977, CVE-2022-22010, CVE-2022-24503)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "KB5011491: Windows 10 LTS 1507 Security Update (March 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21967", "CVE-2022-21975", "CVE-2022-21977", "CVE-2022-21990", "CVE-2022-22010", "CVE-2022-23253", "CVE-2022-23281", "CVE-2022-23283", "CVE-2022-23284", "CVE-2022-23285", "CVE-2022-23287", "CVE-2022-23290", "CVE-2022-23293", "CVE-2022-23294", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-24454", "CVE-2022-24455", "CVE-2022-24459", "CVE-2022-24460", "CVE-2022-24502", "CVE-2022-24503", "CVE-2022-24505"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAR_5011491.NASL", "href": "https://www.tenable.com/plugins/nessus/158717", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158717);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-21967\",\n \"CVE-2022-21975\",\n \"CVE-2022-21977\",\n \"CVE-2022-21990\",\n \"CVE-2022-22010\",\n \"CVE-2022-23253\",\n \"CVE-2022-23281\",\n \"CVE-2022-23283\",\n \"CVE-2022-23284\",\n \"CVE-2022-23285\",\n \"CVE-2022-23287\",\n \"CVE-2022-23290\",\n \"CVE-2022-23293\",\n \"CVE-2022-23294\",\n \"CVE-2022-23296\",\n \"CVE-2022-23297\",\n \"CVE-2022-23298\",\n \"CVE-2022-23299\",\n \"CVE-2022-24454\",\n \"CVE-2022-24455\",\n \"CVE-2022-24459\",\n \"CVE-2022-24460\",\n \"CVE-2022-24502\",\n \"CVE-2022-24503\",\n \"CVE-2022-24505\"\n );\n script_xref(name:\"MSKB\", value:\"5011491\");\n script_xref(name:\"MSFT\", value:\"MS22-5011491\");\n script_xref(name:\"IAVA\", value:\"2022-A-0111-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0112-S\");\n\n script_name(english:\"KB5011491: Windows 10 LTS 1507 Security Update (March 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5011491. It is, therefore, \naffected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-24459, CVE-2022-23284,\n CVE-2022-23296, CVE-2022-23287, CVE-2022-23298,\n CVE-2022-23290, CVE-2022-24454, CVE-2022-24460,\n CVE-2022-23299, CVE-2022-23293, CVE-2022-24455,\n CVE-2022-21967, CVE-2022-24505)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2022-24502)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2022-21990\n CVE-2022-23294, CVE-2022-23285)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2022-23281, CVE-2022-23297,\n CVE-2022-21977, CVE-2022-22010, CVE-2022-24503)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5011491.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23284\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-03';\nkbs = make_list(\n '5011491'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:10240,\n rollup_date:'03_2022',\n bulletin:bulletin,\n rollup_kb_list:[5011491])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T21:05:14", "description": "The remote Windows host is missing security update 5011495. It is, therefore, affected by multiple vulnerabilities\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-23284, CVE-2022-23287, CVE-2022-23290, CVE-2022-23293, CVE-2022-23296, CVE-2022-23298, CVE-2022-23299, CVE-2022-24454, CVE-2022-24455, CVE-2022-24459, CVE-2022-24460, CVE-2022-24505, CVE-2022-24507)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-21975, CVE-2022-23253)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2022-24502)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21977, CVE-2022-22010, CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990, CVE-2022-23285, CVE-2022-23294)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "KB5011495: Windows 10 Version 1607 and Windows Server 2016 Security Update (March 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21967", "CVE-2022-21975", "CVE-2022-21977", "CVE-2022-21990", "CVE-2022-22010", "CVE-2022-23253", "CVE-2022-23281", "CVE-2022-23283", "CVE-2022-23284", "CVE-2022-23285", "CVE-2022-23287", "CVE-2022-23290", "CVE-2022-23293", "CVE-2022-23294", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-24454", "CVE-2022-24455", "CVE-2022-24459", "CVE-2022-24460", "CVE-2022-24502", "CVE-2022-24503", "CVE-2022-24505", "CVE-2022-24507"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAR_5011495.NASL", "href": "https://www.tenable.com/plugins/nessus/158704", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158704);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-21967\",\n \"CVE-2022-21975\",\n \"CVE-2022-21977\",\n \"CVE-2022-21990\",\n \"CVE-2022-22010\",\n \"CVE-2022-23253\",\n \"CVE-2022-23281\",\n \"CVE-2022-23283\",\n \"CVE-2022-23284\",\n \"CVE-2022-23285\",\n \"CVE-2022-23287\",\n \"CVE-2022-23290\",\n \"CVE-2022-23293\",\n \"CVE-2022-23294\",\n \"CVE-2022-23296\",\n \"CVE-2022-23297\",\n \"CVE-2022-23298\",\n \"CVE-2022-23299\",\n \"CVE-2022-24454\",\n \"CVE-2022-24455\",\n \"CVE-2022-24459\",\n \"CVE-2022-24460\",\n \"CVE-2022-24502\",\n \"CVE-2022-24503\",\n \"CVE-2022-24505\",\n \"CVE-2022-24507\"\n );\n script_xref(name:\"MSKB\", value:\"5011495\");\n script_xref(name:\"MSFT\", value:\"MS22-5011495\");\n script_xref(name:\"IAVA\", value:\"2022-A-0111-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0112-S\");\n\n script_name(english:\"KB5011495: Windows 10 Version 1607 and Windows Server 2016 Security Update (March 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5011495. It is, therefore, \naffected by multiple vulnerabilities\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-23284, CVE-2022-23287,\n CVE-2022-23290, CVE-2022-23293, CVE-2022-23296,\n CVE-2022-23298, CVE-2022-23299, CVE-2022-24454,\n CVE-2022-24455, CVE-2022-24459, CVE-2022-24460,\n CVE-2022-24505, CVE-2022-24507)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2022-21975,\n CVE-2022-23253)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2022-24502)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2022-21977, CVE-2022-22010,\n CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2022-21990,\n CVE-2022-23285, CVE-2022-23294)\n\nNote that Nessus has not tested for this issue but has instead \nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5011495.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23284\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-03';\nkbs = make_list(\n '5011495'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:14393,\n rollup_date:'03_2022',\n bulletin:bulletin,\n rollup_kb_list:[5011495])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T21:06:30", "description": "The remote Windows host is missing security update 5011525 or cumulative update 5011534. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-23290, CVE-2022-23293, CVE-2022-23296, CVE-2022-23298, CVE-2022-23299, CVE-2022-24459)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2022-24502)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-23281, CVE-2022-23297)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "KB5011525: Windows Server 2008 Security Update (March 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21990", "CVE-2022-23281", "CVE-2022-23283", "CVE-2022-23290", "CVE-2022-23293", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-24459", "CVE-2022-24502"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAR_5011525.NASL", "href": "https://www.tenable.com/plugins/nessus/158709", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158709);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-21990\",\n \"CVE-2022-23281\",\n \"CVE-2022-23283\",\n \"CVE-2022-23290\",\n \"CVE-2022-23293\",\n \"CVE-2022-23296\",\n \"CVE-2022-23297\",\n \"CVE-2022-23298\",\n \"CVE-2022-23299\",\n \"CVE-2022-24459\",\n \"CVE-2022-24502\"\n );\n script_xref(name:\"MSKB\", value:\"5011525\");\n script_xref(name:\"MSKB\", value:\"5011534\");\n script_xref(name:\"MSFT\", value:\"MS22-5011525\");\n script_xref(name:\"MSFT\", value:\"MS22-5011534\");\n script_xref(name:\"IAVA\", value:\"2022-A-0112-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0111-S\");\n\n script_name(english:\"KB5011525: Windows Server 2008 Security Update (March 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5011525\nor cumulative update 5011534. It is, therefore, affected by\nmultiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-23290, CVE-2022-23293,\n CVE-2022-23296, CVE-2022-23298, CVE-2022-23299,\n CVE-2022-24459)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2022-24502)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2022-21990)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2022-23281, CVE-2022-23297)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5011525.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24459\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21990\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-03';\nkbs = make_list(\n '5011534',\n '5011525'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0',\n sp:2,\n rollup_date:'03_2022',\n bulletin:bulletin,\n rollup_kb_list:[5011534, 5011525])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T21:04:58", "description": "The remote Windows host is missing security update 5011493. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990, CVE-2022-23294, CVE-2022-24508)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-23253)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-23291, CVE-2022-24454, CVE-2022-24460, CVE-2022-24459, CVE-2022-23296, CVE-2022-23299, CVE-2022-24507, CVE-2022-23298, CVE-2022-23284, CVE-2022-24525, CVE-2022-23290, CVE-2022-23293, CVE-2022-23287, CVE-2022-21967, CVE-2022-24505, CVE-2022-23286)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21977, CVE-2022-22010, CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2022-24502)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "KB5011493: Windows Server 11 Security Update (March 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21967", "CVE-2022-21977", "CVE-2022-21990", "CVE-2022-22010", "CVE-2022-23253", "CVE-2022-23278", "CVE-2022-23281", "CVE-2022-23283", "CVE-2022-23284", "CVE-2022-23286", "CVE-2022-23287", "CVE-2022-23290", "CVE-2022-23291", "CVE-2022-23293", "CVE-2022-23294", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-24454", "CVE-2022-24459", "CVE-2022-24460", "CVE-2022-24502", "CVE-2022-24503", "CVE-2022-24505", "CVE-2022-24507", "CVE-2022-24508", "CVE-2022-24525"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAR_5011493.NASL", "href": "https://www.tenable.com/plugins/nessus/158711", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc. \n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158711);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-21967\",\n \"CVE-2022-21977\",\n \"CVE-2022-21990\",\n \"CVE-2022-22010\",\n \"CVE-2022-23253\",\n \"CVE-2022-23278\",\n \"CVE-2022-23281\",\n \"CVE-2022-23283\",\n \"CVE-2022-23284\",\n \"CVE-2022-23286\",\n \"CVE-2022-23287\",\n \"CVE-2022-23290\",\n \"CVE-2022-23291\",\n \"CVE-2022-23293\",\n \"CVE-2022-23294\",\n \"CVE-2022-23296\",\n \"CVE-2022-23297\",\n \"CVE-2022-23298\",\n \"CVE-2022-23299\",\n \"CVE-2022-24454\",\n \"CVE-2022-24459\",\n \"CVE-2022-24460\",\n \"CVE-2022-24502\",\n \"CVE-2022-24503\",\n \"CVE-2022-24505\",\n \"CVE-2022-24507\",\n \"CVE-2022-24508\",\n \"CVE-2022-24525\"\n );\n script_xref(name:\"MSKB\", value:\"5011493\");\n script_xref(name:\"MSFT\", value:\"MS22-5011493\");\n script_xref(name:\"IAVA\", value:\"2022-A-0111-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0112-S\");\n\n script_name(english:\"KB5011493: Windows Server 11 Security Update (March 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5011493. It is, therefore, \naffected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2022-21990,\n CVE-2022-23294, CVE-2022-24508)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2022-23253)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-23291, CVE-2022-24454,\n CVE-2022-24460, CVE-2022-24459, CVE-2022-23296,\n CVE-2022-23299, CVE-2022-24507, CVE-2022-23298,\n CVE-2022-23284, CVE-2022-24525, CVE-2022-23290,\n CVE-2022-23293, CVE-2022-23287, CVE-2022-21967,\n CVE-2022-24505, CVE-2022-23286)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2022-21977, CVE-2022-22010,\n CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2022-24502)\n\nNote that Nessus has not tested for this issue but has instead relied \nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5011493.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23284\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-24508\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-03';\nkbs = make_list(\n '5011493'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:22000,\n rollup_date:'03_2022',\n bulletin:bulletin,\n rollup_kb_list:[5011493])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T21:05:14", "description": "The remote Windows host is missing security update 5011497. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990, CVE-2022-23294, CVE-2022-24508, CVE-2022-23285)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-23253)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2022-23299, CVE-2022-23298, CVE-2022-23284, CVE-2022-24454, CVE-2022-24460, CVE-2022-23296, CVE-2022-24459, CVE-2022-24507, CVE-2022-23293, CVE-2022-23291, CVE-2022-23290, CVE-2022-23288, CVE-2022-23283, CVE-2022-24505, CVE-2022-23287, CVE-2022-23286)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21977, CVE-2022-22010, CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2022-24502)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "KB5011497: Windows Server 2022 Security Update (March 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21975", "CVE-2022-21977", "CVE-2022-21990", "CVE-2022-22010", "CVE-2022-23253", "CVE-2022-23278", "CVE-2022-23281", "CVE-2022-23283", "CVE-2022-23284", "CVE-2022-23285", "CVE-2022-23286", "CVE-2022-23287", "CVE-2022-23288", "CVE-2022-23290", "CVE-2022-23291", "CVE-2022-23293", "CVE-2022-23294", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-24454", "CVE-2022-24459", "CVE-2022-24460", "CVE-2022-24502", "CVE-2022-24503", "CVE-2022-24505", "CVE-2022-24507", "CVE-2022-24508"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAR_5011497.NASL", "href": "https://www.tenable.com/plugins/nessus/158700", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc. \n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158700);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-21975\",\n \"CVE-2022-21977\",\n \"CVE-2022-21990\",\n \"CVE-2022-22010\",\n \"CVE-2022-23253\",\n \"CVE-2022-23278\",\n \"CVE-2022-23281\",\n \"CVE-2022-23283\",\n \"CVE-2022-23284\",\n \"CVE-2022-23285\",\n \"CVE-2022-23286\",\n \"CVE-2022-23287\",\n \"CVE-2022-23288\",\n \"CVE-2022-23290\",\n \"CVE-2022-23291\",\n \"CVE-2022-23293\",\n \"CVE-2022-23294\",\n \"CVE-2022-23296\",\n \"CVE-2022-23297\",\n \"CVE-2022-23298\",\n \"CVE-2022-23299\",\n \"CVE-2022-24454\",\n \"CVE-2022-24459\",\n \"CVE-2022-24460\",\n \"CVE-2022-24502\",\n \"CVE-2022-24503\",\n \"CVE-2022-24505\",\n \"CVE-2022-24507\",\n \"CVE-2022-24508\"\n );\n script_xref(name:\"MSKB\", value:\"5011497\");\n script_xref(name:\"MSKB\", value:\"5011580\");\n script_xref(name:\"MSFT\", value:\"MS22-5011497\");\n script_xref(name:\"MSFT\", value:\"MS22-5011580\");\n script_xref(name:\"IAVA\", value:\"2022-A-0112-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0111-S\");\n\n script_name(english:\"KB5011497: Windows Server 2022 Security Update (March 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5011497. It is, therefore, \naffected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2022-21990,\n CVE-2022-23294, CVE-2022-24508, CVE-2022-23285)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2022-23253)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2022-23299, CVE-2022-23298, CVE-2022-23284,\n CVE-2022-24454, CVE-2022-24460, CVE-2022-23296,\n CVE-2022-24459, CVE-2022-24507, CVE-2022-23293,\n CVE-2022-23291, CVE-2022-23290, CVE-2022-23288,\n CVE-2022-23283, CVE-2022-24505, CVE-2022-23287,\n CVE-2022-23286)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2022-21977, CVE-2022-22010,\n CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2022-24502)\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5011497.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23284\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-24508\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-03';\nkbs = make_list(\n '5011497',\n '5011580'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:20348,\n rollup_date:'03_2022',\n bulletin:bulletin,\n rollup_kb_list:[5011497,5011580])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T21:06:29", "description": "The remote Windows host is missing security update 5011485.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-21975, CVE-2022-23253)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2022-21967, CVE-2022-23283, CVE-2022-23284, CVE-2022-23286, CVE-2022-23287, CVE-2022-23288, CVE-2022-23290, CVE-2022-23291, CVE-2022-23293, CVE-2022-23296, CVE-2022-23298, CVE-2022-23299, CVE-2022-24454, CVE-2022-24455, CVE-2022-24459, CVE-2022-24460, CVE-2022-24505, CVE-2022-24507, CVE-2022-24525)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21977, CVE-2022-22010, CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990, CVE-2022-23285, CVE-2022-23294)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2022-24502)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "KB5011485: Windows 10 Version 1909 (March 2022) Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21967", "CVE-2022-21975", "CVE-2022-21977", "CVE-2022-21990", "CVE-2022-22010", "CVE-2022-23253", "CVE-2022-23281", "CVE-2022-23283", "CVE-2022-23284", "CVE-2022-23285", "CVE-2022-23286", "CVE-2022-23287", "CVE-2022-23288", "CVE-2022-23290", "CVE-2022-23291", "CVE-2022-23293", "CVE-2022-23294", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-24454", "CVE-2022-24455", "CVE-2022-24459", "CVE-2022-24460", "CVE-2022-24502", "CVE-2022-24503", "CVE-2022-24505", "CVE-2022-24507", "CVE-2022-24525"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAR_5011485.NASL", "href": "https://www.tenable.com/plugins/nessus/158716", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158716);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-21967\",\n \"CVE-2022-21975\",\n \"CVE-2022-21977\",\n \"CVE-2022-21990\",\n \"CVE-2022-22010\",\n \"CVE-2022-23253\",\n \"CVE-2022-23281\",\n \"CVE-2022-23283\",\n \"CVE-2022-23284\",\n \"CVE-2022-23285\",\n \"CVE-2022-23286\",\n \"CVE-2022-23287\",\n \"CVE-2022-23288\",\n \"CVE-2022-23290\",\n \"CVE-2022-23291\",\n \"CVE-2022-23293\",\n \"CVE-2022-23294\",\n \"CVE-2022-23296\",\n \"CVE-2022-23297\",\n \"CVE-2022-23298\",\n \"CVE-2022-23299\",\n \"CVE-2022-24454\",\n \"CVE-2022-24455\",\n \"CVE-2022-24459\",\n \"CVE-2022-24460\",\n \"CVE-2022-24502\",\n \"CVE-2022-24503\",\n \"CVE-2022-24505\",\n \"CVE-2022-24507\",\n \"CVE-2022-24525\"\n );\n script_xref(name:\"MSKB\", value:\"5011485\");\n script_xref(name:\"MSFT\", value:\"MS22-5011485\");\n script_xref(name:\"IAVA\", value:\"2022-A-0111-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0112-S\");\n\n script_name(english:\"KB5011485: Windows 10 Version 1909 (March 2022) Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5011485.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2022-21975,\n CVE-2022-23253)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2022-21967, CVE-2022-23283, CVE-2022-23284,\n CVE-2022-23286, CVE-2022-23287, CVE-2022-23288,\n CVE-2022-23290, CVE-2022-23291, CVE-2022-23293,\n CVE-2022-23296, CVE-2022-23298, CVE-2022-23299,\n CVE-2022-24454, CVE-2022-24455, CVE-2022-24459,\n CVE-2022-24460, CVE-2022-24505, CVE-2022-24507,\n CVE-2022-24525)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2022-21977, CVE-2022-22010,\n CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2022-21990,\n CVE-2022-23285, CVE-2022-23294)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2022-24502)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5011485\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5011485.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23284\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-03';\nkbs = make_list(\n '5011485'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:18363,\n rollup_date:'03_2022',\n bulletin:bulletin,\n rollup_kb_list:[5011485])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T21:04:55", "description": "The remote Windows host is missing security update 5011503. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2022-23288, CVE-2022-23284, CVE-2022-24455, CVE-2022-23296, CVE-2022-24459, CVE-2022-24507, CVE-2022-23291, CVE-2022-23299, CVE-2022-23298, CVE-2022-23293, CVE-2022-23290, CVE-2022-24460, CVE-2022-24454, CVE-2022-23283, CVE-2022-21967, CVE-2022-24505, CVE-2022-23287, CVE-2022-23286)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-21975, CVE-2022-23253)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2022-24502)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21977, CVE-2022-22010, CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990, CVE-2022-23285, CVE-2022-23294)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "KB5011503: Windows 10 version 1809 / Windows Server 2019 Security Update (March 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21967", "CVE-2022-21975", "CVE-2022-21977", "CVE-2022-21990", "CVE-2022-22010", "CVE-2022-23253", "CVE-2022-23278", "CVE-2022-23281", "CVE-2022-23283", "CVE-2022-23284", "CVE-2022-23285", "CVE-2022-23286", "CVE-2022-23287", "CVE-2022-23288", "CVE-2022-23290", "CVE-2022-23291", "CVE-2022-23293", "CVE-2022-23294", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-24454", "CVE-2022-24455", "CVE-2022-24459", "CVE-2022-24460", "CVE-2022-24502", "CVE-2022-24503", "CVE-2022-24505", "CVE-2022-24507"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAR_5011503.NASL", "href": "https://www.tenable.com/plugins/nessus/158712", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158712);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-21967\",\n \"CVE-2022-21975\",\n \"CVE-2022-21977\",\n \"CVE-2022-21990\",\n \"CVE-2022-22010\",\n \"CVE-2022-23253\",\n \"CVE-2022-23278\",\n \"CVE-2022-23281\",\n \"CVE-2022-23283\",\n \"CVE-2022-23284\",\n \"CVE-2022-23285\",\n \"CVE-2022-23286\",\n \"CVE-2022-23287\",\n \"CVE-2022-23288\",\n \"CVE-2022-23290\",\n \"CVE-2022-23291\",\n \"CVE-2022-23293\",\n \"CVE-2022-23294\",\n \"CVE-2022-23296\",\n \"CVE-2022-23297\",\n \"CVE-2022-23298\",\n \"CVE-2022-23299\",\n \"CVE-2022-24454\",\n \"CVE-2022-24455\",\n \"CVE-2022-24459\",\n \"CVE-2022-24460\",\n \"CVE-2022-24502\",\n \"CVE-2022-24503\",\n \"CVE-2022-24505\",\n \"CVE-2022-24507\"\n );\n script_xref(name:\"MSKB\", value:\"5011503\");\n script_xref(name:\"MSFT\", value:\"MS22-5011503\");\n script_xref(name:\"IAVA\", value:\"2022-A-0112-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0111-S\");\n\n script_name(english:\"KB5011503: Windows 10 version 1809 / Windows Server 2019 Security Update (March 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5011503. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2022-23288, CVE-2022-23284, CVE-2022-24455,\n CVE-2022-23296, CVE-2022-24459, CVE-2022-24507, \n CVE-2022-23291, CVE-2022-23299, CVE-2022-23298, \n CVE-2022-23293, CVE-2022-23290, CVE-2022-24460, \n CVE-2022-24454, CVE-2022-23283, CVE-2022-21967, \n CVE-2022-24505, CVE-2022-23287, CVE-2022-23286)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2022-21975,\n CVE-2022-23253)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2022-24502)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2022-21977, CVE-2022-22010,\n CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2022-21990,\n CVE-2022-23285, CVE-2022-23294)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5011503.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23284\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-03';\nkbs = make_list(\n '5011503'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17763',\n rollup_date:'03_2022',\n bulletin:bulletin,\n rollup_kb_list:[5011503])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T21:06:25", "description": "The remote Windows host is missing security update 5011487. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-23284, CVE-2022-23291, CVE-2022-24459, CVE-2022-23296, CVE-2022-24507, CVE-2022-24454, CVE-2022-23298, CVE-2022-23290, CVE-2022-23288, CVE-2022-24525, CVE-2022-24460, CVE-2022-23299, CVE-2022-23293, CVE-2022-23287, CVE-2022-21967, CVE-2022-24505, CVE-2022-23286)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-21975, CVE-2022-23253)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2022-24502)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21977, CVE-2022-22010, CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990, CVE-2022-23285, CVE-2022-23294, CVE-2022-24508)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "KB5011487: Windows 10 Version 20H2 / Windows 10 Version 21H1 / Windows 10 Version 21H2 Security Update (March 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21967", "CVE-2022-21975", "CVE-2022-21977", "CVE-2022-21990", "CVE-2022-22010", "CVE-2022-23253", "CVE-2022-23278", "CVE-2022-23281", "CVE-2022-23283", "CVE-2022-23284", "CVE-2022-23285", "CVE-2022-23286", "CVE-2022-23287", "CVE-2022-23288", "CVE-2022-23290", "CVE-2022-23291", "CVE-2022-23293", "CVE-2022-23294", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-24454", "CVE-2022-24459", "CVE-2022-24460", "CVE-2022-24502", "CVE-2022-24503", "CVE-2022-24505", "CVE-2022-24507", "CVE-2022-24508", "CVE-2022-24525"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_MAR_5011487.NASL", "href": "https://www.tenable.com/plugins/nessus/158701", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc. \n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158701);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2022-21967\",\n \"CVE-2022-21975\",\n \"CVE-2022-21977\",\n \"CVE-2022-21990\",\n \"CVE-2022-22010\",\n \"CVE-2022-23253\",\n \"CVE-2022-23278\",\n \"CVE-2022-23281\",\n \"CVE-2022-23283\",\n \"CVE-2022-23284\",\n \"CVE-2022-23285\",\n \"CVE-2022-23286\",\n \"CVE-2022-23287\",\n \"CVE-2022-23288\",\n \"CVE-2022-23290\",\n \"CVE-2022-23291\",\n \"CVE-2022-23293\",\n \"CVE-2022-23294\",\n \"CVE-2022-23296\",\n \"CVE-2022-23297\",\n \"CVE-2022-23298\",\n \"CVE-2022-23299\",\n \"CVE-2022-24454\",\n \"CVE-2022-24459\",\n \"CVE-2022-24460\",\n \"CVE-2022-24502\",\n \"CVE-2022-24503\",\n \"CVE-2022-24505\",\n \"CVE-2022-24507\",\n \"CVE-2022-24508\",\n \"CVE-2022-24525\"\n );\n script_xref(name:\"MSFT\", value:\"MS22-5011487\");\n script_xref(name:\"MSKB\", value:\"5011487\");\n script_xref(name:\"IAVA\", value:\"2022-A-0111-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0112-S\");\n\n script_name(english:\"KB5011487: Windows 10 Version 20H2 / Windows 10 Version 21H1 / Windows 10 Version 21H2 Security Update (March 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5011487. It is, therefore, \naffected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2022-23283, CVE-2022-23284, CVE-2022-23291,\n CVE-2022-24459, CVE-2022-23296, CVE-2022-24507,\n CVE-2022-24454, CVE-2022-23298, CVE-2022-23290,\n CVE-2022-23288, CVE-2022-24525, CVE-2022-24460,\n CVE-2022-23299, CVE-2022-23293, CVE-2022-23287,\n CVE-2022-21967, CVE-2022-24505, CVE-2022-23286)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2022-21975,\n CVE-2022-23253)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2022-24502)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2022-21977, CVE-2022-22010,\n CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2022-21990,\n CVE-2022-23285, CVE-2022-23294, CVE-2022-24508)\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5011487.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23284\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-24508\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-03';\nkbs = make_list(\n '5011487'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:19042,\n rollup_date:'03_2022',\n bulletin:bulletin,\n rollup_kb_list:[5011487])\n||\n smb_check_rollup(os:'10',\n sp:0,\n os_build:19043,\n rollup_date:'03_2022',\n bulletin:bulletin,\n rollup_kb_list:[5011487])\n||\n smb_check_rollup(os:'10',\n sp:0,\n os_build:19044,\n rollup_date:'03_2022',\n bulletin:bulletin,\n rollup_kb_list:[5011487])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "hivepro": [{"lastseen": "2022-03-14T21:28:41", "description": "THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 71 the following vulnerabilities in their March 2022 Patch Tuesday Update. This advisory briefs about six vulnerabilities out of which three of them have been rated critical in severity and three of them are zero-days. Microsoft Patch Tuesday comprise of the following vulnerabilities: \u2022 29 Remote Code Execution Vulnerabilities \u2022 25 Elevation of Privilege Vulnerabilities \u2022 6 Information Disclosure Vulnerabilities \u2022 4 Denial of Service Vulnerabilities \u2022 3 Security Feature Bypass Vulnerabilities \u2022 3 Spoofing Vulnerabilities \u2022 1 Tampering Vulnerability The three critical vulnerabilities are remote code execution bugs affecting Microsoft Exchange Server (CVE-2022-23277), HEVC Video Extensions (CVE-2022-22006), and VP9 Video Extensions (CVE-2022-24501). In addition to this, two out of the three zero-days are remote code execution (CVE-2022-24512 CVE-2022-21990) and one of them is a privilege escalation (CVE-2022-24459). A zero-day vulnerability, CVE-2022-21990 has been labeled as "Exploitation More Likely\u201c by Microsoft as a proof-of-concept (PoC) exploit is publicly available. All these vulnerabilities have been patched by Microsoft and we advise all organizations to apply patches for the same to avoid potential attacks. Potential Mitre ATT&CK TTPs are : TA0001: Initial Access TA0002: Execution TA0004: Privilege Escalation T1190: Exploit Public-Facing Application T1203: Exploitation of Client Execution T1068: Exploitation for Privilege Escalation Vulnerability Detail Patch Link https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21990 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24459 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22006 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24501 References https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar https://www.cisa.gov/uscert/ncas/current-activity/2022/03/08/microsoft-releases-march-2022-security-updates https://msrc.microsoft.com/update-guide/en-us", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-09T14:14:19", "type": "hivepro", "title": "Microsoft addressed three zero-day vulnerabilities March 2022 Patch Tuesday Update", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21990", "CVE-2022-22006", "CVE-2022-23277", "CVE-2022-24459", "CVE-2022-24501", "CVE-2022-24512"], "modified": "2022-03-09T14:14:19", "id": "HIVEPRO:A5B7D647C96534217BDBB923076B548D", "href": "https://www.hivepro.com/microsoft-addressed-three-zero-day-vulnerabilities-march-2022-patch-tuesday-update/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-16T07:28:44", "description": "For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 538 16 3 42 19 89 The second week of March 2022 witnessed the discovery of 538 vulnerabilities out of which 16 gained the attention of Threat Actors and security researchers worldwide. Among these 16, there were 3 zero-days and 5 other vulnerabilities about which the National vulnerability Database (NVD) is awaiting analysis, while 6 of them are undergoing analysis, and 3 were not present in the NVD at all. Hive Pro Threat Research Team has curated a list of 16 CVEs that require immediate action. Further, we also observed 3 Threat Actor groups being highly active in the last week. APT41, a well-known Chinese threat actor group popular for espionage and financial gain, was observed targeting US state government networks using the famous Log4j vulnerability (CVE-2021-44228) and the USAHerds program (CVE-2021- 44207). Additionally, a famous Initial Access Broker (IAB) was also prominent targeting organizations from the US, UK, and India. Another threat actor from China, Mustang Panda, was observed targeting European diplomats using a revised version of the PlugX backdoor. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section. Detailed Report: Interesting Vulnerabilities: Vendor CVEs Patch Link CVE-2022-23187 CVE-2022-24094 CVE-2022-24095 CVE-2022-24096 CVE-2022-24097 https://helpx.adobe.com/security/products/illustrator/apsb22-15.html https://helpx.adobe.com/security/products/after_effects/apsb22-17.html CVE-2022-26384 CVE-2022-26383 CVE-2022-26387 CVE-2022-26381 https://cdn.stubdownloader.services.mozilla.com/builds/firefox-stub/en-US/win/bb09da6defac4081f06e02ac17730b9b6f1e13db4315d371a03b167a2f4b3155/Firefox%20Installer.exe CVE-2022-24512* CVE-2022-21990* CVE-2022-24459* CVE-2022-23277 CVE-2022-22006 CVE-2022-24501 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21990 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24459 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22006 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24501 CVE-2022-0847 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/snapshot/linux9d2231c5d74e13b2a0546fee6737ee4446017903.tar.gz Active Actors: Icon Name Origin Motive APT41 (Double Dragon, TG-2633, Bronze Atlas, Red Kelpie,Blackfly, Earth Baku, SparklingGoblin, Grayfly) China Espionage and financial gain Prophet Spider Unknown Crypto mining, ransomware, and extortion. Mustang Panda (Bronze President, TEMP.Hex, HoneyMyte, Red Lich, RedDelta, TA416) China Information theft and espionage Targeted Location: Targeted Sectors: Common TTPs: TA0042: Resource Development TA0001: Initial Access TA0002: Execution TA0003: Persistence TA0004: Privilege Escalation TA0005: Defense Evasion T1583: Acquire Infrastructure T1190: Exploit Public-Facing Application T1059: Command and Scripting Interpreter T1197: BITS Jobs T1547: Boot or Logon Autostart Execution T1197: BITS Jobs T1583.001: Domains T1133: External Remote Services T1059.001: PowerShell T1547: Boot or Logon Autostart Execution T1547.001: Registry Run Keys / Startup Folder T1480: Execution Guardrails T1588: Obtain Capabilities T1566: Phishing T1059.004: Unix Shell T1547.001: Registry Run Keys / Startup Folder T1543: Create or Modify System Process T1480.001: Environmental Keying T1588.002: Tool T1566.001: Spearphishing Attachment T1059.005: Visual Basic T1136: Create Account T1543.003: Windows Service T1564: Hide Artifacts T1566.002: Spearphishing Link T1059.003: Windows Command Shell T1136.001: Local Account T1546: Event Triggered Execution T1564.001: Hidden Files and Directories T1091: Replication Through Removable Media T1203: Exploitation for Client Execution T1543: Create or Modify System Process T1546.003: Windows Management Instrumentation Event Subscription T1564.006: Run Virtual Instance T1195: Supply Chain Compromise T1053: Scheduled Task/Job T1543.003: Windows Service T1546.008: Accessibility Features T1574: Hijack Execution Flow T1195.002: Compromise Software Supply Chain T1053.005: Scheduled Task T1546: Event Triggered Execution T1068: Exploitation for Privilege Escalation T1574.001: DLL Search Order Hijacking T1078: Valid Accounts T1569: System Services T1546.008: Accessibility Features T1574: Hijack Execution Flow T1574.002: DLL Side-Loading T1204: User Execution T1546.003: Windows Management Instrumentation Event Subscription T1574.001: DLL Search Order Hijacking T1574.006: Dynamic Linker Hijacking T1204.002: Malicious File T1133: External Remote Services T1574.002: DLL Side-Loading T1562: Impair Defenses T1204.001: Malicious Link T1574: Hijack Execution Flow T1574.006: Dynamic Linker Hijacking T1562.001: Disable or Modify Tools T1047: Windows Management Instrumentation T1574.001: DLL Search Order Hijacking T1055: Process Injection T1070: Indicator Removal on Host T1574.002: DLL Side-Loading T1053: Scheduled Task/Job T1070.003: Clear Command History T1574.006: Dynamic Linker Hijacking T1053.005: Scheduled Task T1070.001: Clear Windows Event Logs T1542: Pre-OS Boot T1070.004: File Deletion T1542.003: Bootkit T1036: Masquerading T1053: Scheduled Task/Job T1036.007: Double File Extension T1053.005: Scheduled Task T1036.004: Masquerade Task or Service T1505: Server Software Component T1036.005: Match Legitimate Name or Location T1505.003: Web Shell T1112: Modify Registry T1027: Obfuscated Files or Information T1027.001: Binary Padding T1542: Pre-OS Boot T1542.003: Bootkit T1014: Rootkit T1218: Signed Binary Proxy Execution T1218.001: Compiled HTML File T1218.004: InstallUtil T1218.005: Mshta T1218.007: Msiexec T1218.010: Regsvr32 T1218.011: Rundll32 T1553: Subvert Trust Controls T1553.002: Code Signing TA0006: Credential Access TA0007: Discovery TA0008: Lateral Movement TA0009: Collection TA0011: Command and Control TA0010: Exfiltration TA0040: Impact T1110: Brute Force T1083: File and Directory Discovery T1021: Remote Services T1560: Archive Collected Data T1071: Application Layer Protocol T1052: Exfiltration Over Physical Medium T1486: Data Encrypted for Impact T1110.002: Password Cracking T1046: Network Service Scanning T1021.001: Remote Desktop Protocol T1560.003: Archive via Custom Method T1071.004: DNS T1052.001: Exfiltration over USB T1490: Inhibit System Recovery T1056: Input Capture T1135: Network Share Discovery T1021.002: SMB/Windows Admin Shares T1560.001: Archive via Utility T1071.002: File Transfer Protocols T1496: Resource Hijacking T1056.001: Keylogging T1120: Peripheral Device Discovery T1091: Replication Through Removable Media T1119: Automated Collection T1071.001: Web Protocols T1489: Service Stop T1003: OS Credential Dumping T1057: Process Discovery T1005: Data from Local System T1568: Dynamic Resolution T1003.001: LSASS Memory T1518: Software Discovery T1074: Data Staged T1568.002: Domain Generation Algorithms T1003.003: NTDS T1082: System Information Discovery T1074.001: Local Data Staging T1573: Encrypted Channel T1614: System Location Discovery T1056: Input Capture T1573.001: Symmetric Cryptography T1614.001: System Language Discovery T1056.001: Keylogging T1105: Ingress Tool Transfer T1016: System Network Configuration Discovery T1104: Multi-Stage Channels T1016.001: [\u2026]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-14T16:24:44", "type": "hivepro", "title": "Weekly Threat Digest: 7 \u2013 13 March 2022", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2022-0847", "CVE-2022-21990", "CVE-2022-22006", "CVE-2022-23187", "CVE-2022-23277", "CVE-2022-24094", "CVE-2022-24095", "CVE-2022-24096", "CVE-2022-24097", "CVE-2022-24459", "CVE-2022-24501", "CVE-2022-24512", "CVE-2022-26381", "CVE-2022-26383", "CVE-2022-26384", "CVE-2022-26387"], "modified": "2022-03-14T16:24:44", "id": "HIVEPRO:B25417250BE7F8A7BBB1186F85A865F9", "href": "https://www.hivepro.com/weekly-threat-digest-7-13-march-2022/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "malwarebytes": [{"lastseen": "2022-03-14T21:27:35", "description": "The updates for Microsoft's March 2022 Patch Tuesday should fix 92 vulnerabilities, including three zero-day vulnerabilities.\n\nOf the 92 vulnerabilities, 21 are for Microsoft Edge and originate from the Chromium Project. Of the 71 others, three are classified as Critical because they allow remote code execution (RCE).\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). Let\u2019s have a look at the most interesting ones that were patched in this Patch Tuesday update.\n\nThe first three are publicly disclosed vulnerabilities, which makes them zero-day vulnerabilities, but so far none of them has been seen to be exploited in the wild.\n\n## Remote Desktop Client\n\n[CVE-2022-21990](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21990>): A Remote Desktop Client remote code execution vulnerability. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. This vulnerability might be hard to exploit since it requires an attacker to control a malicious server and that the user must willingly connect to it. There is Proof-of-Concept (PoC) code available for this vulnerability.\n\n## Windows Fax and Scan service\n\n[CVE-2022-24459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24459>): Windows Fax and Scan service elevation of privilege vulnerability is an LPE (local privilege escalation) vulnerability in the Windows Fax and Scan service. An LPE vulnerability means that an attacker should already have some level of access and can take their privileges to a higher level by exploiting this vulnerability. Such vulnerabilities can be useful in an attack chain. There is Proof-of-Concept (PoC) code available for this vulnerability.\n\n## .NET and Visual Studio\n\n[CVE-2022-24512](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24512>): A .NET and Visual Studio Remote Code Execution vulnerability. The ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack. This is because successful exploitation of this vulnerability would require a user to trigger the payload in the application.\n\nNext up are the vulnerabilities that were rated as critical.\n\n## Exchange Server\n\n[CVE-2022-23277](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23277>): A Microsoft Exchange Server remote code execution vulnerability. The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call. So the attacker needs some form of authentication to exploit this vulnerability. Which makes it all the more important to change or remove compromised accounts. Stolen or leaked credentials can be used to wreak havoc.\n\n## HEVC video extensions\n\n[CVE-2022-24508](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24508>): A HEVC Video Extensions arbitrary code execution vulnerability. The High Efficiency Video Coding (HEVC) extensions allow a buyer to playback files in HEVC format. An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file which could lead to a crash. The Microsoft Store will automatically update affected customers. Alternatively, customers can get the [update immediately](<https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f>).\n\n## VP9 video extensions\n\n[CVE-2022-24501](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24501>): A VP9 video extensions arbitrary code execution vulnerability. Very much the same as the above. An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file which could lead to a crash. VP9 is the successor to VP8 and competes with HEVC.\n\nFinally, one vulnerability that is listed as Important and not as Critical, but which looks like a likely candidate to be exploited.\n\n## SMBv3 client/server\n\n[CVE-2022-24508](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24508>): A Windows SMBv3 client/server remote code execution vulnerability. The vulnerability exists in a new feature that was added to Windows 10 version 2004 and exists in newer supported versions of Windows. Older versions of Windows are not affected. The attacker needs to be authenticated to exploit the vulnerability. The [Microsoft page](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24508>) provides a workaround that requires administrators to disable SMBv3 compression.\n\n## Other vendors\n\nOther vendors have published security related updates as well:\n\n * [Cisco](<https://tools.cisco.com/security/center/publicationListing.x>) released security updates\n * Google released [Android](<https://source.android.com/security/bulletin/2022-03-01>) security updates\n * [Samsung](<https://security.samsungmobile.com/securityUpdate.smsb>) released a Security Maintenance Release package that includes patches from Google and Samsung.\n * HP released a security update to deal with 16 disclosed [UEFI firmware](<https://www.bleepingcomputer.com/news/security/hp-patches-16-uefi-firmware-bugs-allowing-stealthy-malware-infections/>) vulnerabilities.\n\nStay safe, everyone!\n\nThe post [Update now! Microsoft patches three zero-day vulnerabilities on Patch Tuesday](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/03/update-now-microsoft-patches-three-zero-day-vulnerabilities-on-patch-tuesday/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-09T19:51:59", "type": "malwarebytes", "title": "Update now! Microsoft patches three zero-day vulnerabilities on Patch Tuesday", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21990", "CVE-2022-23277", "CVE-2022-24459", "CVE-2022-24501", "CVE-2022-24508", "CVE-2022-24512"], "modified": "2022-03-09T19:51:59", "id": "MALWAREBYTES:D665E50AE0C4F93CD38E58AB1A0BACF5", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/03/update-now-microsoft-patches-three-zero-day-vulnerabilities-on-patch-tuesday/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:37:28", "description": "[![Patch Tuesday, March 2022](https://thehackernews.com/new-images/img/a/AVvXsEhK6VuA6kx9DvY8Koxgo0i7pZQFwUu2qME9TlFV2PoNowLirfWtfk8SfpIhCfGtm7T-ISd6WyZJrYhQuDwz1mT_-QA6m9IEDGRzQf8qnioGNi9sEvttsvZ1GPlY7JOIctu632OJtO-7xakZpv5bSPG-OvMi6bI0kOwYPfcW6m1RywPekmaHuScSK5c_=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEhK6VuA6kx9DvY8Koxgo0i7pZQFwUu2qME9TlFV2PoNowLirfWtfk8SfpIhCfGtm7T-ISd6WyZJrYhQuDwz1mT_-QA6m9IEDGRzQf8qnioGNi9sEvttsvZ1GPlY7JOIctu632OJtO-7xakZpv5bSPG-OvMi6bI0kOwYPfcW6m1RywPekmaHuScSK5c_>)\n\nMicrosoft's [Patch Tuesday update](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar>) for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others.\n\nOf the total 71 patches, three are rated Critical and 68 are rated Important in severity. While none of the vulnerabilities are listed as actively exploited, three of them are publicly known at the time of release.\n\nIt's worth pointing out that Microsoft separately [addressed 21 flaws](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) in the Chromium-based Microsoft Edge browser earlier this month.\n\nAll the three critical vulnerabilities remediated this month are remote code execution flaws impacting HEVC Video Extensions ([CVE-2022-22006](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22006>)), Microsoft Exchange Server ([CVE-2022-23277](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277>)), and VP9 Video Extensions ([CVE-2022-24501](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24501>)).\n\nThe Microsoft Exchange Server vulnerability, which was reported by researcher Markus Wulftange, is also noteworthy for the fact that it requires the attacker to be authenticated to be able to exploit the server.\n\n\"The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution,\" the Windows maker said. \"As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.\"\n\n\"Critical vulnerability CVE-2022-23277 should also be a concern,\" Kevin Breen, director of cyber threat research at Immersive Labs, said. \"While requiring authentication, this vulnerability affecting on-prem Exchange servers could potentially be used during lateral movement into a part of the environment which presents the opportunity for business email compromise or data theft from email.\"\n\nThe three zero-day bugs fixed by Microsoft are as follows \u2013\n\n * [CVE-2022-24512](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512>) (CVSS score: 6.3) - .NET and Visual Studio Remote Code Execution Vulnerability\n * [CVE-2022-21990](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21990>) (CVSS score: 8.8) - Remote Desktop Client Remote Code Execution Vulnerability\n * [CVE-2022-24459](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24459>) (CVSS score: 7.8) - Windows Fax and Scan Service Elevation of Privilege Vulnerability\n\nMicrosoft also labeled CVE-2022-21990 as \"Exploitation More Likely\" because of the public availability of a proof-of-concept (PoC) exploit, making it crucial that the updates are applied as soon as possible to avoid potential attacks.\n\nOther defects of significance are a number of remote code execution flaws in Windows SMBv3 Client/Server, Microsoft Office, and Paint 3D, as well as privilege escalation flaws in Xbox Live Auth Manager, Microsoft Defender for IoT, and Azure Site Recovery.\n\nIn all, the patches close out 29 remote code execution vulnerabilities, 25 elevation of privilege vulnerabilities, six information disclosure vulnerabilities, four denial-of-service vulnerabilities, three security feature bypass vulnerabilities, three spoofing vulnerabilities, and one tampering vulnerability.\n\n### Software Patches from Other Vendors\n\nIn addition to Microsoft, security updates have also been released by other vendors to rectify several vulnerabilities, counting \u2014\n\n * [Adobe](<https://helpx.adobe.com/security.html>)\n * [AMD](<https://www.amd.com/en/corporate/product-security/>)\n * [Android](<https://source.android.com/security/bulletin/2022-03-01>)\n * [Cisco](<https://thehackernews.com/2022/03/critical-patches-issued-for-cisco.html>)\n * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>)\n * [HP](<https://thehackernews.com/2022/03/new-16-high-severity-uefi-firmware.html>)\n * [Intel](<https://www.intel.com/content/www/us/en/security-center/default.html>)\n * [Juniper Networks](<https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES>)\n * Linux distributions [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21>), [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=2&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=Errata>), and [SUSE](<https://lists.suse.com/pipermail/sle-security-updates/2022-March/thread.html>)\n * [Mozilla](<https://thehackernews.com/2022/03/2-new-mozilla-firefox-0-day-bugs-under.html>) [Firefox](<https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/>) and [Firefox ESR](<https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/>)\n * [SAP](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp>), and\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-09T05:44:00", "type": "thn", "title": "Critical Security Patches Issued by Microsoft, Adobe and Other Major Software Firms", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21990", "CVE-2022-22006", "CVE-2022-23277", "CVE-2022-24459", "CVE-2022-24501", "CVE-2022-24512"], "modified": "2022-03-10T13:47:49", "id": "THN:F6E88D18F2D7ABA51DCC332CC3FBCF68", "href": "https://thehackernews.com/2022/03/critical-security-patches-issued-by.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2022-03-14T19:46:01", "description": "### *Detect date*:\n03/08/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code, gain privileges, bypass security restrictions.\n\n### *Affected products*:\nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 10 Version 21H2 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 \nWindows Server 2022 Azure Edition Core Hotpatch \nWindows 10 Version 1809 for ARM64-based Systems \nWindows RT 8.1 \nWindows Server 2022 \nWindows Server 2012 \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2019 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 21H2 for 32-bit Systems \nWindows 10 Version 20H2 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for x64-based systems \nWindows 10 Version 21H2 for ARM64-based Systems \nWindows 10 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows Server 2012 R2 \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 11 for ARM64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2022 (Server Core installation) \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows 11 for x64-based Systems \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nRemote Desktop client for Windows Desktop \nWindows 10 Version 20H2 for ARM64-based Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-23281](<https://nvd.nist.gov/vuln/detail/CVE-2022-23281>) \n[CVE-2022-21973](<https://nvd.nist.gov/vuln/detail/CVE-2022-21973>) \n[CVE-2022-23285](<https://nvd.nist.gov/vuln/detail/CVE-2022-23285>) \n[CVE-2022-23296](<https://nvd.nist.gov/vuln/detail/CVE-2022-23296>) \n[CVE-2022-24454](<https://nvd.nist.gov/vuln/detail/CVE-2022-24454>) \n[CVE-2022-23293](<https://nvd.nist.gov/vuln/detail/CVE-2022-23293>) \n[CVE-2022-24503](<https://nvd.nist.gov/vuln/detail/CVE-2022-24503>) \n[CVE-2022-24502](<https://nvd.nist.gov/vuln/detail/CVE-2022-24502>) \n[CVE-2022-23297](<https://nvd.nist.gov/vuln/detail/CVE-2022-23297>) \n[CVE-2022-23298](<https://nvd.nist.gov/vuln/detail/CVE-2022-23298>) \n[CVE-2022-23253](<https://nvd.nist.gov/vuln/detail/CVE-2022-23253>) \n[CVE-2022-23283](<https://nvd.nist.gov/vuln/detail/CVE-2022-23283>) \n[CVE-2022-24459](<https://nvd.nist.gov/vuln/detail/CVE-2022-24459>) \n[CVE-2022-21990](<https://nvd.nist.gov/vuln/detail/CVE-2022-21990>) \n[CVE-2022-23299](<https://nvd.nist.gov/vuln/detail/CVE-2022-23299>) \n[CVE-2022-23290](<https://nvd.nist.gov/vuln/detail/CVE-2022-23290>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5011525](<http://support.microsoft.com/kb/5011525>) \n[5011534](<http://support.microsoft.com/kb/5011534>) \n[5011552](<http://support.microsoft.com/kb/5011552>) \n[5011529](<http://support.microsoft.com/kb/5011529>) \n[5011486](<http://support.microsoft.com/kb/5011486>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-08T00:00:00", "type": "kaspersky", "title": "KLA12479 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21973", "CVE-2022-21990", "CVE-2022-23253", "CVE-2022-23281", "CVE-2022-23283", "CVE-2022-23285", "CVE-2022-23290", "CVE-2022-23293", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-24454", "CVE-2022-24459", "CVE-2022-24502", "CVE-2022-24503"], "modified": "2022-03-09T00:00:00", "id": "KLA12479", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12479/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-14T19:45:38", "description": "### *Detect date*:\n03/08/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code, gain privileges, bypass security restrictions.\n\n### *Affected products*:\nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 10 Version 21H2 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 \nWindows Server 2022 Azure Edition Core Hotpatch \nWindows 10 Version 1809 for ARM64-based Systems \nWindows RT 8.1 \nWindows Server 2022 \nWindows Server 2012 \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2019 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 21H2 for 32-bit Systems \nWindows 10 Version 20H2 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for x64-based systems \nWindows 10 Version 21H2 for ARM64-based Systems \nWindows 10 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows Server 2012 R2 \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 11 for ARM64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2022 (Server Core installation) \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows 11 for x64-based Systems \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nRemote Desktop client for Windows Desktop \nWindows 10 Version 20H2 for ARM64-based Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-23281](<https://nvd.nist.gov/vuln/detail/CVE-2022-23281>) \n[CVE-2022-21973](<https://nvd.nist.gov/vuln/detail/CVE-2022-21973>) \n[CVE-2022-23285](<https://nvd.nist.gov/vuln/detail/CVE-2022-23285>) \n[CVE-2022-23296](<https://nvd.nist.gov/vuln/detail/CVE-2022-23296>) \n[CVE-2022-24454](<https://nvd.nist.gov/vuln/detail/CVE-2022-24454>) \n[CVE-2022-23293](<https://nvd.nist.gov/vuln/detail/CVE-2022-23293>) \n[CVE-2022-24503](<https://nvd.nist.gov/vuln/detail/CVE-2022-24503>) \n[CVE-2022-24502](<https://nvd.nist.gov/vuln/detail/CVE-2022-24502>) \n[CVE-2022-23297](<https://nvd.nist.gov/vuln/detail/CVE-2022-23297>) \n[CVE-2022-23298](<https://nvd.nist.gov/vuln/detail/CVE-2022-23298>) \n[CVE-2022-23253](<https://nvd.nist.gov/vuln/detail/CVE-2022-23253>) \n[CVE-2022-23283](<https://nvd.nist.gov/vuln/detail/CVE-2022-23283>) \n[CVE-2022-24459](<https://nvd.nist.gov/vuln/detail/CVE-2022-24459>) \n[CVE-2022-21990](<https://nvd.nist.gov/vuln/detail/CVE-2022-21990>) \n[CVE-2022-23299](<https://nvd.nist.gov/vuln/detail/CVE-2022-23299>) \n[CVE-2022-23290](<https://nvd.nist.gov/vuln/detail/CVE-2022-23290>) \n[CVE-2022-23291](<https://nvd.nist.gov/vuln/detail/CVE-2022-23291>) \n[CVE-2022-23301](<https://nvd.nist.gov/vuln/detail/CVE-2022-23301>) \n[CVE-2022-24505](<https://nvd.nist.gov/vuln/detail/CVE-2022-24505>) \n[CVE-2022-22006](<https://nvd.nist.gov/vuln/detail/CVE-2022-22006>) \n[CVE-2022-23294](<https://nvd.nist.gov/vuln/detail/CVE-2022-23294>) \n[CVE-2022-22010](<https://nvd.nist.gov/vuln/detail/CVE-2022-22010>) \n[CVE-2022-24457](<https://nvd.nist.gov/vuln/detail/CVE-2022-24457>) \n[CVE-2022-24460](<https://nvd.nist.gov/vuln/detail/CVE-2022-24460>) \n[CVE-2022-23300](<https://nvd.nist.gov/vuln/detail/CVE-2022-23300>) \n[CVE-2022-24456](<https://nvd.nist.gov/vuln/detail/CVE-2022-24456>) \n[CVE-2022-24508](<https://nvd.nist.gov/vuln/detail/CVE-2022-24508>) \n[CVE-2022-21967](<https://nvd.nist.gov/vuln/detail/CVE-2022-21967>) \n[CVE-2022-21977](<https://nvd.nist.gov/vuln/detail/CVE-2022-21977>) \n[CVE-2022-23288](<https://nvd.nist.gov/vuln/detail/CVE-2022-23288>) \n[CVE-2022-24451](<https://nvd.nist.gov/vuln/detail/CVE-2022-24451>) \n[CVE-2022-24455](<https://nvd.nist.gov/vuln/detail/CVE-2022-24455>) \n[CVE-2022-23286](<https://nvd.nist.gov/vuln/detail/CVE-2022-23286>) \n[CVE-2022-24501](<https://nvd.nist.gov/vuln/detail/CVE-2022-24501>) \n[CVE-2022-21975](<https://nvd.nist.gov/vuln/detail/CVE-2022-21975>) \n[CVE-2022-24453](<https://nvd.nist.gov/vuln/detail/CVE-2022-24453>) \n[CVE-2022-23295](<https://nvd.nist.gov/vuln/detail/CVE-2022-23295>) \n[CVE-2022-23284](<https://nvd.nist.gov/vuln/detail/CVE-2022-23284>) \n[CVE-2022-24525](<https://nvd.nist.gov/vuln/detail/CVE-2022-24525>) \n[CVE-2022-23287](<https://nvd.nist.gov/vuln/detail/CVE-2022-23287>) \n[CVE-2022-24507](<https://nvd.nist.gov/vuln/detail/CVE-2022-24507>) \n[CVE-2022-24452](<https://nvd.nist.gov/vuln/detail/CVE-2022-24452>) \n[CVE-2022-22007](<https://nvd.nist.gov/vuln/detail/CVE-2022-22007>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5011535](<http://support.microsoft.com/kb/5011535>) \n[5011564](<http://support.microsoft.com/kb/5011564>) \n[5011560](<http://support.microsoft.com/kb/5011560>) \n[5011527](<http://support.microsoft.com/kb/5011527>) \n[5011486](<http://support.microsoft.com/kb/5011486>) \n[5011487](<http://support.microsoft.com/kb/5011487>) \n[5011485](<http://support.microsoft.com/kb/5011485>) \n[5011580](<http://support.microsoft.com/kb/5011580>) \n[5011493](<http://support.microsoft.com/kb/5011493>) \n[5011503](<http://support.microsoft.com/kb/5011503>) \n[5011497](<http://support.microsoft.com/kb/5011497>) \n[5011495](<http://support.microsoft.com/kb/5011495>) \n[5011491](<http://support.microsoft.com/kb/5011491>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-08T00:00:00", "type": "kaspersky", "title": "KLA12483 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21967", "CVE-2022-21973", "CVE-2022-21975", "CVE-2022-21977", "CVE-2022-21990", "CVE-2022-22006", "CVE-2022-22007", "CVE-2022-22010", "CVE-2022-23253", "CVE-2022-23281", "CVE-2022-23283", "CVE-2022-23284", "CVE-2022-23285", "CVE-2022-23286", "CVE-2022-23287", "CVE-2022-23288", "CVE-2022-23290", "CVE-2022-23291", "CVE-2022-23293", "CVE-2022-23294", "CVE-2022-23295", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-23300", "CVE-2022-23301", "CVE-2022-24451", "CVE-2022-24452", "CVE-2022-24453", "CVE-2022-24454", "CVE-2022-24455", "CVE-2022-24456", "CVE-2022-24457", "CVE-2022-24459", "CVE-2022-24460", "CVE-2022-24501", "CVE-2022-24502", "CVE-2022-24503", "CVE-2022-24505", "CVE-2022-24507", "CVE-2022-24508", "CVE-2022-24525"], "modified": "2022-03-09T00:00:00", "id": "KLA12483", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12483/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2022-03-14T21:27:34", "description": "Hello everyone! I am glad to greet you from the most sanctioned country in the world. Despite all the difficulties, we carry on. I even have some time to release new episodes. This time it will be about Microsoft Patch Tuesday for March 2022. \n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239076>\n\nI do the analysis as usual with my open source tool Vulristics. You can still [download it on github](<https://github.com/leonov-av/vulristics>). I hope that github won't block Russian repositories and accounts, but for now it looks possible. Most likely, I will just start hosting the sources of my projects on avleonov.com in this case. Or on another domain, if it gets even tougher. Stay tuned.\n\nThis month there have been issues with getting Patch Tuesday blog posts from VM vendors. Qualys' site search broke and DuckDuckGo didn't index the ZDI blog well. Therefore, I added the links to them in **mspt-comments-links-path** manually.\n \n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"March\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n \n $ cat comments_links.txt \n Qualys|March 2022 Patch Tuesday: Microsoft Releases 92 Vulnerabilities with 3 Critical; Adobe Releases 3 Advisories, 6 Vulnerabilities with 5 Critical|https://blog.qualys.com/vulnerabilities-threat-research/2022/03/08/march-2022-patch-tuesday\n ZDI|THE MARCH 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/3/8/the-march-2022-security-update-review$ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"March\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n\nI made a change to Vulristics so now it can take into account the Exploit Code Maturity from the CVSS Temporal Score of the Microsoft object. Such a mark will be less critical than the presence of an exploit in any exploit pack, but still.\n\nOn March 8, Microsoft published 71 CVEs. Another 30 have been published before since last February's Patch Tuesday, all in Microsoft Edge. In total, 101 vulnerabilities. If we look at CVSS, 50 of them will have a "High" level. According to my Vulristics metric, only 26 of them will have a "High" level. I think it shows that my prioritization is better.\n\n 1. The most critical vulnerability in my report is **Remote Code Execution** - Microsoft Defender for IoT ([CVE-2022-23265](<https://vulners.com/cve/CVE-2022-23265>)). It may not be the most common product, but according to Microsoft, there is a Functional Exploit for this vulnerability. "The code works in most situations where the vulnerability exists". Agree that for such a vulnerability it is interesting. No VM vendors have highlighted this vulnerability.\n 2. In second place, **Remote Code Execution** - Windows Remote Desktop Client ([CVE-2022-21990](<https://vulners.com/cve/CVE-2022-21990>)). "If an attacker can lure an affected RDP client to connect to their RDP server, the attacker could trigger code execution on the targeted client". It's certainly hard to imagine anyone actually using such a scenario, but having a Proof-of-Concept Exploit, according to Microsoft, is interesting.\n 3. The following vulnerability was published prior to March Patch Tuesday. **Memory Corruption** - Microsoft Edge ([CVE-2022-0609](<https://vulners.com/cve/CVE-2022-0609>)). Why is this vulnerability here? Because this vulnerability is actively exploited in the wild and has even been included in the [CISA Known Exploited Vulnerabilities Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>).\n 4. The next is **Remote Code Execution** - Windows SMBv3 Client/Server ([CVE-2022-24508](<https://vulners.com/cve/CVE-2022-24508>)). "Authentication is required here, but since this affected both clients and servers, an attacker could use this for lateral movement within a network". The need for authentication makes this vulnerability less critical, but of course it's worth patching.\n 5. **Security Feature Bypass** - Windows HTML Platforms ([CVE-2022-24502](<https://vulners.com/cve/CVE-2022-24502>)). Another vulnerability that no one highlighted, but there is a Proof-of-Concept Exploit for it somewhere. Perhaps it will develop into something critical.\n 6. This vulnerability is the first one that catches the eye, since it is in software that is usually available on the network perimeter. **Remote Code Execution** - Microsoft Exchange ([CVE-2022-23277](<https://vulners.com/cve/CVE-2022-23277>)). "The vulnerability would allow an authenticated attacker to execute their code with elevated privileges through a network call. Thankfully, this is a post-authentication vulnerability, meaning attackers need credentials to exploit it. Although passwords can be obtained via phishing and other means, this one shouldn\u2019t be as rampantly exploited as the deluge of Exchange vulnerabilities we saw throughout 2021. Exchange administrators should still patch as soon as reasonably possible." Seems like it needs to be patched first. But while there is no public exploit, there is time to do it without much haste. Also, due to the need to get credentials, this vulnerability will most likely not be exploited in broadcast attacks.\n 7. And the last vulnerability that I would like to mention is **Elevation of Privilege** - Windows Fax and Scan Service ([CVE-2022-24459](<https://vulners.com/cve/CVE-2022-24459>)). Also, not much is known about it, except that according to Microsoft there is a Proof-of-Concept Exploit for it.\n\nYou can see the full version of the report here: \n[ms_patch_tuesday_march2022_report_with_comments_ext_img.html](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_march2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-14T17:33:28", "type": "avleonov", "title": "Microsoft Patch Tuesday March 2022", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-21990", "CVE-2022-23265", "CVE-2022-23277", "CVE-2022-24459", "CVE-2022-24502", "CVE-2022-24508"], "modified": "2022-03-14T17:33:28", "id": "AVLEONOV:84C227D6BCF2EBE9D3A584B815D5145A", "href": "https://avleonov.com/2022/03/14/microsoft-patch-tuesday-march-2022/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2022-03-14T19:28:34", "description": "![Patch Tuesday - March 2022](https://blog.rapid7.com/content/images/2022/03/patches-2.jpg)\n\nMicrosoft's [March 2022 updates](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar>) include fixes for 92 CVEs (including 21 from the Chromium project, which is used by their Edge web browser). None of them have been seen exploited in the wild, but three have been previously disclosed. [CVE-2022-24512](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512>), affecting .NET and Visual Studio, and [CVE-2022-21990](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21990>), affecting Remote Desktop Client, both allow RCE (Remote Code Execution). [CVE-2022-24459](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24459>) is an LPE (local privilege escalation) vulnerability in the Windows Fax and Scan service. All three publicly disclosed vulnerabilities are rated Important \u2013 organizations should remediate at their regular patch cadence.\n\nThree CVEs this month are rated Critical. [CVE-2022-22006](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22006>) and [CVE-2022-24501](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24501>) both affect video codecs. In most cases, these will update automatically via the Microsoft Store. However, any organizations with automatic updates disabled should be sure to push out updates. The vulnerability most likely to raise eyebrows this month is [CVE-2022-23277](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23277>), a Critical RCE affecting Exchange Server. Thankfully, this is a post-authentication vulnerability, meaning attackers need credentials to exploit it. Although passwords can be obtained via phishing and other means, this one shouldn\u2019t be as rampantly exploited as the [deluge](<https://www.rapid7.com/blog/post/2021/03/03/mass-exploitation-of-exchange-server-zero-day-cves-what-you-need-to-know/>) of Exchange vulnerabilities we saw throughout 2021. Exchange administrators should still patch as soon as reasonably possible.\n\nSharePoint administrators get a break this month, though on the client side, a handful of Office vulnerabilities were fixed. [Three](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24509>) [separate](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24461>) [RCEs](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24510>) in Visio, [Tampering](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24511>) and [Security Feature Bypass](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24462>) vulnerabilities in Word, and [Information Disclosure](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24522>) in the Skype Extension for Chrome all got patched.\n\n[CVE-2022-24508](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24508>) is an RCE affecting Windows SMBv3, which has potential for widespread exploitation, assuming an attacker can put together a suitable exploit. Luckily, like this month's Exchange vulnerabilities, this too requires authentication.\n\nOrganizations using Microsoft\u2019s Azure Site Recovery service should be aware that 11 CVEs were fixed with today\u2019s updates, split between RCEs and LPEs. They are all specific to the scenario where an on-premise VMware deployment is set up to use Azure for disaster recovery.\n\n## Summary charts\n\n![Patch Tuesday - March 2022](https://blog.rapid7.com/content/images/2022/03/2022-03-vuln_count_severity.png)![Patch Tuesday - March 2022](https://blog.rapid7.com/content/images/2022/03/2022-03-vuln_count_impact.png)![Patch Tuesday - March 2022](https://blog.rapid7.com/content/images/2022/03/2022-03-cvssv3_hist.png)![Patch Tuesday - March 2022](https://blog.rapid7.com/content/images/2022/03/2022-03-vuln_count_component.png)\n\n## Summary tables\n\n### Apps vulnerabilities\n\nCVE | Title | Exploited | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-23282](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23282>) | Paint 3D Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-24465](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24465>) | Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability | No | No | 3.3 | Yes \n \n### Azure vulnerabilities\n\nCVE | Title | Exploited | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-24467](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24467>) | Azure Site Recovery Remote Code Execution Vulnerability | No | No | 7.2 | Yes \n[CVE-2022-24468](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24468>) | Azure Site Recovery Remote Code Execution Vulnerability | No | No | 7.2 | Yes \n[CVE-2022-24517](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24517>) | Azure Site Recovery Remote Code Execution Vulnerability | No | No | 7.2 | Yes \n[CVE-2022-24470](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24470>) | Azure Site Recovery Remote Code Execution Vulnerability | No | No | 7.2 | Yes \n[CVE-2022-24471](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24471>) | Azure Site Recovery Remote Code Execution Vulnerability | No | No | 7.2 | Yes \n[CVE-2022-24520](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24520>) | Azure Site Recovery Remote Code Execution Vulnerability | No | No | 7.2 | Yes \n[CVE-2022-24469](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24469>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-24506](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24506>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-24515](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24515>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-24518](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24518>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-24519](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24519>) | Azure Site Recovery Elevation of Privilege Vulnerability | No | No | 6.5 | Yes \n \n### Browser vulnerabilities\n\nCVE | Title | Exploited | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-0809](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0809>) | Chromium: CVE-2022-0809 Out of bounds memory access in WebXR | No | No | N/A | Yes \n[CVE-2022-0808](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0808>) | Chromium: CVE-2022-0808 Use after free in Chrome OS Shell | No | No | N/A | Yes \n[CVE-2022-0807](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0807>) | Chromium: CVE-2022-0807 Inappropriate implementation in Autofill | No | No | N/A | Yes \n[CVE-2022-0806](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0806>) | Chromium: CVE-2022-0806 Data leak in Canvas | No | No | N/A | Yes \n[CVE-2022-0805](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0805>) | Chromium: CVE-2022-0805 Use after free in Browser Switcher | No | No | N/A | Yes \n[CVE-2022-0804](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0804>) | Chromium: CVE-2022-0804 Inappropriate implementation in Full screen mode | No | No | N/A | Yes \n[CVE-2022-0803](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0803>) | Chromium: CVE-2022-0803 Inappropriate implementation in Permissions | No | No | N/A | Yes \n[CVE-2022-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0802>) | Chromium: CVE-2022-0802 Inappropriate implementation in Full screen mode | No | No | N/A | Yes \n[CVE-2022-0801](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0801>) | Chromium: CVE-2022-0801 Inappropriate implementation in HTML parser | No | No | N/A | Yes \n[CVE-2022-0800](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0800>) | Chromium: CVE-2022-0800 Heap buffer overflow in Cast UI | No | No | N/A | Yes \n[CVE-2022-0799](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0799>) | Chromium: CVE-2022-0799 Insufficient policy enforcement in Installer | No | No | N/A | Yes \n[CVE-2022-0798](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0798>) | Chromium: CVE-2022-0798 Use after free in MediaStream | No | No | N/A | Yes \n[CVE-2022-0797](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0797>) | Chromium: CVE-2022-0797 Out of bounds memory access in Mojo | No | No | N/A | Yes \n[CVE-2022-0796](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0796>) | Chromium: CVE-2022-0796 Use after free in Media | No | No | N/A | Yes \n[CVE-2022-0795](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0795>) | Chromium: CVE-2022-0795 Type Confusion in Blink Layout | No | No | N/A | Yes \n[CVE-2022-0794](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0794>) | Chromium: CVE-2022-0794 Use after free in WebShare | No | No | N/A | Yes \n[CVE-2022-0793](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0793>) | Chromium: CVE-2022-0793 Use after free in Views | No | No | N/A | Yes \n[CVE-2022-0792](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0792>) | Chromium: CVE-2022-0792 Out of bounds read in ANGLE | No | No | N/A | Yes \n[CVE-2022-0791](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0791>) | Chromium: CVE-2022-0791 Use after free in Omnibox | No | No | N/A | Yes \n[CVE-2022-0790](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0790>) | Chromium: CVE-2022-0790 Use after free in Cast UI | No | No | N/A | Yes \n[CVE-2022-0789](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0789>) | Chromium: CVE-2022-0789 Heap buffer overflow in ANGLE | No | No | N/A | Yes \n \n### Developer Tools vulnerabilities\n\nCVE | Title | Exploited | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-24526](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24526>) | Visual Studio Code Spoofing Vulnerability | No | No | 6.1 | Yes \n[CVE-2020-8927](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-8927>) | Brotli Library Buffer Overflow Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-24512](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512>) | .NET and Visual Studio Remote Code Execution Vulnerability | No | Yes | 6.3 | Yes \n[CVE-2022-24464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464>) | .NET and Visual Studio Denial of Service Vulnerability | No | No | 7.5 | No \n \n### Exchange Server vulnerabilities\n\nCVE | Title | Exploited | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-24463](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24463>) | Microsoft Exchange Server Spoofing Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-23277](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23277>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n \n### Microsoft Office vulnerabilities\n\nCVE | Title | Exploited | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-24522](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24522>) | Skype Extension for Chrome Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-24462](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24462>) | Microsoft Word Security Feature Bypass Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-24511](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24511>) | Microsoft Office Word Tampering Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-24509](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24509>) | Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-24461](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24461>) | Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-24510](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24510>) | Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### System Center vulnerabilities\n\nCVE | Title | Exploited | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-23265](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23265>) | Microsoft Defender for IoT Remote Code Execution Vulnerability | No | No | 7.2 | Yes \n[CVE-2022-23266](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23266>) | Microsoft Defender for IoT Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-23278](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23278>) | Microsoft Defender for Endpoint Spoofing Vulnerability | No | No | 5.9 | Yes \n \n### Windows vulnerabilities\n\nCVE | Title | Exploited | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-21967](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21967>) | Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-24525](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24525>) | Windows Update Stack Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-24508](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24508>) | Windows SMBv3 Client/Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-23284](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23284>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.2 | No \n[CVE-2022-21975](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21975>) | Windows Hyper-V Denial of Service Vulnerability | No | No | 4.7 | Yes \n[CVE-2022-23294](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23294>) | Windows Event Tracing Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-23291](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23291>) | Windows DWM Core Library Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-23288](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23288>) | Windows DWM Core Library Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-23286](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23286>) | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-24455](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24455>) | Windows CD-ROM Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-24507](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24507>) | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-23287](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23287>) | Windows ALPC Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-24505](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24505>) | Windows ALPC Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-24501](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24501>) | VP9 Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-24451](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24451>) | VP9 Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-24460](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24460>) | Tablet Windows User Interface Application Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-23295](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23295>) | Raw Image Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-23300](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23300>) | Raw Image Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-22010](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22010>) | Media Foundation Information Disclosure Vulnerability | No | No | 4.4 | Yes \n[CVE-2022-21977](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21977>) | Media Foundation Information Disclosure Vulnerability | No | No | 3.3 | Yes \n[CVE-2022-22006](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22006>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-23301](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23301>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-22007](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22007>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-24452](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24452>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-24453](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24453>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-24456](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24456>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-24457](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24457>) | HEIF Image Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### Windows ESU vulnerabilities\n\nCVE | Title | Exploited | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-24454](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24454>) | Windows Security Support Provider Interface Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-23299](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23299>) | Windows PDEV Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-23298](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23298>) | Windows NT OS Kernel Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-23297](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23297>) | Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-21973](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21973>) | Windows Media Center Update Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2022-23296](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23296>) | Windows Installer Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-23290](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23290>) | Windows Inking COM Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-24502](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24502>) | Windows HTML Platforms Security Feature Bypass Vulnerability | No | No | 4.3 | Yes \n[CVE-2022-24459](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24459>) | Windows Fax and Scan Service Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n[CVE-2022-23293](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23293>) | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-23281](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23281>) | Windows Common Log File System Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-23283](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23283>) | Windows ALPC Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-24503](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24503>) | Remote Desktop Protocol Client Information Disclosure Vulnerability | No | No | 5.4 | Yes \n[CVE-2022-21990](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21990>) | Remote Desktop Client Remote Code Execution Vulnerability | No | Yes | 8.8 | Yes \n[CVE-2022-23285](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23285>) | Remote Desktop Client Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-23253](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23253>) | Point-to-Point Tunneling Protocol Denial of Service Vulnerability | No | No | 6.5 | No \n \n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-08T21:08:35", "type": "rapid7blog", "title": "Patch Tuesday - March 2022", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8927", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809", "CVE-2022-21967", "CVE-2022-21973", "CVE-2022-21975", "CVE-2022-21977", "CVE-2022-21990", "CVE-2022-22006", "CVE-2022-22007", "CVE-2022-22010", "CVE-2022-23253", "CVE-2022-23265", "CVE-2022-23266", "CVE-2022-23277", "CVE-2022-23278", "CVE-2022-23281", "CVE-2022-23282", "CVE-2022-23283", "CVE-2022-23284", "CVE-2022-23285", "CVE-2022-23286", "CVE-2022-23287", "CVE-2022-23288", "CVE-2022-23290", "CVE-2022-23291", "CVE-2022-23293", "CVE-2022-23294", "CVE-2022-23295", "CVE-2022-23296", "CVE-2022-23297", "CVE-2022-23298", "CVE-2022-23299", "CVE-2022-23300", "CVE-2022-23301", "CVE-2022-24451", "CVE-2022-24452", "CVE-2022-24453", "CVE-2022-24454", "CVE-2022-24455", "CVE-2022-24456", "CVE-2022-24457", "CVE-2022-24459", "CVE-2022-24460", "CVE-2022-24461", "CVE-2022-24462", "CVE-2022-24463", "CVE-2022-24464", "CVE-2022-24465", "CVE-2022-24467", "CVE-2022-24468", "CVE-2022-24469", "CVE-2022-24470", "CVE-2022-24471", "CVE-2022-24501", "CVE-2022-24502", "CVE-2022-24503", "CVE-2022-24505", "CVE-2022-24506", "CVE-2022-24507", "CVE-2022-24508", "CVE-2022-24509", "CVE-2022-24510", "CVE-2022-24511", "CVE-2022-24512", "CVE-2022-24515", "CVE-2022-24517", "CVE-2022-24518", "CVE-2022-24519", "CVE-2022-24520", "CVE-2022-24522", "CVE-2022-24525", "CVE-2022-24526"], "modified": "2022-03-08T21:08:35", "id": "RAPID7BLOG:C62665D003B287EB5E4FC604B7578606", "href": "https://blog.rapid7.com/2022/03/08/patch-tuesday-march-2022/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}