• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Compliance, IT Infrastructure, Network Security, News

March 2022 Patch Tuesday: Patch Exchange Sever, RDP Bugs ASAP

Microsoft has released 71 security patches as part of the March 2022 Patch Tuesday, including 3 zero days and 3 critical vulnerabilities.

March 8, 2022 Zachary Comeau Leave a Comment

MIcrosoft Entra External ID
stock.adobe.com/Peter

Microsoft has released 71 new security patches addressing vulnerabilities as part of the March 2022 Patch Tuesday, including three zero day bugs and three critical-rated software flaws.

The patches fix issues in Windows, Azure Site Recovery, Microsoft Defender for Endpoint and IoT, Intune, Edge, Windows HTML Platforms, Office, Skype for Chrome, .NET and Visual Studio, Windows RDP, SMB Server, and Xbox.

According to Zero Day Initiative, the patches are in addition to 21 bugs patched by Microsoft Edge (Chromium-based) earlier this month, bringing the total of bugs patched this month to 92.

In a blog, the Trend Micro-owned bug disclosure initiative, said the volume is in line with previous March releases, although the number of Critical-rated bugs is low.

None of the vulnerabilities are listed as under active exploit, but three are publicly known. However, there are a few that IT admins should prioritize:

CVE-2022-23277 – Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft disclosed yet another Exchange Server RCE bug this Patch Tuesday, which allows an authenticated attacker to execute code with elevated privileges through a network call. This is definitely one to prioritize, as it is rated critical and is now difficult to exploit. In its blog, ZDI says this will likely be exploited in the wild soon.

CVE-2022-21990 – Remote Desktop Client Remote Code Execution Vulnerability

According to ZDI, this important-rated bug is listed as publicly known, so admins should treat it as a critical one. If attackers can lure an affected RDP client to connect to their RDP server, they can trigger code execution on the targeted client. While not as severe as some pervious RDP server bugs, admins should patch this immediately.

CVE-2022-24508 – Windows SMBv3 Client/Server Remote Code Execution Vulnerability

According to ZDI, this vulnerability is similar to CVE-2020-0796, dubbed SMBGhost, that could allow an attacker to execute code on Windows 10 version 2004 and later. Both list disabling SMBv3 compression as a workaround for SMB servers, but this doesn’t help clients, the blog notes. In 2020, Microsoft said SMBv3 compression was not yet used by Windows or Windows Server, so disabling would have no negative impact, but this new advisory doesn’t say the same, ZDI notes. While authentication is required, an attacker could use this for lateral movement within a network since it affects both clients and servers.

HEVC & VP9 Video Extensions Remote Code Execution Vulnerabilities

There are eight RCE bugs in HEVC and VP9 Video Extensions, including two rated critical (one for each extension type) that would lead to a crash if a user is tricked into downloading and opening a specially crafted file.

Two other Zero Days

The two other publicly known bugs include on in .NET and Visual Studio, a remote code execution flaw. However, Microsoft didn’t release any additional information about it. The other publicly known vulnerability is in Windows Fax and Scan Service, an elevation of privilege bug.

11 Azure Site Recovery CVEs

These vulnerabilities — all of which are rated as important — are elevation of privilege or remote code execution bugs in Azure’s native disaster recovery as a service tool. If this platform is used in your environment, install these patches immediately.

For more information on Microsoft’s March 2022 Patch Tuesday, read ZDI’s blog. 

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Microsoft, Patch Tuesday

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Practical Design Guide for Office SpacesPractical Design Guide for Office Spaces

    Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-face time with co-workers. When designing the office spaces — and meeting spaces in particular — enabling that connection between co-workers is crucial. But introducing the right collaboration technology in meeting spaces can […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.