![]() ![]() ![]() In addition to releasing an update for this vulnerability, Microsoft has also provided a workaround that may be helpful in your situation. This vulnerability has a CVSSv3.1 score of 8.8/10. Using the APIs, the attacker can also modify/delete configuration data which in turn will impact Site Recovery operation.Įxploitability Assessment: Exploitation Less Likely.ĬVE-2022-24508 – Windows SMBv3 Client/Server Remote Code Execution (RCE) Vulnerability An attacker can call Azure Site Recovery APIs provided by the Configuration Server and in turn, get access to configuration data including credentials for the protected systems. ![]() This vulnerability has a CVSSv3.1 score of 8.1/10. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.ĬVE-2022-24469 – Azure Site Recovery Elevation of Privilege Vulnerability The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution (RCE). In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.Įxploitability Assessment: Exploitation More Likely.ĬVE-2022-23277 – Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability NET and Visual Studio, Azure Site Recovery, Defender, Edge (Chromium-based), Exchange Server, HEIF Image Extension, HEVC Video Extension, Intune, Microsoft 365 Apps, Office, Paint 3D, Remote Desktop, SMB Server and Windows OS.ĬVE-2022-21990 and CVE-2022-23285 – Remote Desktop Client Remote Code Execution (RCE) Vulnerability This month’s advisory covers multiple Microsoft products, including, but not limited to. Notable Microsoft Vulnerabilities Patched Microsoft has fixed several problems in their software including Denial of Service, Edge – Chromium, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, and Spoofing vulnerabilities. As of this writing, none of this month’s list of vulnerabilities is known to be actively exploited in the wild. This month’s Patch Tuesday release includes fixes for three (3) publicly disclosed zero-day vulnerabilities as well. Microsoft has fixed 92 vulnerabilities, including 21 Microsoft Edge vulnerabilities, in the March 2022 update, with three (3) classified as Critical as they allow Remote Code Execution (RCE). Last updated on: OctoMicrosoft Patch Tuesday Summary ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |