Security News > 2022 > March > Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
Microsoft has addressed 71 security vulnerabilities in its scheduled March Patch Tuesday update - only three of which are rated critical in severity.
Three of the bugs are listed as publicly known zero-days, but none of them are listed as having been exploited in the wild.
It's worth noting that the update marks the second month in a row with a surprisingly low number of critical patches; in fact, February's Patch Tuesday update didn't list any.
"It's unclear if this low percentage of bugs is just a coincidence, or if Microsoft might be evaluating the severity using different calculus than in the past."
Breen pointed out that the bug is one of three RCE bugs affecting RDP included in the advisory; the other two are CVE-2022-23285 and CVE-2022-24503.
Microsoft offered no technical details about the third publicly known bug.
News URL
https://threatpost.com/microsoft-zero-days-critical-bugsmarch-patch-tuesday/178817/
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-09 | CVE-2022-24503 | Unspecified vulnerability in Microsoft products Remote Desktop Protocol Client Information Disclosure Vulnerability | 5.4 |
| 2022-03-09 | CVE-2022-23285 | Unspecified vulnerability in Microsoft products Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |