Security News > 2022 > March > Microsoft patches critical remote-code-exec hole in Exchange Server and others

Microsoft has addressed 71 security flaws, including three critical remote code execution vulnerabilities, in its monthly Patch Tuesday update.
Yes, an attacker needs to be authenticated, though Sophos Lab threat researcher Christopher Budd noted: "Given what we've seen recently around attacks against Exchange vulnerabilities, the critical severity rating and the nature of the vulnerability makes this an issue that should be patched as soon as possible."
SAP Security Note #3154684, which received a perfect 10.0 CVSS score, is one of these Log4j patches.
SAP Security Note #3145987, with a CVSS score of 9.3, patches a missing authentication vulnerability in the SAP Simple Diagnostics Agent.
The vendor said it will issue source code patches for these vulnerabilities to the Android Open Source Project repository in the next 48 hours.
The most severe Android flaw is a critical security vulnerability in the system component that could lead to remote escalation of privilege with no additional execution privileges or user interaction needed.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/09/microsoft_patch_tuesday/
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Critical AMI MegaRAC bug can let attackers hijack, brick servers (source)
- Microsoft Exchange Online outage affects Outlook web users (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)