Security News > 2022 > March > Microsoft patches critical remote-code-exec hole in Exchange Server and others

Microsoft has addressed 71 security flaws, including three critical remote code execution vulnerabilities, in its monthly Patch Tuesday update.

Yes, an attacker needs to be authenticated, though Sophos Lab threat researcher Christopher Budd noted: "Given what we've seen recently around attacks against Exchange vulnerabilities, the critical severity rating and the nature of the vulnerability makes this an issue that should be patched as soon as possible."

SAP Security Note #3154684, which received a perfect 10.0 CVSS score, is one of these Log4j patches.

SAP Security Note #3145987, with a CVSS score of 9.3, patches a missing authentication vulnerability in the SAP Simple Diagnostics Agent.

The vendor said it will issue source code patches for these vulnerabilities to the Android Open Source Project repository in the next 48 hours.

The most severe Android flaw is a critical security vulnerability in the system component that could lead to remote escalation of privilege with no additional execution privileges or user interaction needed.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/09/microsoft_patch_tuesday/