Microsoft Security Bulletin Coverage for March 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2022. A list of issues reported, along with SonicWall coverage information, is as follows:
CVE-2022-21990 Remote Desktop Client Remote Code Execution Vulnerability
ASPY 300:Malformed-File exe.MP_239
CVE-2022-23253 Point-to-Point Tunneling Protocol Denial of Service Vulnerability
IPS 2558:Malformed PPTP Request 2
CVE-2022-23285 Remote Desktop Client Remote Code Execution Vulnerability
ASPY 301:Malformed-File exe.MP_240
CVE-2022-23286 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
ASPY 302:Malformed-File exe.MP_241
CVE-2022-23299 Windows PDEV Elevation of Privilege Vulnerability
ASPY 303:Malformed-File exe.MP_242
CVE-2022-24502 Windows HTML Platforms Security Feature Bypass Vulnerability
IPS 15754:Internet Explorer Security Feature Bypass (CVE-2022-24502)
CVE-2022-24507 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
ASPY 304:Malformed-File exe.MP_243
The following vulnerabilities do not have exploits in the wild :
CVE-2020-8927 Brotli Library Buffer Overflow Vulnerability
There are no known exploits in the wild.
CVE-2022-21967 Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-21973 Windows Media Center Update Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-21975 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-21977 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-22006 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-22007 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-22010 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-23265 Microsoft Defender for IoT Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-23266 Microsoft Defender for IoT Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2022-23281 Windows Common Log File System Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-23282 Paint 3D Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-23283 Windows ALPC Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-23284 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-23287 Windows ALPC Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-23288 Windows DWM Core Library Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-23290 Windows Inking COM Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-23291 Windows DWM Core Library Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-23293 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-23294 Windows Event Tracing Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-23295 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-23296 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-23297 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-23298 Windows NT OS Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-23300 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-23301 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24451 VP9 Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24452 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24453 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24454 Windows Security Support Provider Interface Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24455 Windows CD-ROM Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24456 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24457 HEIF Image Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24459 Windows Fax and Scan Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24460 Tablet Windows User Interface Application Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24461 Microsoft Office Visio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24462 Microsoft Word Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-24463 Microsoft Exchange Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2022-24464 .NET and Visual Studio Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-24465 Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-24467 Azure Site Recovery Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24468 Azure Site Recovery Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24469 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24470 Azure Site Recovery Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24471 Azure Site Recovery Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24501 VP9 Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24503 Remote Desktop Protocol Client Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-24505 Windows ALPC Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24506 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24508 Windows SMBv3 Client Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24509 Microsoft Office Visio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24510 Microsoft Office Visio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24511 Microsoft Office Word Tampering Vulnerability
There are no known exploits in the wild.
CVE-2022-24512 .NET and Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24515 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24517 Azure Site Recovery Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24518 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24519 Azure Site Recovery Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24520 Azure Site Recovery Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-24522 Skype Extension for Chrome Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-24525 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-24526 Visual Studio Code Spoofing Vulnerability
There are no known exploits in the wild.