Microsoft 8 marca 2022 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 92 poprawki bezpieczeństwa, w tym 3 oznaczonych jako krytyczne.
Description |
|||||||
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) |
CVSS Temporal (AVG) |
.NET and Visual Studio Denial of Service Vulnerability |
|||||||
CVE-2022-24464 | No | No | Less Likely | Less Likely | Important | 7.5 |
6.5 |
.NET and Visual Studio Remote Code Execution Vulnerability |
|||||||
CVE-2022-24512 | Yes | No | Less Likely | Less Likely | Important | 6.3 |
5.5 |
Azure Site Recovery Elevation of Privilege Vulnerability |
|||||||
CVE-2022-24506 | No | No | Less Likely | Less Likely | Important | 6.5 |
5.7 |
No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 | |
CVE-2022-24469 | No | No | Less Likely | Less Likely | Important | 8.1 |
7.1 |
No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 | |
CVE-2022-24519 | No | No | Less Likely | Less Likely | Important | 6.5 |
5.7 |
Azure Site Recovery Remote Code Execution Vulnerability |
|||||||
CVE-2022-24467 | No | No | Less Likely | Less Likely | Important | 7.2 |
6.3 |
No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 | |
CVE-2022-24517 | No | No | Less Likely | Less Likely | Important | 7.2 |
6.3 |
No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 | |
CVE-2022-24471 | No | No | Less Likely | Less Likely | Important | 7.2 |
6.3 |
No | No | Less Likely | Less Likely | Important | 7.2 | 6.3 | |
Brotli Library Buffer Overflow Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 | |
Chromium: CVE-2022-0789 Heap buffer overflow in ANGLE |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0790 Use after free in Cast UI |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0791 Use after free in Omnibox |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0792 Out of bounds read in ANGLE |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0793 Use after free in Views |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0794 Use after free in WebShare |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0795 Type Confusion in Blink Layout |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0796 Use after free in Media |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0797 Out of bounds memory access in Mojo |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0798 Use after free in MediaStream |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0799 Insufficient policy enforcement in Installer |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0800 Heap buffer overflow in Cast UI |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0801 Inappropriate implementation in HTML parser |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0802 Inappropriate implementation in Full screen mode |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0803 Inappropriate implementation in Permissions |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0804 Inappropriate implementation in Full screen mode |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0805 Use after free in Browser Switcher |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0806 Data leak in Canvas |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0807 Inappropriate implementation in Autofill |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0808 Use after free in Chrome OS Shell |
|||||||
No | No | – | – | – | |||
Chromium: CVE-2022-0809 Out of bounds memory access in WebXR |
|||||||
No | No | – | – | – | |||
HEIF Image Extensions Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
HEVC Video Extensions Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
CVE-2022-22006 | No | No | Less Likely | Less Likely | Critical | 7.8 |
6.8 |
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
CVE-2022-24452 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
CVE-2022-24456 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Media Foundation Information Disclosure Vulnerability |
|||||||
CVE-2022-21977 | No | No | Less Likely | Less Likely | Important | 3.3 |
2.9 |
No | No | Less Likely | Less Likely | Important | 4.4 | 3.9 | |
Microsoft Defender for Endpoint Spoofing Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.9 | 5.2 | |
Microsoft Defender for IoT Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Microsoft Defender for IoT Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.2 | 6.7 | |
Microsoft Exchange Server Remote Code Execution Vulnerability |
|||||||
No | No | More Likely | More Likely | Critical | 8.8 | 7.7 | |
Microsoft Exchange Server Spoofing Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
Microsoft Office Visio Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
CVE-2022-24461 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Microsoft Office Word Tampering Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
Microsoft Word Security Feature Bypass Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
Paint 3D Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Point-to-Point Tunneling Protocol Denial of Service Vulnerability |
|||||||
No | No | More Likely | More Likely | Important | 6.5 | 5.7 | |
Raw Image Extension Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
CVE-2022-23300 | No | No | Unlikely | Unlikely | Important | 7.8 |
6.8 |
Remote Desktop Client Remote Code Execution Vulnerability |
|||||||
CVE-2022-21990 | Yes | No | More Likely | More Likely | Important | 8.8 |
7.9 |
No | No | More Likely | More Likely | Important | 8.8 | 7.7 | |
Remote Desktop Protocol Client Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.4 | 4.7 | |
Skype Extension for Chrome Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 | |
Tablet Windows User Interface Application Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 | |
VP9 Video Extensions Remote Code Execution Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
CVE-2022-24501 | No | No | Less Likely | Less Likely | Critical | 7.8 |
6.8 |
Visual Studio Code Spoofing Vulnerability |
|||||||
CVE-2022-24526 | No | No | Less Likely | Less Likely | Important | 6.1 |
5.3 |
Windows ALPC Elevation of Privilege Vulnerability |
|||||||
CVE-2022-23283 | No | No | Less Likely | Less Likely | Important | 7.0 |
6.1 |
No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 | |
CVE-2022-24505 | No | No | Less Likely | Less Likely | Important | 7.0 |
6.1 |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
|||||||
CVE-2022-24507 | No | No | More Likely | More Likely | Important | 7.8 |
6.8 |
Windows CD-ROM Driver Elevation of Privilege Vulnerability |
|||||||
CVE-2022-24455 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
|||||||
CVE-2022-23286 | No | No | More Likely | More Likely | Important | 7.0 |
6.1 |
Windows Common Log File System Driver Information Disclosure Vulnerability |
|||||||
CVE-2022-23281 | No | No | Less Likely | Less Likely | Important | 5.5 |
4.8 |
Windows DWM Core Library Elevation of Privilege Vulnerability |
|||||||
CVE-2022-23291 | No | No | Less Likely | Less Likely | Important | 7.8 |
6.8 |
No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 | |
Windows Event Tracing Remote Code Execution Vulnerability |
|||||||
No | No | More Likely | More Likely | Important | 8.8 | 7.7 | |
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Fax and Scan Service Elevation of Privilege Vulnerability |
|||||||
Yes | No | Less Likely | Less Likely | Important | 7.8 | 7.0 | |
Windows HTML Platforms Security Feature Bypass Vulnerability |
|||||||
No | No | More Likely | More Likely | Important | 4.3 | 3.9 | |
Windows Hyper-V Denial of Service Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 4.7 | 4.1 | |
Windows Inking COM Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Installer Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Media Center Update Denial of Service Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 | |
Windows NT OS Kernel Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 | |
Windows PDEV Elevation of Privilege Vulnerability |
|||||||
No | No | More Likely | More Likely | Important | 7.8 | 6.8 | |
Windows Print Spooler Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.2 | 6.5 | |
Windows SMBv3 Client/Server Remote Code Execution Vulnerability |
|||||||
No | No | More Likely | More Likely | Important | 8.8 | 7.7 | |
Windows Security Support Provider Interface Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 | |
Windows Update Stack Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 | |
Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability |
|||||||
No | No | Less Likely | Less Likely | Important | 7.0 |
6.1 |