Microsoft 8 marca 2022 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 92 poprawki bezpieczeństwa, w tym 3 oznaczonych jako krytyczne.

Description

CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG)

CVSS Temporal (AVG)

.NET and Visual Studio Denial of Service Vulnerability

CVE-2022-24464 No No Less Likely Less Likely Important 7.5

6.5

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2022-24512 Yes No Less Likely Less Likely Important 6.3

5.5

Azure Site Recovery Elevation of Privilege Vulnerability

CVE-2022-24506 No No Less Likely Less Likely Important 6.5

5.7

CVE-2022-24515

No No Less Likely Less Likely Important 6.5 5.7
CVE-2022-24469 No No Less Likely Less Likely Important 8.1

7.1

CVE-2022-24518

No No Less Likely Less Likely Important 6.5 5.7
CVE-2022-24519 No No Less Likely Less Likely Important 6.5

5.7

Azure Site Recovery Remote Code Execution Vulnerability

CVE-2022-24467 No No Less Likely Less Likely Important 7.2

6.3

CVE-2022-24468

No No Less Likely Less Likely Important 7.2 6.3
CVE-2022-24517 No No Less Likely Less Likely Important 7.2

6.3

CVE-2022-24470

No No Less Likely Less Likely Important 7.2 6.3
CVE-2022-24471 No No Less Likely Less Likely Important 7.2

6.3

CVE-2022-24520

No No Less Likely Less Likely Important 7.2 6.3

Brotli Library Buffer Overflow Vulnerability

CVE-2020-8927

No No Less Likely Less Likely Important 6.5 5.7

Chromium: CVE-2022-0789 Heap buffer overflow in ANGLE

CVE-2022-0789

No No

Chromium: CVE-2022-0790 Use after free in Cast UI

CVE-2022-0790

No No

Chromium: CVE-2022-0791 Use after free in Omnibox

CVE-2022-0791

No No

Chromium: CVE-2022-0792 Out of bounds read in ANGLE

CVE-2022-0792

No No

Chromium: CVE-2022-0793 Use after free in Views

CVE-2022-0793

No No

Chromium: CVE-2022-0794 Use after free in WebShare

CVE-2022-0794

No No

Chromium: CVE-2022-0795 Type Confusion in Blink Layout

CVE-2022-0795

No No

Chromium: CVE-2022-0796 Use after free in Media

CVE-2022-0796

No No

Chromium: CVE-2022-0797 Out of bounds memory access in Mojo

CVE-2022-0797

No No

Chromium: CVE-2022-0798 Use after free in MediaStream

CVE-2022-0798

No No

Chromium: CVE-2022-0799 Insufficient policy enforcement in Installer

CVE-2022-0799

No No

Chromium: CVE-2022-0800 Heap buffer overflow in Cast UI

CVE-2022-0800

No No

Chromium: CVE-2022-0801 Inappropriate implementation in HTML parser

CVE-2022-0801

No No

Chromium: CVE-2022-0802 Inappropriate implementation in Full screen mode

CVE-2022-0802

No No

Chromium: CVE-2022-0803 Inappropriate implementation in Permissions

CVE-2022-0803

No No

Chromium: CVE-2022-0804 Inappropriate implementation in Full screen mode

CVE-2022-0804

No No

Chromium: CVE-2022-0805 Use after free in Browser Switcher

CVE-2022-0805

No No

Chromium: CVE-2022-0806 Data leak in Canvas

CVE-2022-0806

No No

Chromium: CVE-2022-0807 Inappropriate implementation in Autofill

CVE-2022-0807

No No

Chromium: CVE-2022-0808 Use after free in Chrome OS Shell

CVE-2022-0808

No No

Chromium: CVE-2022-0809 Out of bounds memory access in WebXR

CVE-2022-0809

No No

HEIF Image Extensions Remote Code Execution Vulnerability

CVE-2022-24457

No No Less Likely Less Likely Important 7.8 6.8

HEVC Video Extensions Remote Code Execution Vulnerability

CVE-2022-23301

No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-22006 No No Less Likely Less Likely Critical 7.8

6.8

CVE-2022-22007

No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-24452 No No Less Likely Less Likely Important 7.8

6.8

CVE-2022-24453

No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-24456 No No Less Likely Less Likely Important 7.8

6.8

Media Foundation Information Disclosure Vulnerability

CVE-2022-21977 No No Less Likely Less Likely Important 3.3

2.9

CVE-2022-22010

No No Less Likely Less Likely Important 4.4 3.9

Microsoft Defender for Endpoint Spoofing Vulnerability

CVE-2022-23278

No No Less Likely Less Likely Important 5.9 5.2

Microsoft Defender for IoT Elevation of Privilege Vulnerability

CVE-2022-23266

No No Less Likely Less Likely Important 7.8 6.8

Microsoft Defender for IoT Remote Code Execution Vulnerability

CVE-2022-23265

No No Less Likely Less Likely Important 7.2 6.7

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2022-23277

No No More Likely More Likely Critical 8.8 7.7

Microsoft Exchange Server Spoofing Vulnerability

CVE-2022-24463

No No Less Likely Less Likely Important 5.5 4.8

Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability

CVE-2022-24465

No No Less Likely Less Likely Important 5.5 4.8

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2022-24509

No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-24461 No No Less Likely Less Likely Important 7.8

6.8

CVE-2022-24510

No No Less Likely Less Likely Important 7.8 6.8

Microsoft Office Word Tampering Vulnerability

CVE-2022-24511

No No Less Likely Less Likely Important 5.5 4.8

Microsoft Word Security Feature Bypass Vulnerability

CVE-2022-24462

No No Less Likely Less Likely Important 5.5 4.8

Paint 3D Remote Code Execution Vulnerability

CVE-2022-23282

No No Less Likely Less Likely Important 7.8 6.8

Point-to-Point Tunneling Protocol Denial of Service Vulnerability

CVE-2022-23253

No No More Likely More Likely Important 6.5 5.7

Raw Image Extension Remote Code Execution Vulnerability

CVE-2022-23295

No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-23300 No No Unlikely Unlikely Important 7.8

6.8

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2022-21990 Yes No More Likely More Likely Important 8.8

7.9

CVE-2022-23285

No No More Likely More Likely Important 8.8 7.7

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2022-24503

No No Less Likely Less Likely Important 5.4 4.7

Skype Extension for Chrome Information Disclosure Vulnerability

CVE-2022-24522

No No Less Likely Less Likely Important 7.5 6.5

Tablet Windows User Interface Application Elevation of Privilege Vulnerability

CVE-2022-24460

No No Less Likely Less Likely Important 7.0 6.1

VP9 Video Extensions Remote Code Execution Vulnerability

CVE-2022-24451

No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-24501 No No Less Likely Less Likely Critical 7.8

6.8

Visual Studio Code Spoofing Vulnerability

CVE-2022-24526 No No Less Likely Less Likely Important 6.1

5.3

Windows ALPC Elevation of Privilege Vulnerability

CVE-2022-23283 No No Less Likely Less Likely Important 7.0

6.1

CVE-2022-23287

No No Less Likely Less Likely Important 7.0 6.1
CVE-2022-24505 No No Less Likely Less Likely Important 7.0

6.1

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2022-24507 No No More Likely More Likely Important 7.8

6.8

Windows CD-ROM Driver Elevation of Privilege Vulnerability

CVE-2022-24455 No No Less Likely Less Likely Important 7.8

6.8

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2022-23286 No No More Likely More Likely Important 7.0

6.1

Windows Common Log File System Driver Information Disclosure Vulnerability

CVE-2022-23281 No No Less Likely Less Likely Important 5.5

4.8

Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2022-23291 No No Less Likely Less Likely Important 7.8

6.8

CVE-2022-23288

No No Less Likely Less Likely Important 7.0 6.1

Windows Event Tracing Remote Code Execution Vulnerability

CVE-2022-23294

No No More Likely More Likely Important 8.8 7.7

Windows Fast FAT File System Driver Elevation of Privilege Vulnerability

CVE-2022-23293

No No Less Likely Less Likely Important 7.8 6.8

Windows Fax and Scan Service Elevation of Privilege Vulnerability

CVE-2022-24459

Yes No Less Likely Less Likely Important 7.8 7.0

Windows HTML Platforms Security Feature Bypass Vulnerability

CVE-2022-24502

No No More Likely More Likely Important 4.3 3.9

Windows Hyper-V Denial of Service Vulnerability

CVE-2022-21975

No No Less Likely Less Likely Important 4.7 4.1

Windows Inking COM Elevation of Privilege Vulnerability

CVE-2022-23290

No No Less Likely Less Likely Important 7.8 6.8

Windows Installer Elevation of Privilege Vulnerability

CVE-2022-23296

No No Less Likely Less Likely Important 7.8 6.8

Windows Media Center Update Denial of Service Vulnerability

CVE-2022-21973

No No Less Likely Less Likely Important 5.5 4.8

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability

CVE-2022-23297

No No Less Likely Less Likely Important 5.5 4.8

Windows NT OS Kernel Elevation of Privilege Vulnerability

CVE-2022-23298

No No Less Likely Less Likely Important 7.0 6.1

Windows PDEV Elevation of Privilege Vulnerability

CVE-2022-23299

No No More Likely More Likely Important 7.8 6.8

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2022-23284

No No Less Likely Less Likely Important 7.2 6.5

Windows SMBv3 Client/Server Remote Code Execution Vulnerability

CVE-2022-24508

No No More Likely More Likely Important 8.8 7.7

Windows Security Support Provider Interface Elevation of Privilege Vulnerability

CVE-2022-24454

No No Less Likely Less Likely Important 7.8 6.8

Windows Update Stack Elevation of Privilege Vulnerability

CVE-2022-24525

No No Less Likely Less Likely Important 7.0 6.1

Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability

CVE-2022-21967

No No Less Likely Less Likely Important 7.0

6.1