Microsoft March 2022 Patch Tuesday updates fix 89 vulnerabilities

Pierluigi Paganini March 09, 2022

Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including 3 zero-days.

Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including Microsoft Windows components, Azure and Azure DevOps, Azure Sphere, Internet Explorer and Edge (EdgeHTML), Exchange Server, Office and Office Services and Web Apps, SharePoint Server, Visual Studio, and Windows Hyper-V.

The update includes fixes for 7 flaws in MS Exchange and 21 Microsoft Edge vulnerabilities. 14 vulnerabilities have been rated as Critical and 75 are listed as Important in severity. Two of these vulnerabilities are listed as publicly known while five are actively exploited.

Three flaws addressed by the Microsoft March 2022 Patch Tuesday security updates are zero-day issues, and for two of them, CVE-2022-21990 and CVE-2022-24459, public exploits are available.

CVE-2022-21990 – Remote Desktop Client Remote Code Execution Vulnerability
CVE-2022-24459 – Windows Fax and Scan Service Elevation of Privilege Vulnerability
CVE-2022-24512 – .NET and Visual Studio Remote Code Execution Vulnerability

None of the above zero-day have been exploited in attacks.

The most severe flaws fixed by the IT giant are:

CVE-2021-26867 – Windows Hyper-V Remote Code Execution Vulnerability (CVSS 9.9)
CVE-2021-26897 – Windows DNS Server Remote Code Execution Vulnerability (CVSS 9.8)
CVE-2021-27080 – Azure Sphere Unsigned Code Execution Vulnerability (CVSS 9.3)

Below is the complete list of vulnerabilities addressed by Microsoft:

Tag	CVE ID	CVE Title	Severity
.NET and Visual Studio	CVE-2022-24512	.NET and Visual Studio Remote Code Execution Vulnerability	Important
.NET and Visual Studio	CVE-2022-24464	.NET and Visual Studio Denial of Service Vulnerability	Important
.NET and Visual Studio	CVE-2020-8927	Brotli Library Buffer Overflow Vulnerability	Important
Azure Site Recovery	CVE-2022-24506	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-24517	Azure Site Recovery Remote Code Execution Vulnerability	Important
Azure Site Recovery	CVE-2022-24470	Azure Site Recovery Remote Code Execution Vulnerability	Important
Azure Site Recovery	CVE-2022-24471	Azure Site Recovery Remote Code Execution Vulnerability	Important
Azure Site Recovery	CVE-2022-24520	Azure Site Recovery Remote Code Execution Vulnerability	Important
Azure Site Recovery	CVE-2022-24518	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-24519	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-24515	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Azure Site Recovery	CVE-2022-24467	Azure Site Recovery Remote Code Execution Vulnerability	Important
Azure Site Recovery	CVE-2022-24468	Azure Site Recovery Remote Code Execution Vulnerability	Important
Azure Site Recovery	CVE-2022-24469	Azure Site Recovery Elevation of Privilege Vulnerability	Important
Microsoft Defender for Endpoint	CVE-2022-23278	Microsoft Defender for Endpoint Spoofing Vulnerability	Important
Microsoft Defender for IoT	CVE-2022-23265	Microsoft Defender for IoT Remote Code Execution Vulnerability	Important
Microsoft Defender for IoT	CVE-2022-23266	Microsoft Defender for IoT Elevation of Privilege Vulnerability	Important
Microsoft Edge (Chromium-based)	CVE-2022-0790	Chromium: CVE-2022-0790 Use after free in Cast UI	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0789	Chromium: CVE-2022-0789 Heap buffer overflow in ANGLE	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0809	Chromium: CVE-2022-0809 Out of bounds memory access in WebXR	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0791	Chromium: CVE-2022-0791 Use after free in Omnibox	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0803	Chromium: CVE-2022-0803 Inappropriate implementation in Permissions	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0804	Chromium: CVE-2022-0804 Inappropriate implementation in Full screen mode	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0801	Chromium: CVE-2022-0801 Inappropriate implementation in HTML parser	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0802	Chromium: CVE-2022-0802 Inappropriate implementation in Full screen mode	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0807	Chromium: CVE-2022-0807 Inappropriate implementation in Autofill	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0808	Chromium: CVE-2022-0808 Use after free in Chrome OS Shell	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0805	Chromium: CVE-2022-0805 Use after free in Browser Switcher	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0806	Chromium: CVE-2022-0806 Data leak in Canvas	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0800	Chromium: CVE-2022-0800 Heap buffer overflow in Cast UI	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0794	Chromium: CVE-2022-0794 Use after free in WebShare	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0795	Chromium: CVE-2022-0795 Type Confusion in Blink Layout	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0792	Chromium: CVE-2022-0792 Out of bounds read in ANGLE	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0793	Chromium: CVE-2022-0793 Use after free in Views	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0796	Chromium: CVE-2022-0796 Use after free in Media	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0798	Chromium: CVE-2022-0798 Use after free in MediaStream	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0797	Chromium: CVE-2022-0797 Out of bounds memory access in Mojo	Unknown
Microsoft Edge (Chromium-based)	CVE-2022-0799	Chromium: CVE-2022-0799 Insufficient policy enforcement in Installer	Unknown
Microsoft Exchange Server	CVE-2022-23277	Microsoft Exchange Server Remote Code Execution Vulnerability	Critical
Microsoft Exchange Server	CVE-2022-24463	Microsoft Exchange Server Spoofing Vulnerability	Important
Microsoft Intune	CVE-2022-24465	Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability	Important
Microsoft Office Visio	CVE-2022-24510	Microsoft Office Visio Remote Code Execution Vulnerability	Important
Microsoft Office Visio	CVE-2022-24509	Microsoft Office Visio Remote Code Execution Vulnerability	Important
Microsoft Office Visio	CVE-2022-24461	Microsoft Office Visio Remote Code Execution Vulnerability	Important
Microsoft Office Word	CVE-2022-24462	Microsoft Word Security Feature Bypass Vulnerability	Important
Microsoft Office Word	CVE-2022-24511	Microsoft Office Word Tampering Vulnerability	Important
Microsoft Windows ALPC	CVE-2022-23287	Windows ALPC Elevation of Privilege Vulnerability	Important
Microsoft Windows ALPC	CVE-2022-24505	Windows ALPC Elevation of Privilege Vulnerability	Important
Microsoft Windows ALPC	CVE-2022-23283	Windows ALPC Elevation of Privilege Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-24451	VP9 Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-22007	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-22006	HEVC Video Extensions Remote Code Execution Vulnerability	Critical
Microsoft Windows Codecs Library	CVE-2022-24452	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-24453	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-24501	VP9 Video Extensions Remote Code Execution Vulnerability	Critical
Microsoft Windows Codecs Library	CVE-2022-24457	HEIF Image Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-24456	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-22010	Media Foundation Information Disclosure Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-21977	Media Foundation Information Disclosure Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-23295	Raw Image Extension Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-23300	Raw Image Extension Remote Code Execution Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2022-23301	HEVC Video Extensions Remote Code Execution Vulnerability	Important
Paint 3D	CVE-2022-23282	Paint 3D Remote Code Execution Vulnerability	Important
Role: Windows Hyper-V	CVE-2022-21975	Windows Hyper-V Denial of Service Vulnerability	Important
Skype Extension for Chrome	CVE-2022-24522	Skype Extension for Chrome Information Disclosure Vulnerability	Important
Tablet Windows User Interface	CVE-2022-24460	Tablet Windows User Interface Application Elevation of Privilege Vulnerability	Important
Visual Studio Code	CVE-2022-24526	Visual Studio Code Spoofing Vulnerability	Important
Windows Ancillary Function Driver for WinSock	CVE-2022-24507	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Important
Windows CD-ROM Driver	CVE-2022-24455	Windows CD-ROM Driver Elevation of Privilege Vulnerability	Important
Windows Cloud Files Mini Filter Driver	CVE-2022-23286	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Important
Windows COM	CVE-2022-23290	Windows Inking COM Elevation of Privilege Vulnerability	Important
Windows Common Log File System Driver	CVE-2022-23281	Windows Common Log File System Driver Information Disclosure Vulnerability	Important
Windows DWM Core Library	CVE-2022-23291	Windows DWM Core Library Elevation of Privilege Vulnerability	Important
Windows DWM Core Library	CVE-2022-23288	Windows DWM Core Library Elevation of Privilege Vulnerability	Important
Windows Event Tracing	CVE-2022-23294	Windows Event Tracing Remote Code Execution Vulnerability	Important
Windows Fastfat Driver	CVE-2022-23293	Windows Fast FAT File System Driver Elevation of Privilege Vulnerability	Important
Windows Fax and Scan Service	CVE-2022-24459	Windows Fax and Scan Service Elevation of Privilege Vulnerability	Important
Windows HTML Platform	CVE-2022-24502	Windows HTML Platforms Security Feature Bypass Vulnerability	Important
Windows Installer	CVE-2022-23296	Windows Installer Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2022-23297	Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2022-23298	Windows NT OS Kernel Elevation of Privilege Vulnerability	Important
Windows Media	CVE-2022-21973	Windows Media Center Update Denial of Service Vulnerability	Important
Windows PDEV	CVE-2022-23299	Windows PDEV Elevation of Privilege Vulnerability	Important
Windows Point-to-Point Tunneling Protocol	CVE-2022-23253	Point-to-Point Tunneling Protocol Denial of Service Vulnerability	Important
Windows Print Spooler Components	CVE-2022-23284	Windows Print Spooler Elevation of Privilege Vulnerability	Important
Windows Remote Desktop	CVE-2022-21990	Remote Desktop Client Remote Code Execution Vulnerability	Important
Windows Remote Desktop	CVE-2022-23285	Remote Desktop Client Remote Code Execution Vulnerability	Important
Windows Remote Desktop	CVE-2022-24503	Remote Desktop Protocol Client Information Disclosure Vulnerability	Important
Windows Security Support Provider Interface	CVE-2022-24454	Windows Security Support Provider Interface Elevation of Privilege Vulnerability	Important
Windows SMB Server	CVE-2022-24508	Windows SMBv3 Client/Server Remote Code Execution Vulnerability	Important
Windows Update Stack	CVE-2022-24525	Windows Update Stack Elevation of Privilege Vulnerability	Important
XBox	CVE-2022-21967	Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability	Important

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft March 2022 Patch Tuesday)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini July 27, 2025

Allianz Life data breach exposed the data of most of its 1.4M customers

Pierluigi Paganini July 27, 2025