Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hiveproHive ProHIVEPRO:A5B7D647C96534217BDBB923076B548D
HistoryMar 09, 2022 - 2:14 p.m.

Microsoft addressed three zero-day vulnerabilities March 2022 Patch Tuesday Update

2022-03-0914:14:19
Hive Pro
www.hivepro.com
41
microsoft
zero-day vulnerabilities
patch tuesday update
critical
remote code execution
privilege escalation
potential attacks

EPSS

0.093

Percentile

94.8%

JSON

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 71 the following vulnerabilities in their March 2022 Patch Tuesday Update. This advisory briefs about six vulnerabilities out of which three of them have been rated critical in severity and three of them are zero-days. Microsoft Patch Tuesday comprise of the following vulnerabilities: • 29 Remote Code Execution Vulnerabilities • 25 Elevation of Privilege Vulnerabilities • 6 Information Disclosure Vulnerabilities • 4 Denial of Service Vulnerabilities • 3 Security Feature Bypass Vulnerabilities • 3 Spoofing Vulnerabilities • 1 Tampering Vulnerability The three critical vulnerabilities are remote code execution bugs affecting Microsoft Exchange Server (CVE-2022-23277), HEVC Video Extensions (CVE-2022-22006), and VP9 Video Extensions (CVE-2022-24501). In addition to this, two out of the three zero-days are remote code execution (CVE-2022-24512 CVE-2022-21990) and one of them is a privilege escalation (CVE-2022-24459). A zero-day vulnerability, CVE-2022-21990 has been labeled as "Exploitation More Likely“ by Microsoft as a proof-of-concept (PoC) exploit is publicly available. All these vulnerabilities have been patched by Microsoft and we advise all organizations to apply patches for the same to avoid potential attacks. Potential Mitre ATT&CK TTPs are : TA0001: Initial Access TA0002: Execution TA0004: Privilege Escalation T1190: Exploit Public-Facing Application T1203: Exploitation of Client Execution T1068: Exploitation for Privilege Escalation Vulnerability Detail Patch Link https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21990 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24459 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22006 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24501 References https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar https://www.cisa.gov/uscert/ncas/current-activity/2022/03/08/microsoft-releases-march-2022-security-updates https://msrc.microsoft.com/update-guide/en-us

Related

thn 1
malwarebytes 1
krebs 1
threatpost 1
hivepro 1
avleonov 1
cvelist 6
mscve 6
nvd 6
prion 6
cve 6
mskb 18
checkpoint_advisories 2
qualysblog 1
osv 10
cnvd 1
veracode 1
redhatcve 1
github 1
kaspersky 4
metasploit 1
nessus 34
githubexploit 1
zdt 1
packetstorm 1
redhat 6
fedora 6
altlinux 7
almalinux 3
openvas 12
rocky 6
oraclelinux 3
rapid7blog 2
ibm 1
photon 2
thn
thn
Critical Security Patches Issued by Microsoft, Adobe and Other Major Software Firms
2022-03-09 05:44:00
malwarebytes
malwarebytes
Update now! Microsoft patches three zero-day vulnerabilities on Patch Tuesday
2022-03-09 19:51:59
krebs
krebs
Microsoft Patch Tuesday, March 2022 Edition
2022-03-09 16:22:12
threatpost
threatpost
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
2022-03-08 21:42:06
hivepro
hivepro
Weekly Threat Digest: 7 – 13 March 2022
2022-03-14 16:24:44
avleonov
avleonov
Microsoft Patch Tuesday March 2022
2022-03-14 17:33:28
cvelist
cvelist
CVE-2022-24501 VP9 Video Extensions Remote Code Execution Vulnerability
2022-03-09 17:07:56
CVE-2022-21990 Remote Desktop Client Remote Code Execution Vulnerability
2022-03-09 17:06:44
CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability
2022-03-09 17:06:55
mscve
mscve
VP9 Video Extensions Remote Code Execution Vulnerability
2022-03-08 08:00:00
Windows Fax and Scan Service Elevation of Privilege Vulnerability
2022-03-08 08:00:00
Microsoft Exchange Server Remote Code Execution Vulnerability
2022-03-08 08:00:00
nvd
nvd
CVE-2022-21990
2022-03-09 17:15:10
CVE-2022-24501
2022-03-09 17:15:14
CVE-2022-23277
2022-03-09 17:15:11
prion
prion
Remote code execution
2022-03-09 17:15:00
Remote code execution
2022-03-09 17:15:00
Privilege escalation
2022-03-09 17:15:00
cve
cve
CVE-2022-24501
2022-03-09 17:15:14
CVE-2022-23277
2022-03-09 17:15:11
CVE-2022-24459
2022-03-09 17:15:13
mskb
mskb
Description of the security update for Microsoft Exchange Server 2013: March 8, 2022 (KB5010324)
2022-03-08 08:00:00
Description of the security update for Microsoft Exchange Server 2019 and 2016: March 8, 2022 (KB5012698)
2022-03-08 08:00:00
March 8, 2022—KB5011525 (Security-only update)
2022-03-08 08:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Exchange Server Remote Code Execution (CVE-2022-23277)
2022-11-06 00:00:00
Microsoft Remote Desktop Client Remote Code Execution (CVE-2022-21990)
2022-03-08 00:00:00
qualysblog
qualysblog
March 2022 Patch Tuesday: Microsoft Releases 92 Vulnerabilities with 3 Critical; Adobe Releases 3 Advisories, 6 Vulnerabilities with 5 Critical.
2022-03-08 22:20:59
osv
osv
BIT-dotnet-sdk-2022-24512
2024-03-06 10:58:30
BIT-dotnet-2022-24512
2024-03-06 10:58:23
.NET Remote Code Execution Vulnerability
2022-10-18 21:46:08
cnvd
cnvd
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59680)
2022-03-10 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-03-22 00:35:17
redhatcve
redhatcve
CVE-2022-24512
2022-03-08 18:41:27
github
github
.NET Remote Code Execution Vulnerability
2022-10-18 21:46:08
kaspersky
kaspersky
KLA12478 Multiple vulnerabilities in Microsoft Exchange Server
2022-03-08 00:00:00
KLA12474 Multiple vulnerabilities in Microsoft Developer Tools
2022-03-08 00:00:00
KLA12479 Multiple vulnerabilities in Microsoft Products (ESU)
2022-03-08 00:00:00
metasploit
metasploit
Microsoft Exchange Server ChainedSerializationBinder RCE
2022-08-09 17:32:09
nessus
nessus
Security Updates for Exchange (March 2022)
2022-03-10 00:00:00
Microsoft Windows VP9 Video Extensions Library Multiple Vulnerabilities (March 2022)
2022-03-08 00:00:00
Remote Desktop client for Windows Multiple Vulnerabilities (March 2022)
2022-03-09 00:00:00
githubexploit
githubexploit
Exploit for CVE-2022-23277
2022-10-13 13:35:18
zdt
zdt
Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution Exploit
2022-08-22 00:00:00
packetstorm
packetstorm
Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution
2022-08-22 00:00:00
redhat
redhat
(RHSA-2022:0826) Important: .NET 6.0 security and bugfix update
2022-03-10 14:43:46
(RHSA-2022:0832) Important: .NET 6.0 on RHEL 7 security and bugfix update
2022-03-10 14:48:50
(RHSA-2022:0830) Important: .NET 5.0 security and bugfix update
2022-03-10 14:46:56
fedora
fedora
[SECURITY] Fedora 35 Update: dotnet6.0-6.0.103-1.fc35
2022-03-22 03:44:27
[SECURITY] Fedora 34 Update: dotnet6.0-6.0.103-1.fc34
2022-03-22 03:19:51
[SECURITY] Fedora 36 Update: dotnet6.0-6.0.103-1.fc36
2022-03-26 15:51:44
altlinux
altlinux
Security fix for the ALT Linux 10 package dotnet-bootstrap-7.0 version 6.0.3-alt1
2022-04-02 00:00:00
Security fix for the ALT Linux 10 package dotnet-runtime-7.0 version 6.0.3-alt1
2022-04-02 00:00:00
Security fix for the ALT Linux 10 package dotnet-bootstrap-6.0 version 6.0.3-alt1
2022-08-10 00:00:00
almalinux
almalinux
Important: .NET 6.0 security and bugfix update
2022-03-10 14:43:46
Important: .NET 5.0 security and bugfix update
2022-03-10 14:46:56
Important: .NET Core 3.1 security and bugfix update
2022-03-10 14:44:29
openvas
openvas
Fedora: Security Advisory for dotnet6.0 (FEDORA-2022-5f97af4511)
2022-03-27 00:00:00
Fedora: Security Advisory for dotnet6.0 (FEDORA-2022-61d4028014)
2022-03-23 00:00:00
Fedora: Security Advisory for dotnet6.0 (FEDORA-2022-3b24db8072)
2022-03-23 00:00:00
rocky
rocky
.NET 5.0 security and bugfix update
2022-03-11 02:19:05
.NET 6.0 security and bugfix update
2022-03-11 02:21:15
.NET Core 3.1 security and bugfix update
2022-03-11 02:20:26
oraclelinux
oraclelinux
.NET 6.0 security and bugfix update
2022-03-11 00:00:00
.NET 5.0 security and bugfix update
2022-03-11 00:00:00
.NET Core 3.1 security and bugfix update
2022-03-11 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2022-08-26 21:47:13
Patch Tuesday - March 2022
2022-03-08 21:08:35
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
2022-08-20 18:29:33
photon
photon
Important Photon OS Security Update - PHSA-2022-4.0-0279
2022-11-10 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0488
2022-11-16 00:00:00

EPSS

0.093

Percentile

94.8%

JSON
Related for HIVEPRO:A5B7D647C96534217BDBB923076B548D
thn1malwarebytes1krebs1threatpost1hivepro1avleonov1cvelist6mscve6nvd6prion6cve6mskb18checkpoint_advisories2qualysblog1osv10cnvd1veracode1redhatcve1github1kaspersky4metasploit1nessus34githubexploit1zdt1packetstorm1redhat6fedora6altlinux7almalinux3openvas12rocky6oraclelinux3rapid7blog2ibm1photon2