Today’s VERT Alert addresses Microsoft’s March 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-989 on Wednesday, March 9th.

In-The-Wild & Disclosed CVEs

CVE-2022-21990

CVE-2022-21990 describes a code execution vulnerability within Remote Desktop Client. The vulnerability requires that a malicious actor control the Remote Desktop Server to which the client has connected. Upon connecting to the malicious server, code is executed on the client system. While Microsoft has said that exploitation is more likely, the fact that an attacker must control a malicious server and that the user must willingly connect to it will mitigate the risk presented by this vulnerability.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.

CVE-2022-24459

A local privilege escalation vulnerability exists within the Windows Fax and Scan Service that could allow privilege escalation on all supported versions of Windows. In order to exploit this vulnerability, an attacker would need to already have authenticated access to the system. Unfortunately, not a lot of details are available to help us determine exactly where the vulnerability exists.  

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE-2022-24512

This is an interesting vulnerability when you read everything that Microsoft has written about it. The confidentiality, integrity, and availability aspects of the CVSS score are set to low with Microsoft stating that the ability to exploit the vulnerability is limited because it must be used in combination with other vulnerabilities. Additionally, a user must perform an action to trigger the payload. The fact that this requires the user to take action and that other vulnerabilities be used is interesting when paired with the fact that Microsoft listed Privileges Required as None.  The multitude (Read more...)