Whan was the last time you updated your browser? It’s important to keep it up to date to protect against malware, phishing attacks, viruses and more. Google recently updated Chrome to patch a zero-day flaw used to launch cyberattacks. Tap or click for details and instructions for updating Chrome. Patch Tuesday is a common practice among tech companies in which they accumulate updates then release them on the second Tuesday of every month. Keep reading for details on Microsoft’s Patch Tuesday update for March and how to get it now.
Patch Tuesday for March 2022
Microsoft just released its March updates, including three zero-day and 71 vulnerability fixes. This is up from February’s list of 48 flaws, which was down from January. The fixes for this month address Remote Code Execution, Elevation of Privilege and Denial of Service.
Zero-day fixes
Microsoft describes a zero-day vulnerability as “a flaw in software for which no official patch or security update has been released.” The tech giant revealed fixes for three of these publicly disclosed flaws today:
CVE-2022-21990 – Remote Desktop Client Remote Code Execution Vulnerability. While this flaw has not been used in any known attacks, Microsoft notes that an attacker can easily create code to exploit it. CVE-2022-24512 – .NET and Visual Studio Remote Code Execution Vulnerability. This vulnerability has not been used in any attacks. Microsoft notes that while exploit code could be created, it would be quite difficult for the attacker. CVE-2022-24459 – Windows Fax and Scan Service Elevation of Privilege Vulnerability. This vulnerability has not been used in any attacks. Microsoft notes that while exploit code could be created, it would be quite difficult for the attacker.
Critical flaws
Three fixes were revealed for vulnerabilities labeled as critical:
CVE-2022-22006 – HEVC Video Extensions Remote Code Execution Vulnerability. This vulnerability has not been used in any attacks. Microsoft notes that while exploit code could be created, it would be quite difficult for the attacker. CVE-2022-23277 – Microsoft Exchange Server Remote Code Execution Vulnerability. While this vulnerability has not been used in any attacks, Microsoft notes that code can be created by an attacker to consistently exploit this vulnerability. CVE-2022-24501 – VP9 Video Extensions Remote Code Execution Vulnerability. This vulnerability has not been used in any attacks. Microsoft notes that while exploit code could be created, it would be quite difficult for the attacker.
Other vulnerabilities that are more likely to be exploited include CVE-2022-23277 — Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2022-23286 — Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability and CVE-2022-24508 — Windows SMBv3 Client/Server Remote Code Execution Vulnerability.
Update your Windows PC now
Updating Windows gets you the latest fixes and security improvements, helping your device run more efficiently while staying protected. To update Windows 10:
Go to Start > Settings > Update & Security > Windows Update. Then select Check for updates. If an update is available, select Download and install now.
To update Windows 11:
Go to Start > Settings > Windows Update > Check for updates. If an update is available, select Download and install now.
Keep reading
Can’t find the Start menu after the latest Windows update? You’re not alone Update your iPhone and iPad now to patch a major security flaw
