On Patch Tuesday, Microsoft released its March 2022 update. The patch covers 71 known vulnerabilities, including concerns such as elevation of privilege, denial of service, and spoofing. Additionally, the company patched 21 Chromium flaws in Microsoft Edge.
Patching security flaws is always critical, and you should install all patches to protect yourself from any issues that Microsoft has found.
Three problems have been found by Microsoft as potentially more serious than the others:
These three entries are classified as zero-day vulnerabilities, which means that the flaws have already been publicly identified as known threats. Unlike the other flaws that Microsoft patched, these vulnerabilities were known to everyone who was paying attention, which means that bad actors might have exploited them.
While Microsoft claims that none of the vulnerabilities have been actively exploited, it has acknowledged that proof-of-concept exploits for CVE-2022-21990 and CVE-2022-24459 have been developed.
According to Allan Liska of Recorded Future, Microsoft classified CVE-2022-21990 as "Exploitation More Likely" because Proof of Concept code is publicly available.
"In order to exploit this vulnerability, the attacker must control the Remote Desktop Server that the client is connected to and launch the attack from there," Liska said.
"We have seen a number of similar vulnerabilities against the Remote Desktop Client over the last few years, none of which have been widely exploited in the wild. Even though previous vulnerabilities of this type have not been widely exploited, that doesn't mean this one won't be."
According to Bleeping Computer, Microsoft believes the following two vulnerabilities will be exploited in the near future:
Security patches are a two-edged sword (weighing heavily, of course, on the side of good). On the one hand, Microsoft is fixing security flaws that could be used against you in theory. On the other hand, now that all bugs are out in the open and have been patched, bad actors may examine them more closely and devise ways to harm users who haven't yet updated.
Therefore it's critical that you update your computer as soon as possible.
Windows may just notify you that an update is available and begin installing it on its own. If not, you'll have to manually check for an update to get things flowing again.
To do so, head to Start > Settings > Update & Security > Windows Update (Windows 10) or Start > Settings > Windows Update (Windows 11). Windows may now take a few moments to check for any available updates. If a patch is available, it will be displayed here. Then, simply follow the on-screen instructions to download and install the update on your computer.
