March 2022 Patch Tuesday: Microsoft fixes RCEs in RDP client, Exchange Server

The flaw would allow an authenticated attacker to use a network call to execute their code with elevated privileges. This is also categorised as low complexity, with exploitation more likely, thus despite the authentication requirement, I wouldn’t be surprised to see this flaw exploited in the wild soon. Child’s viewpoints.

Because of their effect, CVE-2022-22006 and CVE-2022-24501, two RCEs in the HEVC and VP9 Video Extensions (respectively), may be critical, but the updates for the apps are pushed out automatically by the Microsoft Store, so customers don’t have to bother about patching them — if the Microsoft Store’s automatic updates haven’t been disabled.

March 2022 Patch Tuesday: Microsoft fixes RCEs in RDP client, Exchange Server

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

March 2022 Patch Tuesday: Microsoft fixes RCEs in RDP client, Exchange Server

08-Mar-22

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address