ALERT Microsoft Windows, Windows Server, Remote Desktop Client and Image/Video Extensions: CVSS (Max): CVSS (Max): 8.8

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2022.0062
    Microsoft Patch Tuesday update for Microsoft Windows for March 2022
                               9 March 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Windows
                  Windows Server
                  Image Extension
                  Video Extension
                  Remote Desktop Client
Operating System: Windows
Resolution:       Patch/Upgrade
CVE Names:        CVE-2022-24525 CVE-2022-24508 CVE-2022-24507
                  CVE-2022-24505 CVE-2022-24503 CVE-2022-24502
                  CVE-2022-24501 CVE-2022-24460 CVE-2022-24459
                  CVE-2022-24457 CVE-2022-24456 CVE-2022-24455
                  CVE-2022-24454 CVE-2022-24453 CVE-2022-24452
                  CVE-2022-24451 CVE-2022-23301 CVE-2022-23300
                  CVE-2022-23299 CVE-2022-23298 CVE-2022-23297
                  CVE-2022-23296 CVE-2022-23295 CVE-2022-23294
                  CVE-2022-23293 CVE-2022-23291 CVE-2022-23290
                  CVE-2022-23288 CVE-2022-23287 CVE-2022-23286
                  CVE-2022-23285 CVE-2022-23284 CVE-2022-23283
                  CVE-2022-23281 CVE-2022-23253 CVE-2022-22010
                  CVE-2022-22007 CVE-2022-22006 CVE-2022-21990
                  CVE-2022-21977 CVE-2022-21975 CVE-2022-21973
                  CVE-2022-21967  

Comment: CVSS (Max):  8.8 CVE-2022-24508 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
         CVSS Source: Microsoft
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
         
         Microsoft notes that exploitation of CVE-2022-24508 is more likely to be targeted by threat actors.

OVERVIEW

        Microsoft has released its monthly security patch update for the
        month of March 2022.
        
        This update resolves 43 vulnerabilities across the following
        products: [1]
        
         HEIF Image Extension
         HEVC Video Extension
         HEVC Video Extensions
         Raw Image Extension
         Remote Desktop client
         VP9 Video Extensions
         Windows 10
         Windows 11
         Windows 8.1
         Windows RT 8.1
         Windows Server
         Windows Server 2012
         Windows Server 2012 R2
         Windows Server 2016
         Windows Server 2019
         Windows Server 2022
         Windows Server 2022 Azure Edition Core Hotpatch


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2022-21967  Elevation of Privilege   Important
         CVE-2022-21973  Denial of Service        Important
         CVE-2022-21975  Denial of Service        Important
         CVE-2022-21977  Information Disclosure   Important
         CVE-2022-21990  Remote Code Execution    Important
         CVE-2022-22006  Remote Code Execution    Critical
         CVE-2022-22007  Remote Code Execution    Important
         CVE-2022-22010  Information Disclosure   Important
         CVE-2022-23253  Denial of Service        Important
         CVE-2022-23281  Information Disclosure   Important
         CVE-2022-23283  Elevation of Privilege   Important
         CVE-2022-23284  Elevation of Privilege   Important
         CVE-2022-23285  Remote Code Execution    Important
         CVE-2022-23286  Elevation of Privilege   Important
         CVE-2022-23287  Elevation of Privilege   Important
         CVE-2022-23288  Elevation of Privilege   Important
         CVE-2022-23290  Elevation of Privilege   Important
         CVE-2022-23291  Elevation of Privilege   Important
         CVE-2022-23293  Elevation of Privilege   Important
         CVE-2022-23294  Remote Code Execution    Important
         CVE-2022-23295  Remote Code Execution    Important
         CVE-2022-23296  Elevation of Privilege   Important
         CVE-2022-23297  Information Disclosure   Important
         CVE-2022-23298  Elevation of Privilege   Important
         CVE-2022-23299  Elevation of Privilege   Important
         CVE-2022-23300  Remote Code Execution    Important
         CVE-2022-23301  Remote Code Execution    Important
         CVE-2022-24451  Remote Code Execution    Important
         CVE-2022-24452  Remote Code Execution    Important
         CVE-2022-24453  Remote Code Execution    Important
         CVE-2022-24454  Elevation of Privilege   Important
         CVE-2022-24455  Elevation of Privilege   Important
         CVE-2022-24456  Remote Code Execution    Important
         CVE-2022-24457  Remote Code Execution    Important
         CVE-2022-24459  Elevation of Privilege   Important
         CVE-2022-24460  Elevation of Privilege   Important
         CVE-2022-24501  Remote Code Execution    Critical
         CVE-2022-24502  Security Feature Bypass  Important
         CVE-2022-24503  Information Disclosure   Important
         CVE-2022-24505  Elevation of Privilege   Important
         CVE-2022-24507  Elevation of Privilege   Important
         CVE-2022-24508  Remote Code Execution    Important
         CVE-2022-24525  Elevation of Privilege   Important


MITIGATION

        Microsoft recommends updating the software with the version made
        available on the Microsoft Update Catalogue for the following
        Knowledge Base articles. [1].
        
         KB5010386, KB5011485, KB5011486, KB5011487, KB5011491
         KB5011493, KB5011495, KB5011497, KB5011503, KB5011527
         KB5011535, KB5011560, KB5011564, KB5011580


REFERENCES

        [1] Microsoft Security Update Guidance
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYifzhuNLKJtyKPYoAQhjXg/8D2tdfk81MIm56wDCmdfeAIQaDBUU1SVy
v0KxZ5BrykqNTo5z5h+Lin22WyFzLfljaha36cGmDi/6T/PYEzPKogM6lLsix1V1
fGVSZ9TkhtvyM25qfbEP+COcvhs44K3LG+GZWtMwZmeTNV2skw16rI1HnjedTJ1+
Exmv2ViUmqVUvhCmnBZFeiFP8lIgC2llRY8P4xVtM/e62IaoY+8xF4bpAAmsuqEX
xyyw0FZC8CuyFnStMx0BuOloBgcg3/YKHedFDAw0DCU54COGPV70v1qL7YXQwpFh
G2qAeuelI9ItdmqgRBnHSR7jCfiKyjjIppdiCgOTTBeaiW9wwj+sp9yknxkhjoqM
M4fmvljYwJpmLRN+E0YN7xI85kmTRhcGoErGVUyrTyy9itj6fBOHrTW7D0h1f1LN
WQ3+0vm9BggMszyfPTiUyiy0vc7Oe6fmb4MD9hB4vq/+5BoIXHi4uFb+LcrS/GhP
CSyWyNoUvxfR/bmLIOAkpsxdi+yyxCsdS7ffSIqxqzldcT+iVOOx46PIO59dzhbQ
yJdBECIeNpm6HPHyrRycjH1QxXmC0xqejJg6WsLdLnfjQ9jXJssPVi9XmUxKvsNZ
HnNGbkJxUs7KGs410QZWcIk28LpoGNmvaQghrCK9wtT+hqK2IBuUoQsvk/uPG7fj
8mY638gGnEc=
=ji5s
-----END PGP SIGNATURE-----