From thehackernews.com
Microsoft’s Patch Tuesday update for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others.
Of the total 71 patches, three are rated Critical and 68 are rated Important in severity. While none of the vulnerabilities are listed as actively exploited, three of them are publicly known at the time of release.
It’s worth pointing out that Microsoft separately addressed 21 flaws in the Chromium-based Microsoft Edge browser earlier this month.
All the three critical vulnerabilities remediated this month are remote code execution flaws impacting HEVC Video Extensions (CVE-2022-22006), Microsoft Exchange Server (CVE-2022-23277), and VP9 Video Extensions (CVE-2022-24501).
The Microsoft Exchange Server vulnerability, which was reported by researcher Markus Wulftange, is also noteworthy for the fact that it requires the attacker to be authenticated to be able to exploit the server.