Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Vulnerabilities
  • Tripwire Patch Priority Index for March 2022
  • Vulnerabilities

Tripwire Patch Priority Index for March 2022

4 years ago Lane Thames
Tripwire Patch Priority Index for May 2021

Tripwire’s March 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, and Spring Framework.

First on the patch priority list this month is a remote code execution vulnerability in the Spring Framework (CVE-2022-22965). This vulnerability has been added to the Metasploit Exploit Framework and any vulnerable systems should be patched as soon as possible. See the following link for more details: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

Next is a patch for Google Chrome that resolves a use after free vulnerability. This vulnerability has been targeted by two threat groups referred to as Operation AppleJeus and Operation Dream Job who are using exploit kits to target this vulnerability. Vulnerable systems should be patched as soon as possible. More details can be found at the following link: https://blog.google/threat-analysis-group/countering-threats-north-korea/

Up next are patches for Microsoft Word and Visio. These patches resolve 5 vulnerabilities including tampering, security feature bypass, and remote code execution vulnerabilities.

Up next are patches for Microsoft Edge (Chromium-base) that resolve over 21 vulnerabilities such as user after free, type confusion, heap buffer overflow, tampering, and elevation of privilege vulnerabilities.

Following Edge are patches that affect components of the Windows operating systems. These patches resolve over 25 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, DWM Core Library, Windows Defender, Fast FAT File System Driver, Media Center, Windows Installer, SMBv3, Remote Desktop, and others.

Up next are patches for Windows Codec Library (HEIF Image Extensions, HEIF Video Extensions, Media Foundation, Raw Image Extension, VP9 Video Extensions) and Paint 3D. These patches resolve 14 vulnerabilities including remote code execution and information disclosure.

Next are patches for the .NET, Visual Studio, and Visual Studio Code that resolve denial of service, remote code execution, buffer overflow, and spoofing vulnerabilities.

Lastly, administrators should focus on server-side patches for Hyper-V and Exchange Server. These patches resolve remote code execution, spoofing, and denial of service vulnerabilities.

BULLETIN CVE
Exploit Framework – Metasploit CVE-2022-22965
Google Chrome CVE-2022-0609
Microsoft Office Word CVE-2022-24511, CVE-2022-24462
Microsoft Office Visio CVE-2022-24510, CVE-2022-24509, CVE-2022-24461
Microsoft Edge (Chromium-based) CVE-2022-0789, CVE-2022-0790, CVE-2022-0791, CVE-2022-0792, CVE-2022-0793, CVE-2022-0794, CVE-2022-0795, CVE-2022-0796, CVE-2022-0797, CVE-2022-0798, CVE-2022-0799, CVE-2022-0800, CVE-2022-0801, CVE-2022-0802, CVE-2022-0803, CVE-2022-0804, CVE-2022-0805, CVE-2022-0806, CVE-2022-0807, CVE-2022-0808, CVE-2022-0809
Microsoft Windows CVE-2022-23293, CVE-2022-24460, CVE-2022-21973, CVE-2022-23296, CVE-2022-23281, CVE-2022-23290, CVE-2022-24454, CVE-2022-24507, CVE-2022-23294, CVE-2022-24508, CVE-2022-23297, CVE-2022-23298, CVE-2022-23291, CVE-2022-23288, CVE-2022-23253, CVE-2022-23285, CVE-2022-21990, CVE-2022-24503, CVE-2022-24455, CVE-2022-24525, CVE-2022-23284, CVE-2022-23299, CVE-2022-24502, CVE-2022-24505, CVE-2022-23283, CVE-2022-23287, CVE-2022-23286, CVE-2022-24459, CVE-2022-23278
Microsoft Windows Codecs Library CVE-2022-24457, CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24456, CVE-2022-24453, CVE-2022-24452, CVE-2022-22010, CVE-2022-21977, CVE-2022-23300, CVE-2022-23295, CVE-2022-24451, CVE-2022-24501
Paint 3D CVE-2022-23282
NET, Visual Studio, Visual Studio Code CVE-2022-24464, CVE-2022-24512, CVE-2020-8927, CVE-2022-24526
Microsoft Exchange Server CVE-2022-23277, CVE-2022-24463
Role: Windows Hyper-V CVE-2022-21975

The post ” Tripwire Patch Priority Index for March 2022″ appeared first on TripWire

Source:TripWire – Lane Thames

Tags: Exploit, Google, Google Chrome, Microsoft, TripWire, Vulnerability

Continue Reading

Previous Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems
Next Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022

More Stories

  • Cyber Attacks
  • Vulnerabilities

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

17 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

20 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Vulnerabilities

The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority

21 hours ago [email protected] (The Hacker News)
  • Data Breach
  • Vulnerabilities

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

2 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Vulnerabilities

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

4 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Vulnerabilities

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

4 days ago [email protected] (The Hacker News)

Recent Posts

  • Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
  • Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
  • Android Developer Verification Rollout Begins Ahead of September Enforcement
  • TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
  • Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT