CYBERSECURITY PADAWAN

During March’s patching bout, Microsoft has made available fixes for 21 common security and non-security-related vulnerabilities. None of the exploits on the Patch Tuesday March list bore severity scores or impact levels.

Patch Tuesday March 2022 Roundup

As previously stated, all the fixes delivered by Microsoft revolved around common issues. This month’s Patch Tuesday brought several adjustments for the Chromium-based Microsoft Edge such Use-after-free in Omnibox, heap buffer overflow in ANGLE, heap buffer overflow in CAST UI, inappropriate implementation in HTML pages, out of bounds memory access in Mojo, type confusion in Blink layout, data leak in Canvas, out of bounds memory access in WebXR, and more.

March Highlights in Vulnerabilities. List of all Fixes.

Below, you will find the redacted list of all security and non-security-related vulnerabilities that have been addressed by Microsoft during Patch Tuesday March.

CVE Number

Name of Vulnerability

CVE-2022-0809 Chromium: CVE-2022-0809 – Out of bounds memory access in WebXR
CVE-2022-0808 Chromium: CVE-2022-0808 – Use after free in Chrome OS Shell
CVE-2022-0807 Chromium: CVE-2022-0807 -Inappropriate implementation in Autofill
CVE-2022-0806 Chromium: CVE-2022-0806 – Data leak in Canvas
CVE-2022-0805 Chromium: CVE-2022-0805 – Use after free in Browser Switcher
CVE-2022-0804 Chromium: CVE-2022-0804 -Inappropriate implementation in Full screen mode
CVE-2022-0803 Chromium: CVE-2022-0803 -Inappropriate implementation in Permissions
CVE-2022-0802 Chromium: CVE-2022-0802 -Inappropriate implementation in Full screen mode
CVE-2022-0801 Chromium: CVE-2022-0801 -Inappropriate implementation in HTML parser
CVE-2022-0800 Chromium: CVE-2022-0800 – Heap buffer overflow in Cast UI
CVE-2022-0799 Chromium: CVE-2022-0799 – Insufficient policy enforcement in Installer
CVE-2022-0798 Chromium: CVE-2022-0798 – Use after free in MediaStream
CVE-2022-0797 Chromium: CVE-2022-0797 – Out of bounds memory access in Mojo
CVE-2022-0796 Chromium: CVE-2022-0796 – Use after free in Media
CVE-2022-0795 Chromium: CVE-2022-0795 – Type Confusion in Blink Layout
CVE-2022-0794 Chromium: CVE-2022-0794 – Use after free in WebShare
CVE-2022-0793 Chromium: CVE-2022-0793 – Use after free in Views
CVE-2022-0792 Chromium: CVE-2022-0792 – Out of bounds read in ANGLE
CVE-2022-0791 Chromium: CVE-2022-0791 – Use after free in Omnibox
CVE-2022-0790 Chromium: CVE-2022-0790 – Use after free in Cast UI
CVE-2022-0789 Chromium: CVE-2022-0789 – Heap buffer overflow in ANGLE

 

Highlights

CVE-2022-0808 – Use after free in Chrome OS Shell

By leveraging a defective component related to Chrome’s OS Shell, an attacker can remotely trigger a memory corruption by manipulating one or more input leads. The issue was marked as fixed.

CVE-2022-0789 – Heap buffer overflow in ANGLE

A defective component in Chrome may allow a threat actor to trigger a heap buffer overflow in ANGLE via a specially-designed HTML page. The vulnerability has been addressed and fixed by Microsoft.

CVE-2022-0797 – Out of bounds memory access in Mojo

A vulnerability in Mojo allows a threat actor to read information from before the beginning or past the end of a specific memory buffer. The issue was fixed.

CVE-2022-0799 – Insufficient policy enforcement in Installer

A defect found in the Installer’s code block of Google Chrome may allow an unknown party to retrieve sensitive information. CVE-2022-0799 was fixed as part of Patch Tuesday March.

CVE-2022-0807 -Inappropriate implementation in Autofill

A bug in Chrome’s Autofill function may grant a threat actor elevated privileges. The issue’s been earmarked as fixed.

More Cybersecurity Advice and Parting Thoughts

Patch Tuesday March was more about resolving residual Chromium vulnerabilities than other issues. No word yet on the Log4J bounty hunt. As always, before I go, I’m going to share with you some useful tips on how to enhance your cybersecurity posture.

  1. Asset and software inventory. It’s easier to push your patches if all your eggs are in the same basket. Heimdal™ Patch & Asset Management can quickly inventory your hardware and software assets and help you push patches, regardless of whether you’re running Windows or Linux.
  2. Push notifications. Ensure that you inform your employees about patch deployment – and any changes – in a timely manner, especially for those that require a reboot.
  3. Backup. Regardless of the type of patching solution, you’re using (automatic or traditional), be sure to backup all your apps prior to deployment.

Additional resources:

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Patch Tuesday February 2022 – Microsoft Releases 76 Security Fixes. Log4j Criticality Reduced. Hunt Continues.

Heimdal CyberSecurity & Threat Intelligence Report 2021

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP