Patch Tuesday March 2022 – Microsoft Releases Fixes for 21 Common Vulnerabilities

During March’s patching bout, Microsoft has made available fixes for 21 common security and non-security-related vulnerabilities. None of the exploits on the Patch Tuesday March list bore severity scores or impact levels.

Patch Tuesday March 2022 Roundup

As previously stated, all the fixes delivered by Microsoft revolved around common issues. This month’s Patch Tuesday brought several adjustments for the Chromium-based Microsoft Edge such Use-after-free in Omnibox, heap buffer overflow in ANGLE, heap buffer overflow in CAST UI, inappropriate implementation in HTML pages, out of bounds memory access in Mojo, type confusion in Blink layout, data leak in Canvas, out of bounds memory access in WebXR, and more.

March Highlights in Vulnerabilities. List of all Fixes.

Below, you will find the redacted list of all security and non-security-related vulnerabilities that have been addressed by Microsoft during Patch Tuesday March.

Highlights

CVE-2022-0808 – Use after free in Chrome OS Shell

By leveraging a defective component related to Chrome’s OS Shell, an attacker can remotely trigger a memory corruption by manipulating one or more input leads. The issue was marked as fixed.

CVE-2022-0789 – Heap buffer overflow in ANGLE

A defective component in Chrome may allow a threat actor to trigger a heap buffer overflow in ANGLE via a specially-designed HTML page. The vulnerability has been addressed and fixed by Microsoft.

CVE-2022-0797 – Out of bounds memory access in Mojo

A vulnerability in Mojo allows a threat actor to read information from before the beginning or past the end of a specific memory buffer. The issue was fixed.

CVE-2022-0799 – Insufficient policy enforcement in Installer

A defect found in the Installer’s code block of Google Chrome may allow an unknown party to retrieve sensitive information. CVE-2022-0799 was fixed as part of Patch Tuesday March.

CVE-2022-0807 -Inappropriate implementation in Autofill

A bug in Chrome’s Autofill function may grant a threat actor elevated privileges. The issue’s been earmarked as fixed.

More Cybersecurity Advice and Parting Thoughts

Patch Tuesday March was more about resolving residual Chromium vulnerabilities than other issues. No word yet on the Log4J bounty hunt. As always, before I go, I’m going to share with you some useful tips on how to enhance your cybersecurity posture.

1. Asset and software inventory. It’s easier to push your patches if all your eggs are in the same basket. Heimdal™ Patch & Asset Management can quickly inventory your hardware and software assets and help you push patches, regardless of whether you’re running Windows or Linux.
2. Push notifications. Ensure that you inform your employees about patch deployment – and any changes – in a timely manner, especially for those that require a reboot.
3. Backup. Regardless of the type of patching solution, you’re using (automatic or traditional), be sure to backup all your apps prior to deployment.

Additional resources:

• Previous Patch Tuesday post. 
• IT Asset Inventory Management article.
• Asset Tracking Software article.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.