Skip to Content
Microsoft Patch Tuesday
© Vladyslav Yushynov | Dreamstime.com
Security & privacy

Update your PC! Microsoft patch fixes 3 zero-days, 71 other flaws

When you purchase an app or virtually any modern software, you are not getting the final product. Developers release patches, fixes and new features to secure their work, protect users and stay competitive.

Whan was the last time you updated your browser? It’s important to keep it up to date to protect against malware, phishing attacks, viruses and more. Google recently updated Chrome to patch a zero-day flaw used to launch cyberattacks. Tap or click for details and instructions for updating Chrome.

Patch Tuesday is a common practice among tech companies in which they accumulate updates then release them on the second Tuesday of every month. Keep reading for details on Microsoft’s Patch Tuesday update for March and how to get it now.

Patch Tuesday for March 2022

Microsoft just released its March updates, including three zero-day and 71 vulnerability fixes. This is up from February’s list of 48 flaws, which was down from January. The fixes for this month address Remote Code Execution, Elevation of Privilege and Denial of Service.

Zero-day fixes

Microsoft describes a zero-day vulnerability as “a flaw in software for which no official patch or security update has been released.” The tech giant revealed fixes for three of these publicly disclosed flaws today:

  • CVE-2022-21990 – Remote Desktop Client Remote Code Execution Vulnerability. While this flaw has not been used in any known attacks, Microsoft notes that an attacker can easily create code to exploit it.
  • CVE-2022-24512 – .NET and Visual Studio Remote Code Execution Vulnerability. This vulnerability has not been used in any attacks. Microsoft notes that while exploit code could be created, it would be quite difficult for the attacker.
  • CVE-2022-24459 – Windows Fax and Scan Service Elevation of Privilege Vulnerability. This vulnerability has not been used in any attacks. Microsoft notes that while exploit code could be created, it would be quite difficult for the attacker.

Critical flaws

Three fixes were revealed for vulnerabilities labeled as critical:

  • CVE-2022-22006 – HEVC Video Extensions Remote Code Execution Vulnerability. This vulnerability has not been used in any attacks. Microsoft notes that while exploit code could be created, it would be quite difficult for the attacker.
  • CVE-2022-23277 – Microsoft Exchange Server Remote Code Execution Vulnerability. While this vulnerability has not been used in any attacks, Microsoft notes that code can be created by an attacker to consistently exploit this vulnerability.
  • CVE-2022-24501 – VP9 Video Extensions Remote Code Execution Vulnerability. This vulnerability has not been used in any attacks. Microsoft notes that while exploit code could be created, it would be quite difficult for the attacker.

Other vulnerabilities that are more likely to be exploited include CVE-2022-23277 — Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2022-23286 — Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability and CVE-2022-24508 — Windows SMBv3 Client/Server Remote Code Execution Vulnerability.

Update your Windows PC now

Updating Windows gets you the latest fixes and security improvements, helping your device run more efficiently while staying protected.

To update Windows 10:

  • Go to Start > Settings Update & Security > Windows Update. Then select Check for updates. If an update is available, select Download and install now.

To update Windows 11:

  • Go to  Start Settings > Windows Update Check for updates. If an update is available, select Download and install now.

Keep reading

Can’t find the Start menu after the latest Windows update? You’re not alone

Update your iPhone and iPad now to patch a major security flaw

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started