VERT Threat Alert: March 2022 Patch Tuesday Analysis
The State of Security
Today’s VERT Alert addresses Microsoft’s March 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-989 on Wednesday, March 9th.
In-The-Wild & Disclosed CVEs
CVE-2022-21990 describes a code execution vulnerability within Remote Desktop Client. The vulnerability requires that a malicious actor control the Remote Desktop Server to which the client has connected. Upon connecting to the malicious server, code is executed on the client system. While Microsoft has said that exploitation is more likely, the fact that an attacker must control a malicious server and t