Advisory: Microsoft and Apple Security Updates (March 2022)

Overview

This month's Microsoft 'Patch Tuesday' release consists of a number of security updates for popular Microsoft products and features, including Microsoft Office, Remote Desktop and Defender. A majority of these security updates have been classified as 'important'. There are several 'critical' updates available.

Security updates for Apple products and services have not yet been released (09/03/22).

Individuals and businesses should apply these security updates to protect against potential cyber threats.

If you receive a notification on your computer to install updates, please do so as soon as practicable. If a notification isn't displayed, you can manually check for updates by searching for 'updates' on your computer or device's search bar.

Detail

This month’s Microsoft ‘Patch Tuesday’ addresses several vulnerabilities, including various remote code execution (RCE) and privilege escalation flaws. Most of these have been rated as 'important' by Microsoft however, if exploited, could result in unauthorised access and modification to systems and services.

Of note, are several 'critical' security updates for the following vulnerabilities:

• Remote Desktop remote code execution (RCE) vulnerability - CVE-2022-21990
• Microsoft Exchange Server RCE - CVE-2022-23277
• Microsoft Defender spoofing vulnerability - CVE-2022-23278

More information about the March 2022 Microsoft Security updates can be found here: https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar

and here: https://msrc.microsoft.com/update-guide/en-us

At the time of writing (09/03/22), Apple have not released security updates their devices and services. Information on the latest Apple security updates can be found here: https://support.apple.com/en-us/HT201222. This page will be updated when Apple have published their updates.

Recommended Action

• Frequently monitor and review security updates for all of your systems and devices. Implement security patches as soon as practicable. Set your devices to update automatically wherever possible.

• If using a Microsoft computer, it should display a notification to update but if it doesn't you can 'check for updates' in the search bar next to the start button. Your organisation may implement security updates automatically but you may be asked to restart your computer in order to complete the update(s).

• It is good practise to back up your system and/or important files before installing any major updates.

• Take a look at the ‘5 Steps to Cyber Security’ guidance on our Advice & Guidance page for more guidance on how to better protect your organisation.

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.