IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft Patch Tuesday fixes Windows 11 system reset bug

A host of fixes are available to Windows administrators as Microsoft patches three critical RCEs flaws

Microsoft has released this month’s score of patches for Windows security flaws, fixing a bug found in February that prevented some users from erasing all their files after a system reset.

The Windows manual reset option is designed to effectively restore a device to its factory-shipped settings, removing user data. Microsoft published a workaround at the time, but the updates to Windows 11 and Windows 10 released on Tuesday will eliminate the bug, though Microsoft did say it may take up to seven days for the changes to take effect. 

A total of 92 vulnerabilities were patched across Windows and other Microsoft products, including three critical-rated remote code execution (RCE) vulnerabilities and three security feature bypass flaws.

Two of the critical-rated flaws affected Video Extensions for advertisements, tracked as CVE-2022-24501 and CVE-2022-22006, and both were able to be exploited to achieve RCE with a ‘low’ attack complexity.

In both cases, an attacker would need to convince a user to download a specially crafted file that would lead to a crash. Successful attackers would also need local access to a victim’s machine, either via its mouse and keyboard or a secure shell connection (SSH).

The other critical flaw, tracked as CVE-2022-23277, is a remote code execution vulnerability in Microsoft Exchange Server with a low degree of attack complexity and low privileges required to exploit. In all three cases, there is no known exploit code available, but patching is still recommended, especially for security vulnerabilities of this severity.

“The vulnerability most likely to raise eyebrows this month is CVE-2022-23277, a Critical RCE affecting Exchange Server,” said Greg Wiseman, lead product manager at Rapid7. 

“Thankfully, this is a post-authentication vulnerability, meaning attackers need credentials to exploit it. Although passwords can be obtained via phishing and other means, this one shouldn’t be as rampantly exploited as the deluge of Exchange vulnerabilities we saw throughout 2021. Exchange administrators should still patch as soon as reasonably possible.

A total of 29 RCE vulnerabilities were addressed in Microsoft’s March ‘Patch Tuesday’, and three of the total 92 flaws had been previously disclosed. 

Related Resource

Successful WAN and security transformation powers the digital enterprise

Applications are delivered in the cloud - security should be too

Dark grey whitepaper cover with white title and circular graphics in pink stripes and a lighter greyFree Download

Of these three previously known issues, both CVE-2022-21990 and CVE-2022-24459, RCE and privilege escalation vulnerabilities respectively, have known proofs-of-concept (PoC) available but no exploitation has been observed in the wild.

The final known vulnerability was an RCE flaw affecting .NET and Visual Studio; this has also now been patched but no PoC code is thought to have been developed, Microsoft said. It would be difficult to exploit this vulnerability alone, and would be more likely used as part of a chained attack, it added.

Other vulnerabilities such as privilege escalation, security feature bypass, information disclosure, denial of service, and spoofing flaws were also found across Microsoft’s products. All updates are available in the Microsoft Update Catalog now.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads
Microsoft Windows

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads

20 Jun 2022
IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated
Business strategy

IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated

17 Jun 2022
Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive
ransomware

Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive

17 Jun 2022
Microsoft silent patches called “a grossly irresponsible policy”
cyber security

Microsoft silent patches called “a grossly irresponsible policy”

15 Jun 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022