March 2022 Patch Tuesday forecast: Pressure mounts to resolve vulnerabilities

February 2022 Patch Tuesday was an anomaly. Not only did we see record low numbers of vulnerabilities addressed across all of Microsoft’s operating systems, but we also saw for the first time in my experience that all the updates were only rated Important. After the reissuing of updates in January, we expected fewer CVEs would be addressed as Microsoft focused on stable updates in February, but this was unprecedented.

Little did we know the security environment could change so much in one month — after an easy set of updates in February, we need to provide heightened awareness this month, installing security updates quickly and efficiently.

The breakout of war between Russia and Ukraine provides a new perspective on the future of cyberwarfare and security. The news headlines are full of reports on extensive electronic attacks prior to the actual physical invasion. Microsoft reported they detected a newly discovered malware named Foxblade involved in major attacks against the Ukrainian critical infrastructure. They also reported that these attacks were tightly focused and not widespread like the 2017 NotPetya worldwide assault. These attacks are continuing, and experts are predicting there will be spillover attacks beyond Ukraine related directly to sanctions and other opportunistic hacker groups.

Similar to when Covid hit, there are already phishing attacks to make the most of an emotional situation, such as under the guise “Help Fund Ukraine.” The US Cybersecurity and Infrastructure Security Agency is clearly responding to heightened activity and has added 95 known exploited vulnerabilities to their catalog which now totals 478. They’ve also posted an alert with the technical details associated with the Ukrainian attack I mentioned previously. Regardless of where they come from, we need to be ready to combat this potential wave of attacks through careful preparation and management of all cybersecurity measures.

One of the hot topics this month was a future installation change for Windows 11. Microsoft included a note in the new Insider blog stating, “Similar to Windows 11 Home edition, Windows 11 Pro edition now requires internet connectivity during the initial device setup (OOBE) only. If you choose to setup device for personal use, MSA will be required for setup as well. You can expect Microsoft Account to be required in subsequent WIP flights.” Requiring internet connectivity to simply install will be challenging for many organizations, so we need to monitor this as the development builds approach production.

March 2022 Patch Tuesday forecast

• Expect a much larger set of CVEs addressed this month as Microsoft digs into the backlog after a small release last month. A lot of these CVEs may be rated Critical as they focus on vulnerabilities more open to attack. The usual set of updates will be available for all operating systems, Office, and probably Exchange Server.
• Adobe updated their common consumer applications last month and there hasn’t been a pre-announcement for Acrobat and Reader, so we may not see one next week.
• There were Valentine’s security updates for Safari, macOS Catalina, Big Sur and Monterey, and iOS so unless something critical appears expect a quiet week from Apple.
• This was an active week for Google. They released both Extended Stable Channel Update for Desktop 98.0.4758.119 and Stable Channel Update for Desktop 99.0.4844.51 for Windows, Mac and Linux. This update includes 28 security fixes of which 9 are rated High.
• Mozilla has released on the last two Patch Tuesdays so expect updates for Firefox, Firefox ESR, and Thunderbird next week.
• APT activity on the network is increasing and expanding, so be vigilant in applying updates and monitoring the activity on your systems.