You are currently viewing Microsoft February 2022 Patch Tuesday Addresses 57 Vulnerabilities Including a Zero-Day.

Microsoft February 2022 Patch Tuesday Addresses 57 Vulnerabilities Including a Zero-Day.

Microsoft has released February Patch Tuesday security updates with a total of 57 detected Vulnerabilities, including zero-day and 0 critical rated vulnerabilities, using a vulnerability management tool. Hence the products covered in the Microsoft February 2022 patch Tuesday security update include Microsoft Windows, Microsoft Office, Microsoft Office Excel, Microsoft Teams, SQL Server, the Chromium-based Edge browser, Visual Studio Code, Windows Kernel, Windows Print Spooler Components, Windows Remote Procedure Call Runtime, Windows Remote Access Connection Manager, etc.

Additionally, the vulnerability for Windows Kernel (CVE-2022-21989) has been publicly disclosed. A patch management tool can patch this vulnerability.

Zero-day Vulnerability Fixed by Microsoft February 2022 patch Tuesday

CVE-2022-21989Windows Kernel Elevation of Privilege Vulnerability. Additionally, this vulnerability can be exploited from a low-privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than the AppContainer execution environment.

Some Interesting Vulnerabilities

CVE-2022-21984: Windows DNS Server Remote Code Execution Vulnerability. The server is only affected if dynamic updates are enabled, but this configuration is relatively common. Additionally, an attacker might entirely take control of your DNS and execute code with elevated privileges if you have this set up in your environment.This was Microsoft February patch Tuesday.

CVE-2022-22005: Microsoft SharePoint Server Remote Code Execution Vulnerability. So this vulnerability could allow an authenticated user to execute any arbitrary .NET code on the server under the context and permissions of the service account of the SharePoint Web Application. Additionally an attacker would need the ‘Manage Lists’ permissions to exploit this. By default, authenticated users can create their sites, and, in this case, the user will be the owner of this site and will have all necessary permissions.

CVE-2022-21995: Windows Hyper-V Remote Code Execution Vulnerability. So this vulnerability is a guest-to-host escape in the Hyper-V server. The CVSS exploit complexity is rated high here, as Microsoft has stated that an attacker  must prepare the target environment to improve control reliability.’ However, if an enterprise relies on Hyper-V servers, it’s recommended to treat this as a critical update.

CVE-2022-22003Microsoft Office Graphics Remote Code Execution Vulnerability. So For an attacker to successfully exploit this vulnerability, a user needs to be tricked into running malicious files.

These were the vulnerabilities discussed by Microsoft February patch Tuesday

Microsoft security bulletin summary for February 2022

  • Azure Data Explorer
  • Kestrel Web Server
  • Microsoft Dynamics
  • Microsoft Dynamics GP
  • Microsoft Edge (Chromium-based)
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft OneDrive
  • Microsoft Teams
  • Microsoft Windows Codecs Library
  • Power BI
  • Roaming Security Rights Management Services
  • Role: DNS Server
  • Role: Windows Hyper-V
  • SQL Server
  • Visual Studio Code
  • Windows Common Log File System Driver
  • Windows DWM Core Library
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows Named Pipe File System
  • Windows Print Spooler Components
  • Windows Remote Access Connection Manager
  • Windows Remote Procedure Call Runtime
  • Windows User Account Profile
  • Windows Win32K

1. Product: Microsoft Windows
CVEs/Advisory: CVE-2013-3900, CVE-2022-21971, CVE-2022-21974, CVE-2022-21981, CVE-2022-21984, CVE-2022-21985, CVE-2022-21989, CVE-2022-21992, CVE-2022-21993, CVE-2022-21994, CVE-2022-21995, CVE-2022-21996, CVE-2022-21997, CVE-2022-21998, CVE-2022-21999, CVE-2022-22000, CVE-2022-22001, CVE-2022-22002, CVE-2022-22710, CVE-2022-22712, CVE-2022-22715, CVE-2022-22717, CVE-2022-22718
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
KBs: 5010342, 5010345, 5010351, 5010354, 5010358, 5010359, 5010384, 5010386, 5010392, 5010395, 5010403, 5010404, 5010412, 5010419, 5010422, 5010456

2. Product: Microsoft Office
CVEs/Advisory: CVE-2022-21988, CVE-2022-22003, CVE-2022-22004, CVE-2022-22716, CVE-2022-23252
Impact: Information Disclosure, Remote Code Execution
KBs: 3118335, 3172514, 5002133, 5002140, 5002146, 5002149

3. Product: Microsoft Sharepoint Server
CVEs/Advisory: CVE-2022-21968, CVE-2022-21987, CVE-2022-22005, CVE-2022-22716
Impact: Remote Code Execution, Memory corruption, Denial of Service
KBs: 5002120, 5002135, 5002136, 5002145, 5002147, 5002155

Product: Microsoft Excel
CVEs/Advisory: CVE-2022-22716
Impact: Information Disclosure
KBs: 5002137, 5002156

SanerNow VM and SanerNow PM detect these vulnerabilities and hence automatically fix them by applying security updates. Therefore Use SanerNow and keep your systems updated and secure.

This Post Has One Comment

  1. David

    This update absolutely FUBARed my machine. 3+ hours trying to get it to boot and load properly…

Comments are closed.