Microsoft has released February Patch Tuesday security updates with a total of 57 detected Vulnerabilities, including zero-day and 0 critical rated vulnerabilities. The products covered in February’s security update include Microsoft Windows, Microsoft Office, Microsoft Office Excel, Microsoft Teams, SQL Server, the Chromium-based Edge browser, Visual Studio Code, Windows Kernel, Windows Print Spooler Components, Windows Remote Procedure Call Runtime, Windows Remote Access Connection Manager, etc.
The vulnerability for Windows Kernel (CVE-2022-21989) has been publicly disclosed.
Zero-day Vulnerability Fixed
CVE-2022-21989 – Windows Kernel Elevation of Privilege Vulnerability. This vulnerability can be exploited from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than the AppContainer execution environment.
Some Interesting Vulnerabilities
CVE-2022-21984: Windows DNS Server Remote Code Execution Vulnerability. The server is only affected if dynamic updates are enabled, but this is a relatively common configuration. An attacker might entirely take control of your DNS and execute code with elevated privileges if you have this set up in your environment.
CVE-2022-22005: Microsoft SharePoint Server Remote Code Execution Vulnerability. This vulnerability could allow an authenticated user to execute any arbitrary .NET code on the server under the context and permissions of the service account of the SharePoint Web Application. An attacker would need the ‘Manage Lists’ permissions to exploit this. By default, authenticated users can create their sites, and, in this case, the user will be the owner of this site and will have all necessary permissions.
CVE-2022-21995: Windows Hyper-V Remote Code Execution Vulnerability. This vulnerability is a guest-to-host escape in the Hyper-V server. The CVSS exploit complexity is rated high here, as Microsoft has stated that an attacker must prepare the target environment to improve control reliability.’ However, if an enterprise relies on Hyper-V servers, it’s recommended to treat this as a critical update.
CVE-2022-22003: Microsoft Office Graphics Remote Code Execution Vulnerability. For an attacker to successfully exploit this vulnerability, a user needs to be tricked into running malicious files.
Microsoft security bulletin summary for February 2022
- Azure Data Explorer
- Kestrel Web Server
- Microsoft Dynamics
- Microsoft Dynamics GP
- Microsoft Edge (Chromium-based)
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft Office Visio
- Microsoft OneDrive
- Microsoft Teams
- Microsoft Windows Codecs Library
- Power BI
- Roaming Security Rights Management Services
- Role: DNS Server
- Role: Windows Hyper-V
- SQL Server
- Visual Studio Code
- Windows Common Log File System Driver
- Windows DWM Core Library
- Windows Kernel
- Windows Kernel-Mode Drivers
- Windows Named Pipe File System
- Windows Print Spooler Components
- Windows Remote Access Connection Manager
- Windows Remote Procedure Call Runtime
- Windows User Account Profile
- Windows Win32K
Product: Microsoft Windows
CVEs/Advisory: CVE-2013-3900, CVE-2022-21971, CVE-2022-21974, CVE-2022-21981, CVE-2022-21984, CVE-2022-21985, CVE-2022-21989, CVE-2022-21992, CVE-2022-21993, CVE-2022-21994, CVE-2022-21995, CVE-2022-21996, CVE-2022-21997, CVE-2022-21998, CVE-2022-21999, CVE-2022-22000, CVE-2022-22001, CVE-2022-22002, CVE-2022-22710, CVE-2022-22712, CVE-2022-22715, CVE-2022-22717, CVE-2022-22718
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
KBs: 5010342, 5010345, 5010351, 5010354, 5010358, 5010359, 5010384, 5010386, 5010392, 5010395, 5010403, 5010404, 5010412, 5010419, 5010422, 5010456
Product: Microsoft Office
CVEs/Advisory: CVE-2022-21988, CVE-2022-22003, CVE-2022-22004, CVE-2022-22716, CVE-2022-23252
Impact: Information Disclosure, Remote Code Execution
KBs: 3118335, 3172514, 5002133, 5002140, 5002146, 5002149
Product: Microsoft Sharepoint Server
CVEs/Advisory: CVE-2022-21968, CVE-2022-21987, CVE-2022-22005, CVE-2022-22716
Impact: Remote Code Execution, Memory corruption, Denial of Service
KBs: 5002120, 5002135, 5002136, 5002145, 5002147, 5002155