Microsoft February 2022 Patch Tuesday Addresses 57 Vulnerabilities Including a Zero-Day.

Microsoft has released February Patch Tuesday security updates with a total of 57 detected Vulnerabilities, including zero-day and 0 critical rated vulnerabilities, using a vulnerability management tool. Hence the products covered in the Microsoft February 2022 patch Tuesday security update include Microsoft Windows, Microsoft Office, Microsoft Office Excel, Microsoft Teams, SQL Server, the Chromium-based Edge browser, Visual Studio Code, Windows Kernel, Windows Print Spooler Components, Windows Remote Procedure Call Runtime, Windows Remote Access Connection Manager, etc.

Additionally, the vulnerability for Windows Kernel (CVE-2022-21989) has been publicly disclosed. A patch management tool can patch this vulnerability.

CVE-2022-21989 – Windows Kernel Elevation of Privilege Vulnerability. Additionally, this vulnerability can be exploited from a low-privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than the AppContainer execution environment.

CVE-2022-21984: Windows DNS Server Remote Code Execution Vulnerability. The server is only affected if dynamic updates are enabled, but this configuration is relatively common. Additionally, an attacker might entirely take control of your DNS and execute code with elevated privileges if you have this set up in your environment.This was Microsoft February patch Tuesday.

CVE-2022-22005: Microsoft SharePoint Server Remote Code Execution Vulnerability. So this vulnerability could allow an authenticated user to execute any arbitrary .NET code on the server under the context and permissions of the service account of the SharePoint Web Application. Additionally an attacker would need the ‘Manage Lists’ permissions to exploit this. By default, authenticated users can create their sites, and, in this case, the user will be the owner of this site and will have all necessary permissions.

CVE-2022-21995: Windows Hyper-V Remote Code Execution Vulnerability. So this vulnerability is a guest-to-host escape in the Hyper-V server. The CVSS exploit complexity is rated high here, as Microsoft has stated that an attacker  must prepare the target environment to improve control reliability.’ However, if an enterprise relies on Hyper-V servers, it’s recommended to treat this as a critical update.

CVE-2022-22003: Microsoft Office Graphics Remote Code Execution Vulnerability. So For an attacker to successfully exploit this vulnerability, a user needs to be tricked into running malicious files.

These were the vulnerabilities discussed by Microsoft February patch Tuesday

• Azure Data Explorer
• Kestrel Web Server
• Microsoft Dynamics
• Microsoft Dynamics GP
• Microsoft Edge (Chromium-based)
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office Outlook
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft OneDrive
• Microsoft Teams
• Microsoft Windows Codecs Library
• Power BI
• Roaming Security Rights Management Services
• Role: DNS Server
• Role: Windows Hyper-V
• SQL Server
• Visual Studio Code
• Windows Common Log File System Driver
• Windows DWM Core Library
• Windows Kernel
• Windows Kernel-Mode Drivers
• Windows Named Pipe File System
• Windows Print Spooler Components
• Windows Remote Access Connection Manager
• Windows Remote Procedure Call Runtime
• Windows User Account Profile
• Windows Win32K

1. Product: Microsoft WindowsCVEs/Advisory: CVE-2013-3900, CVE-2022-21971, CVE-2022-21974, CVE-2022-21981, CVE-2022-21984, CVE-2022-21985, CVE-2022-21989, CVE-2022-21992, CVE-2022-21993, CVE-2022-21994, CVE-2022-21995, CVE-2022-21996, CVE-2022-21997, CVE-2022-21998, CVE-2022-21999, CVE-2022-22000, CVE-2022-22001, CVE-2022-22002, CVE-2022-22710, CVE-2022-22712, CVE-2022-22715, CVE-2022-22717, CVE-2022-22718Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature BypassKBs: 5010342, 5010345, 5010351, 5010354, 5010358, 5010359, 5010384, 5010386, 5010392, 5010395, 5010403, 5010404, 5010412, 5010419, 5010422, 5010456

2. Product: Microsoft OfficeCVEs/Advisory: CVE-2022-21988, CVE-2022-22003, CVE-2022-22004, CVE-2022-22716, CVE-2022-23252Impact: Information Disclosure, Remote Code ExecutionKBs: 3118335, 3172514, 5002133, 5002140, 5002146, 5002149

3. Product: Microsoft Sharepoint ServerCVEs/Advisory: CVE-2022-21968, CVE-2022-21987, CVE-2022-22005, CVE-2022-22716Impact: Remote Code Execution, Memory corruption, Denial of ServiceKBs: 5002120, 5002135, 5002136, 5002145, 5002147, 5002155

Product: Microsoft ExcelCVEs/Advisory: CVE-2022-22716Impact: Information DisclosureKBs: 5002137, 5002156

SanerNow VM and SanerNow PM detect these vulnerabilities and hence automatically fix them by applying security updates. Therefore Use SanerNow and keep your systems updated and secure.