February Patch Tuesday 2022 Fixes 51 Vulnerabilities
Microsoft Releases 51 fixes this month including 1 Public Aware threat
here are 50 Important fixes in this release and 1 Moderate. Microsoft Windows and Windows Components, Azure Data Explorer, Kestrel Web Server, Microsoft Edge (Chromium-based), Windows Codecs Library, Microsoft Dynamics, Microsoft Dynamics GP, Microsoft Office and Office Components, Windows Hyper-V Server, SQL Server, Visual Studio Code, and Microsoft Teams.
Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.
Robert Brown, Head of Customer Success for Syxsense said, “This is the first year we have a Microsoft release which has not consisted of a Critical severity vulnerability rated by the Vendor. This is the reason it is essential to compare different severity systems instead of relying on a single source of truth, in this case the vendor rated severity. There are still extremely important vulnerabilities to remediate this month, the lack of a Critical vulnerabilities does not allow you to relax just yet.”
Top February 2022 Patches and Vulnerabilities
Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend our customers enter the CVE numbers below into your patch management solution and deploy as soon as possible.
1. CVE-2022-21989: Windows Kernel Elevation of Privilege Vulnerability
Windows does not properly impose security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation.
Syxscore
- Vendor Severity: Important
- CVSS: 7.8
- Weaponised: No
- Public Aware: Yes
- Countermeasure: No
Syxscore Risk
- Attack Vector: Local
- Attack Complexity: High
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Yes
2. CVE-2022-21984: Windows DNS Server Remote Code Execution Vulnerability
This patch fixes a remote code execution bug in the Microsoft DNS server. An attacker could completely take over your DNS and execute code with elevated privileges.
Syxscore
- Vendor Severity: Important
- CVSS: 8.8
- Weaponised: No
- Public Aware: No
- Countermeasure: Yes – The server is only affected if dynamic updates are enabled, but this is a relatively common configuration.
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): No
3. CVE-2022-21995: Windows Hyper-V Remote Code Execution Vulnerability
This patch fixes a guest-to-host escape in Hyper-V server and successful exploitation of this vulnerability may result in complete compromise of the system.
Syxscore
- Vendor Severity: Important
- CVSS: 7.9
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Adjacent
- Attack Complexity: High
- Privileges: None
- User Interaction: Required
- Scope (Jump Point): Yes
- Scope (Jump Point): No
Syxsense Recommendations
Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.
| CVE | Title | Vendor Severity | CVSS Score | Countermeasure | Publicly Aware | Weaponised | Highly Recommended |
| CVE-2022-21989 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | Yes | |
| CVE-2022-21984 | Windows DNS Server Remote Code Execution Vulnerability | Important | 8.8 | Yes | No | No | Yes |
| CVE-2022-22005 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | Yes | |
| CVE-2022-23274 | Microsoft Dynamics GP Remote Code Execution Vulnerability | Important | 8.3 | No | No | Yes | |
| CVE-2022-23256 | Azure Data Explorer Spoofing Vulnerability | Important | 8.1 | No | No | Yes | |
| CVE-2022-23272 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | Important | 8.1 | No | No | Yes | |
| CVE-2022-21991 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | Important | 8.1 | No | No | Yes | |
| CVE-2022-21987 | Microsoft SharePoint Server Spoofing Vulnerability | Important | 8 | No | No | Yes | |
| CVE-2022-21995 | Windows Hyper-V Remote Code Execution Vulnerability | Important | 7.9 | No | No | Yes | |
| CVE-2022-21844 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-21926 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-21927 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-22004 | Microsoft Office ClickToRun Remote Code Execution Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-22003 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-21988 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-22715 | Named Pipe File System Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-21974 | Roaming Security Rights Management Services Remote Code Execution Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-23276 | SQL Server for Linux Containers Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-22709 | VP9 Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-21996 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-21981 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-22000 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-21994 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-21992 | Windows Mobile Device Management Remote Code Execution Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-21999 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-22718 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-22001 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-21971 | Windows Runtime Remote Code Execution Vulnerability | Important | 7.8 | No | No | Yes | |
| CVE-2022-23263 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 7.7 | No | No | Yes | |
| CVE-2022-21986 | .NET Denial of Service Vulnerability | Important | 7.5 | No | No | ||
| CVE-2022-21965 | Microsoft Teams Denial of Service Vulnerability | Important | 7.5 | No | No | ||
| CVE-2022-21993 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important | 7.5 | No | No | ||
| CVE-2022-21957 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Important | 7.2 | No | No | ||
| CVE-2022-23273 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | Important | 7.1 | No | No | ||
| CVE-2022-21997 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.1 | No | No | ||
| CVE-2022-22717 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-23269 | Microsoft Dynamics GP Spoofing Vulnerability | Important | 6.9 | No | No | ||
| CVE-2022-23271 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | Important | 6.5 | No | No | ||
| CVE-2022-23262 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 6.3 | No | No | ||
| CVE-2022-23255 | Microsoft OneDrive for Android Security Feature Bypass Vulnerability | Important | 5.9 | No | No | ||
| CVE-2022-22712 | Windows Hyper-V Denial of Service Vulnerability | Important | 5.6 | No | No | ||
| CVE-2022-22716 | Microsoft Excel Information Disclosure Vulnerability | Important | 5.5 | No | No | ||
| CVE-2022-23252 | Microsoft Office Information Disclosure Vulnerability | Important | 5.5 | No | No | ||
| CVE-2022-22710 | Windows Common Log File System Driver Denial of Service Vulnerability | Important | 5.5 | No | No | ||
| CVE-2022-21998 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | ||
| CVE-2022-21985 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important | 5.5 | No | No | ||
| CVE-2022-22002 | Windows User Account Profile Picture Denial of Service Vulnerability | Important | 5.5 | No | No | ||
| CVE-2022-23280 | Microsoft Outlook for Mac Security Feature Bypass Vulnerability | Important | 5.3 | No | No | ||
| CVE-2022-23261 | Microsoft Edge (Chromium-based) Tampering Vulnerability | Moderate | 5.3 | No | No | ||
| CVE-2022-23254 | Microsoft Power BI Elevation of Privilege Vulnerability | Important | 4.9 | No | No | ||
| CVE-2022-21968 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | Important | 4.3 | No | No |
