Microsoft Patch Tuesday February 2022 fixes 51 vulnerabilities

Microsoft Patch Tuesday February 2022 comes with fixes for 51 vulnerabilities across Windows Office, Azure Data Explorer, Teams, Visual Studio Code, Kernal and Win32K.

The Patch Tuesday has 51 defects closed, out of which 50 are considered important and one is mentioned as Moderate. All these come with 19 more flaws the company fixed in the Chromium-based Edge browser.

Detailed breakdown of Microsoft Patch Tuesday February 2022 updates

The security vulnerabilities fixed in this Microsoft Patch Tuesday February 2022 update are not actively exploited in the wild, the flaw CVE-2022-21989 with CVSS score 7.8 has been mentioned as Zero-Day. The issue is a privileged escalation bug in Windows Kernel with Microsoft warning of potential attacks.

Once this vulnerability is successfully exploited the attacker can perform other actions for further exploitation of the network. The attack can be performed from a low privilege AppContainer allowing elevated privileges and execute code or access resources at next level.

Besides that, there are several remote code execution vulnerabilities affecting,

• Windows DNS Server – CVE-2022-21984 with a CVSS score of 8.8
• Windows Hyper-V CVE-2022-21995 with CVSS score of 5.3
• SharePoint Server CVE-2022-22005 with CVSS score of 8.8
• HEVC Video Extensions CVE-2022-21844 and CVE-2022-21926 with CVSS score of 7.8

The Microsoft Patch Tuesday February 2022 security update also comes with fixes for,

• Azure Data Explorer spoofing vulnerability – CVE-2022-23256 with CVSS score of 8.1
• Two security bypass vulnerabilities impacting Outlook for Mac – CVE-2022-23280 with CVSS score of 5.3
• Two DOS vulnerabilities in.NET – CVE-2022-21986 with CVSS score of 7.5
• OneDrive for Android CVE-2022-23255 with CVSS score of 5.9
• Teams – CVE-2022-21965 with CVSS score of 7.5

Fixing the multiple elevated privilege flaws in Print Spooler Service and one in the Win32K driver – CVE-2022-21966 with a CVSS score of 7.8, the latter has been mentioned as ‘Exploitation More Likely’ which was patched in Microsoft Patch Tuesday Jan 2022 in CVE-2022-21882.

The Patch Tuesday update came with a patch that was addressing the vulnerability from 2013, which is a signature validation issue affecting WinVerifyTrust CVE-2013-3900 with the fix coming as a opt-in feature via reg key setting, and is now supported editions of Windows released right after December 10, 2013.

The current ZLoader malware campaign that uncovered by Check Point Research in early January was found exploiting the flaw to bypass the file signature verification mechanism and drop malware that can siphon user credentials and other sensitive information.

If you need complete details on the Microsoft Patch Tuesday February 2022 vulnerabilities please visit Microsoft website.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.

You can reach out to us via Twitter or Facebook, for any advertising requests.