Microsoft stomps 48 bugs in February Patch Tuesday update

Microsoft released patches to fix a total of 48 vulnerabilities in its monthly Patch Tuesday update, including a single zero-day that has yet to be exploited in the wild. The February update is one of the mildest seen since the summer of 2021, but that’s not necessarily unusual given that it follows a steep January dip.

Even so, it’s perhaps more remarkable that it’s not being as serious as usual, as noted by Allan Liska, principal security architect at Recorded Future. “No vulnerabilities have been reported that Microsoft has seen exploited in the wild, and in an unusual statement for Patch Tuesday, none of the vulnerabilities disclosed this month were rated critical by Microsoft,” he said. .

“Perhaps most importantly, this month’s new cumulative updates should ease the frustration of teams who are still postponing January updates due to multiple complications,” said Lewis Pope, Head of safety at N-able. “The new UCs should help teams catch up and get back into compliance with their patch management controls.”

Kev Breen, Director of Cyber ​​Threat Research at Immersive Labs, said: “The release of the January patch may have left some IT teams feeling somewhat sour as Microsoft had to re-release updates to fix some issues. unexpected caused by updates. This shouldn’t be used as an excuse to skip updates, but it does reinforce the importance of testing patches in a test environment or using a staged rollout, and why monitoring for any negative impact should always be a key step in your patch policy.

The leaked zero-day is tracked as CVE-2022-21989 and is a Windows Kernel Elevation of Privilege Vulnerability affecting Windows 7 through 11 and Windows Server 2008 through 2022. It carries a CVSS rating of 7.8 and does not is not considered particularly easy to exploit.

Tenable’s staff research engineer, Satnam Narang, explained, “The complexity in exploiting [this] the vulnerability is high due to the extra work required to prepare the target – this type of vulnerability is often exploited by an attacker once they have already compromised the target.

Still, despite the lower-than-usual rating for a publicly disclosed zero-day, it’s highly likely to be exploited quickly, as explained by Chris Goettl, Vice President of Product Management Ivanti: Exploit code maturity is proof-of-concept; this means that much of the initial investigative work for a weaponized exploit has already been done, and the details could be publicly available to threat actors.

Some of the other most notable vulnerabilities this month include CVE-2022-21984, a remote code execution vulnerability in Windows DNS Server affecting Windows 10 and 11 and Server 2022, but only if dynamic updates are activated; and CVE-2022-22005, a remote code execution vulnerability in Sharepoint Server affecting versions 2013-19 and Subscription Edition, which requires a malicious actor to be authenticated on their target system in order to be exploited.

There are also four new privilege escalation vulnerabilities in Windows Print Spooler – one attributed to the same Chinese team that discovered the PrintNightmare nightmare last year. These should be prioritized as the high-profile nature of PrintNightmare continues to attract the attention of ethical and malicious hackers.

Breen of Immersive Labs observed, “Is it really Patch Tuesday if we’re not talking about a vulnerability in Windows print spooler components? This month sees four new CVEs related to this heavily exploited component: CVE-2022-21999, CVE-2022-22718, CVE-2022-21997, and CVE-2022-22717.

“They are all listed as elevation of privilege, which is a key part of the attack chain. Once initial access is gained, attackers will quickly seek to gain admin-level access so they can roam the network, compromise other devices, and avoid detection by disabling security tools.

Previous Moonpig pulls Cristiano Ronaldo's card and apologizes ahead of Valentine's Day
Next Seniors come together online and in person to discuss seniors' issues and win prizes