Regístrese ahora para una mejor cotización personalizada!

Microsoft February 2022 Patch Tuesday: 48 bugs squashed, one zero-day resolved

Feb, 08, 2022 Hi-network.com

Microsoft has released 48 security fixes for software, including a patch for a zero-day bug, but there are no critical-severity flaws on the list this month. 

In the Redmond giant's latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, Microsoft has fixed problems including remote code execution (RCE) vulnerabilities, privilege escalation bugs, spoofing issues, information leaks, and policy bypass exploits. 

Recommends

The best Surface PCs

Microsoft's lineup of Surface PCs now covers a wide range of hardware factors and price points -- and every model is Windows 11-ready.

Read now

Products impacted by February's security update include the Windows Kernel, Hyper-V, Microsoft Outlook and Office, Azure Data Explorer, and Microsoft SharePoint. 

The single zero-day vulnerability, now patched by Microsoft, is CVE-2022-21989. Issued a CVSS severity score of 7.8, this bug -- which is publicly known -- can be exploited to escalate privileges via the kernel. However, it has not been issued a critical rating, as Microsoft says triggering the exploit "requires an attacker to take additional actions prior to exploitation to prepare the target environment."

Some of the other vulnerabilities of interest in this update are: 

  • CVE-2022-21984 (CVSS 8.8): Windows DNS Server Remote Code Execution Vulnerability
  • CVE-2022-22005 (CVSS 8.8): Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2022-23256 (CVSS 8.1): Azure Data Explorer Spoofing Vulnerability
  • CVE-2022-23274 (CVSS 8.3): Microsoft Dynamics GP Remote Code Execution Vulnerability

According to the Zero Day Initiative (ZDI), the volume of fixes is roughly in line with past releases in the month of February, which aside from 2020, is approximately 50 CVEs.

Last month, Microsoft resolved six zero-day vulnerabilities in the first batch of security fixes for 2022. The previously-unknown bugs could be exploited for purposes including Man-in-The-Middle (MiTM) attacks, denial-of-service, spoofing, and remote code execution. 

Also: Microsoft is working on these new Windows 11 features hidden in test builds

A month prior, the tech giant tackled 67 security issues during December's Patch Tuesday. A zero-day bug of note was being actively exploited by cybercriminals to spread Emotet malware.

Alongside Microsoft's Patch Tuesday round, other vendors, too, have published security updates which can be accessed below.

  • Adobe security updates
  • SAP security updates
  • VMWare security advisories
  • Intel security updates 

More Microsoft

Is Windows 10 too popular for its own good?The best Windows laptop models: Comparing Dell, Samsung, Lenovo, and moreHere's why Windows PCs are only going to get more annoyingHow to downgrade from Windows 11 to Windows 10 (there's a catch)
  • Is Windows 10 too popular for its own good?
  • The best Windows laptop models: Comparing Dell, Samsung, Lenovo, and more
  • Here's why Windows PCs are only going to get more annoying
  • How to downgrade from Windows 11 to Windows 10 (there's a catch)

tag-icon Etiquetas calientes: tecnología seguridad

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.