Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft February 2022 Patch Tuesday - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft February 2022 Patch Tuesday

This month we got patches for 70 vulnerabilities. Of these, none is critical, 1 was previously disclosed and none is being exploited according to Microsoft.

The maximum severity for vulnerabilities this month is 'important'. Among important vulnerabilities, the highest CVSS (8.80) score is associated with the CVE-2022-22005. It is a Remote Code Execution (RCE) vulnerability affecting Microsoft SharePoint Server. To exploit the vulnerability, an attacker must be authenticated and possess the permissions for page creation on Share Point. According to the advisory, the vulnerability is not being exploited, but it says that the 'Exploitability Assessment' is 'More Likely'.

There is another RCE with CVSS of 8.80 affecting Windows DNS Server (CVE-2022-21984). The advisory says that to be vulnerable, a DNS server would need to have dynamic updates enabled. The vulnerability is not being exploited and the 'Exploitability Assessment' is 'Less Likely'.

The previously disclosed vulnerability is an elevation of privilege on Windows Kernel (CVE-2022-21989). The attack complexity is high. "Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment." says the advisory. The CVSS for this vulnerability is 7.8.

See my dashboard for a more detailed breakout: [https://patchtuesdaydashboard.com/](https://patchtuesdaydashboard.com/)

 

February 2022 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Denial of Service Vulnerability
CVE-2022-21986 No No Less Likely Less Likely Important 7.5 6.5
Azure Data Explorer Spoofing Vulnerability
CVE-2022-23256 No No Less Likely Less Likely Important 8.1 7.1
Chromium: CVE-2022-0452 Use after free in Safe Browsing
CVE-2022-0452 No No - - -    
Chromium: CVE-2022-0453 Use after free in Reader Mode
CVE-2022-0453 No No - - -    
Chromium: CVE-2022-0454 Heap buffer overflow in ANGLE
CVE-2022-0454 No No - - -    
Chromium: CVE-2022-0455 Inappropriate implementation in Full Screen Mode
CVE-2022-0455 No No - - -    
Chromium: CVE-2022-0456 Use after free in Web Search
CVE-2022-0456 No No - - -    
Chromium: CVE-2022-0457 Type Confusion in V8
CVE-2022-0457 No No - - -    
Chromium: CVE-2022-0458 Use after free in Thumbnail Tab Strip
CVE-2022-0458 No No - - -    
Chromium: CVE-2022-0459 Use after free in Screen Capture
CVE-2022-0459 No No - - -    
Chromium: CVE-2022-0460 Use after free in Window Dialog
CVE-2022-0460 No No - - -    
Chromium: CVE-2022-0461 Policy bypass in COOP
CVE-2022-0461 No No - - -    
Chromium: CVE-2022-0462 Inappropriate implementation in Scroll
CVE-2022-0462 No No - - -    
Chromium: CVE-2022-0463 Use after free in Accessibility
CVE-2022-0463 No No - - -    
Chromium: CVE-2022-0464 Use after free in Accessibility
CVE-2022-0464 No No - - -    
Chromium: CVE-2022-0465 Use after free in Extensions
CVE-2022-0465 No No - - -    
Chromium: CVE-2022-0466 Inappropriate implementation in Extensions Platform
CVE-2022-0466 No No - - -    
Chromium: CVE-2022-0467 Inappropriate implementation in Pointer Lock
CVE-2022-0467 No No - - -    
Chromium: CVE-2022-0468 Use after free in Payments
CVE-2022-0468 No No - - -    
Chromium: CVE-2022-0469 Use after free in Cast
CVE-2022-0469 No No - - -    
Chromium: CVE-2022-0470 Out of bounds memory access in V8
CVE-2022-0470 No No - - -    
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2022-21844 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-21926 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-21927 No No Unlikely Unlikely Important 7.8 6.8
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2022-21957 No No Less Likely Less Likely Important 7.2 6.3
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
CVE-2022-23271 No No Less Likely Less Likely Important 6.5 5.7
CVE-2022-23272 No No Less Likely Less Likely Important 8.1 7.1
CVE-2022-23273 No No Less Likely Less Likely Important 7.1 6.2
Microsoft Dynamics GP Remote Code Execution Vulnerability
CVE-2022-23274 No No Less Likely Less Likely Important 8.3 7.2
Microsoft Dynamics GP Spoofing Vulnerability
CVE-2022-23269 No No Less Likely Less Likely Important 6.9 6.0
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-23262 No No Less Likely Less Likely Important 6.3 5.5
CVE-2022-23263 No No Less Likely Less Likely Important 7.7 6.7
Microsoft Edge (Chromium-based) Tampering Vulnerability
CVE-2022-23261 No No Less Likely Less Likely Moderate 5.3 4.6
Microsoft Excel Information Disclosure Vulnerability
CVE-2022-22716 No No Less Likely Less Likely Important 5.5 4.8
Microsoft Office ClickToRun Remote Code Execution Vulnerability
CVE-2022-22004 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-22003 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Office Information Disclosure Vulnerability
CVE-2022-23252 No No Less Likely Less Likely Important 5.5 4.8
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-21988 No No Less Likely Less Likely Important 7.8 6.8
Microsoft OneDrive for Android Security Feature Bypass Vulnerability
CVE-2022-23255 No No Less Likely Less Likely Important 5.9 5.2
Microsoft Outlook for Mac Security Feature Bypass Vulnerability
CVE-2022-23280 No No Less Likely Less Likely Important 5.3 4.6
Microsoft Power BI Elevation of Privilege Vulnerability
CVE-2022-23254 No No Less Likely Less Likely Important 4.9 4.3
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-22005 No No More Likely More Likely Important 8.8 7.7
Microsoft SharePoint Server Security Feature BypassVulnerability
CVE-2022-21968 No No Less Likely Less Likely Important 4.3 3.8
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2022-21987 No No Less Likely Less Likely Important 8.0 7.0
Microsoft Teams Denial of Service Vulnerability
CVE-2022-21965 No No Less Likely Less Likely Important 7.5 6.5
Named Pipe File System Elevation of Privilege Vulnerability
CVE-2022-22715 No No More Likely More Likely Important 7.8 6.8
Roaming Security Rights Management Services Remote Code Execution Vulnerability
CVE-2022-21974 No No Less Likely Less Likely Important 7.8 6.8
SQL Server for Linux Containers Elevation of Privilege Vulnerability
CVE-2022-23276 No No Less Likely Less Likely Important 7.8 6.8
VP9 Video Extensions Remote Code Execution Vulnerability
CVE-2022-22709 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
CVE-2022-21991 No No Less Likely Less Likely Important 8.1 7.1
Win32k Elevation of Privilege Vulnerability
CVE-2022-21996 No No - - Important 7.8 6.8
Windows Common Log File System Driver Denial of Service Vulnerability
CVE-2022-22710 No No Less Likely Less Likely Important 5.5 4.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-21981 No No More Likely More Likely Important 7.8 6.8
CVE-2022-22000 No No More Likely More Likely Important 7.8 6.8
Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2022-21998 No No Less Likely Less Likely Important 5.5 4.8
Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-21984 No No Less Likely Less Likely Important 8.8 7.7
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-21994 No No More Likely More Likely Important 7.8 6.8
Windows Hyper-V Denial of Service Vulnerability
CVE-2022-22712 No No Less Likely Less Likely Important 5.6 4.9
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-21995 No No Less Likely Less Likely Important 7.9 6.9
Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-21989 Yes No More Likely More Likely Important 7.8 7.0
Windows Mobile Device Management Remote Code Execution Vulnerability
CVE-2022-21992 No No Less Likely Less Likely Important 7.8 6.8
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-22717 No No Less Likely Less Likely Important 7.0 6.1
CVE-2022-22718 No No More Likely More Likely Important 7.8 6.8
CVE-2022-21997 No No Less Likely Less Likely Important 7.1 6.2
CVE-2022-21999 No No More Likely More Likely Important 7.8 6.8
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2022-22001 No No Less Likely Less Likely Important 7.8 6.8
Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2022-21985 No No Less Likely Less Likely Important 5.5 4.8
Windows Runtime Remote Code Execution Vulnerability
CVE-2022-21971 No No Less Likely Less Likely Important 7.8 6.8
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
CVE-2022-21993 No No Less Likely Less Likely Important 7.5 6.5
Windows User Account Profile Picture Denial of Service Vulnerability
CVE-2022-22002 No No Less Likely Less Likely Important 5.5 4.8

 

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

 Renato

82 Posts
ISC Handler
Feb 8th 2022
Thread locked Subscribe Feb 8th 2022
3 months ago

Sign Up for Free or Log In to start participating in the conversation!