This month we got patches for 70 vulnerabilities. Of these, none is critical, 1 was previously disclosed and none is being exploited according to Microsoft.
The maximum severity for vulnerabilities this month is 'important'. Among important vulnerabilities, the highest CVSS (8.80) score is associated with the CVE-2022-22005. It is a Remote Code Execution (RCE) vulnerability affecting Microsoft SharePoint Server. To exploit the vulnerability, an attacker must be authenticated and possess the permissions for page creation on Share Point. According to the advisory, the vulnerability is not being exploited, but it says that the 'Exploitability Assessment' is 'More Likely'.
There is another RCE with CVSS of 8.80 affecting Windows DNS Server (CVE-2022-21984). The advisory says that to be vulnerable, a DNS server would need to have dynamic updates enabled. The vulnerability is not being exploited and the 'Exploitability Assessment' is 'Less Likely'.
The previously disclosed vulnerability is an elevation of privilege on Windows Kernel (CVE-2022-21989). The attack complexity is high. "Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment." says the advisory. The CVSS for this vulnerability is 7.8.
See my dashboard for a more detailed breakout: [https://patchtuesdaydashboard.com/](https://patchtuesdaydashboard.com/)
February 2022 Security Updates
Feb 8th 2022
|Thread locked Subscribe||
Feb 8th 2022
7 months ago