- A pretty light month for a Microsoft Patch Tuesday release, with 51 CVEs.
- Out of all the CVEs, 50 were marked as important, and one as moderate.
- So, the good news is that there are no critical severity ones this month.
- We've included each and everyone in this article, with direct links as well.
It’s that time of the month again, and everyone is looking towards Microsoft, in hopes that some of the flaws they’ve been struggling with will finally get fixed.
We’ve already provided the direct download links for the cumulative updates released today for Windows 10, but now it’s time to talk about Critical Vulnerabilities and Exposures again.
In terms of heft, this month’s release coincides with February releases from previous years, which are usually around 50 CVEs.
Let’s dive right into it and see what vulnerabilities are completely gone from our lives, now that these patches are live.
There were no Critical CVEs to fix for February 2022
The silver lining for the month of February 2022, is the complete lack of Critical-rated patches. Out of the ones released today, 50 are rated as Important and one is rated as Moderate in severity.
So, the 51 new patches that became available today address CVEs in:
- Microsoft Windows and Windows Components
- Azure Data Explorer
- Kestrel Web Server
- Microsoft Edge (Chromium-based)
- Windows Codecs Library
- Microsoft Dynamics
- Microsoft Dynamics GP
- Microsoft Office and Office Components
- Windows Hyper-V Server
- SQL Server
- Visual Studio Code
- Microsoft Teams
Some more good news is that none of the bugs that were addressed this month are listed as being under active exploit, except for one, which is listed as publicly known at the time of release.
We know you’re curious and would like to explore each and every single one of the patches, so we are going to present them to you.
CVE | Title | Severity | CVSS | Public | Exploited | Type | |
CVE-2022-21989 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | EoP | |
CVE-2022-21984 | Windows DNS Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
CVE-2022-23280 | Microsoft Outlook for Mac Security Feature Bypass Vulnerability | Important | 5.3 | No | No | SFB | |
CVE-2022-21995 | Windows Hyper-V Remote Code Execution Vulnerability | Important | 7.9 | No | No | RCE | |
CVE-2022-22005 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
CVE-2022-21986 | .NET Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
CVE-2022-23256 | Azure Data Explorer Spoofing Vulnerability | Important | 8.1 | No | No | Spoofing | |
CVE-2022-21844 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
CVE-2022-21926 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
CVE-2022-21927 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
CVE-2022-21957 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Important | 7.2 | No | No | RCE | |
CVE-2022-23271 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | Important | 6.5 | No | No | EoP | |
CVE-2022-23272 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | Important | 8.1 | No | No | EoP | |
CVE-2022-23273 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | Important | 7.1 | No | No | EoP | |
CVE-2022-23274 | Microsoft Dynamics GP Remote Code Execution Vulnerability | Important | 8.3 | No | No | RCE | |
CVE-2022-23269 | Microsoft Dynamics GP Spoofing Vulnerability | Important | 6.9 | No | No | Spoofing | |
CVE-2022-23262 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 6.3 | No | No | EoP | |
CVE-2022-23263 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 7.7 | No | No | EoP | |
CVE-2022-22716 | Microsoft Excel Information Disclosure Vulnerability | Important | 5.5 | No | No | Info | |
CVE-2022-22004 | Microsoft Office ClickToRun Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
CVE-2022-22003 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
CVE-2022-23252 | Microsoft Office Information Disclosure Vulnerability | Important | 5.5 | No | No | Info | |
CVE-2022-21988 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
CVE-2022-23255 | Microsoft OneDrive for Android Security Feature Bypass Vulnerability | Important | 5.9 | No | No | SFB | |
CVE-2022-23254 | Microsoft Power BI Elevation of Privilege Vulnerability | Important | 4.9 | No | No | EoP | |
CVE-2022-21968 | Microsoft SharePoint Server Security Feature BypassVulnerability | Important | 4.3 | No | No | SFB | |
CVE-2022-21987 | Microsoft SharePoint Server Spoofing Vulnerability | Important | 8 | No | No | Spoofing | |
CVE-2022-21965 | Microsoft Teams Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
CVE-2022-22715 | Named Pipe File System Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
CVE-2022-21974 | Roaming Security Rights Management Services Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
CVE-2022-23276 | SQL Server for Linux Containers Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
CVE-2022-21991 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | Important | 8.1 | No | No | RCE | |
CVE-2022-22709 | VP9 Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
CVE-2022-21996 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
CVE-2022-22710 | Windows Common Log File System Driver Denial of Service Vulnerability | Important | 5.5 | No | No | DoS | |
CVE-2022-21981 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
CVE-2022-22000 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
CVE-2022-21998 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | Info | |
CVE-2022-21994 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
CVE-2022-22712 | Windows Hyper-V Denial of Service Vulnerability | Important | 5.6 | No | No | DoS | |
CVE-2022-21992 | Windows Mobile Device Management Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
CVE-2022-21997 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.1 | No | No | EoP | |
CVE-2022-21999 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
CVE-2022-22717 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7 | No | No | EoP | |
CVE-2022-22718 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
CVE-2022-22001 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
CVE-2022-21985 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important | 5.5 | No | No | Info | |
CVE-2022-21971 | Windows Runtime Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
CVE-2022-21993 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | Important | 7.5 | No | No | Info | |
CVE-2022-22002 | Windows User Account Profile Picture Denial of Service Vulnerability | Important | 5.5 | No | No | DoS | |
CVE-2022-23261 | Microsoft Edge (Chromium-based) Tampering Vulnerability | Moderate | 5.3 | No | No | Tampering | |
CVE-2022-0452 | Chromium: CVE-2022-0452 Use after free in Safe Browsing | High | N/A | No | No | N/A | |
CVE-2022-0453 | Chromium: CVE-2022-0453 Use after free in Reader Mode | High | N/A | No | No | N/A | |
CVE-2022-0454 | Chromium: CVE-2022-0454 Heap buffer overflow in ANGLE | High | N/A | No | No | N/A | |
CVE-2022-0455 | Chromium: CVE-2022-0455 Inappropriate implementation in Full Screen Mode | High | N/A | No | No | N/A | |
CVE-2022-0456 | Chromium: CVE-2022-0456 Use after free in Web Search | High | N/A | No | No | N/A | |
CVE-2022-0457 | Chromium: CVE-2022-0457 Type Confusion in V8 | High | N/A | No | No | N/A | |
CVE-2022-0458 | Chromium: CVE-2022-0458 Use after free in Thumbnail Tab Strip | High | N/A | No | No | N/A | |
CVE-2022-0459 | Chromium: CVE-2022-0459 Use after free in Screen Capture | High | N/A | No | No | N/A | |
CVE-2022-0460 | Chromium: CVE-2022-0460 Use after free in Window Dialog | Medium | N/A | No | No | N/A | |
CVE-2022-0461 | Chromium: CVE-2022-0461 Policy bypass in COOP | Medium | N/A | No | No | N/A | |
CVE-2022-0462 | Chromium: CVE-2022-0462 Inappropriate implementation in Scroll | Medium | N/A | No | No | N/A | |
CVE-2022-0463 | Chromium: CVE-2022-0463 Use after free in Accessibility | Medium | N/A | No | No | N/A | |
CVE-2022-0464 | Chromium: CVE-2022-0464 Use after free in Accessibility | Medium | N/A | No | No | N/A | |
CVE-2022-0465 | Chromium: CVE-2022-0465 Use after free in Extensions | Medium | N/A | No | No | N/A | |
CVE-2022-0466 | Chromium: CVE-2022-0466 Inappropriate implementation in Extensions Platform | Medium | N/A | No | No | N/A | |
CVE-2022-0467 | Chromium: CVE-2022-0467 Inappropriate implementation in Pointer Lock | Medium | N/A | No | No | N/A | |
CVE-2022-0468 | Chromium: CVE-2022-0468 Use after free in Payments | Medium | N/A | No | No | N/A | |
CVE-2022-0469 | Chromium: CVE-2022-0469 Use after free in Cast | Medium | N/A | No | No | N/A | |
CVE-2022-0470 | Chromium: CVE-2022-0470 Out of bounds memory access in V8 | Low | N/A | No | No | N/A |
These are all the CVEs addressed with this month’s Patch Tuesday release. Overall, this was a pretty light and secure month, compared to previous situations.
The next Patch Tuesday batch of software will come on March 8 and we’re all curious to see what Microsoft comes up with until then.
Let’s all hope that we won’t have to deal with critical problems, and that’s it will only be smooth sailing from now on.
Was this article helpful to you? Share your opinion in the comments section below.
ncG1vNJzZmivmaOxsMPSq5ypp6Kpe6S7zGidnpqiqq6zxYxrZ2tqXaWuta%2FHZquunaOZrrp5kWg%3D