Microsoft Patch Tuesday – February 2022

Microsoft’s monthly batch of security updates has finally arrived, and it addresses some key vulnerabilities that have been recently affecting their products and systems. This iteration of Microsoft’s Patch Tuesday is the smallest for a while, featuring fixes for 48 total flaws (not including Microsoft Edge flaws); while there are no critical vulnerabilities covered by this patch, there is a fix for one zero-day that was publicly disclosed back in January.

This month’s Patch Tuesday release includes fixes for the following systems and products:

  • Azure Data Explorer
  • Kestrel Web Server
  • Microsoft Dynamics
  • Microsoft Dynamics GP
  • Microsoft Edge (Chromium-based)
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft OneDrive
  • Microsoft Teams
  • Microsoft Windows Codecs Library
  • Power BI
  • Roaming Security Rights Management Services
  • Role: DNS Server
  • Role: Windows Hyper-V
  • SQL Server
  • Visual Studio Code
  • Windows Common Log File System Driver
  • Windows DWM Core Library
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows Named Pipe File System
  • Windows Print Spooler Components
  • Windows Remote Access Connection Manager
  • Windows Remote Procedure Call Runtime
  • Windows User Account Profile
  • Windows Win32K

Important Notes

CVE-2022-21989 – Windows Kernel Elevation of Privilege Vulnerability

The most important vulnerability addressed this month is this privilege escalation zero-day that exists in Windows Kernel. Successful exploitation of this flaw could allow an attacker to elevate their privileges from a low privilege AppContainer, allowing them to gain access to critical systems and execute arbitrary code. This is a complex attack that will require preparation of the target system before exploiting; because of this, the attack complexity has been marked as high.

This vulnerability was publicly disclosed last month but has not yet been exploited in the wild. While no attacks have been observed yet, proof-of-concept exploits have been released, so expect to see threat actors taking advantage of this soon.

This zero-day was the most significant fix of this patch, while all other flaws were given a severity rating of Important or lower.

The rest of the patch contains fixes for:

  • 3 Spoofing Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 16 Remote Code Execution Vulnerabilities
  • 16 Elevation of Privilege Vulnerabilities
  • 5 Information Disclosure Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 22 Microsoft Edge Vulnerabilities

For a full list of this month’s updates please see the links below:

Patch Tuesday release notes:

Security update guide:

Ironshare – Security Simplified