Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Microsoft February 2022 Patch Tuesday Fixes 48 flaws, 1 Zero-day

Microsoft February 2022 Patch Tuesday Fixes 48 flaws, 1 Zero-day

Today is Microsoft’s February 2022 Patch Tuesday, and with it comes fixes for one zero-day vulnerability and a total of 48 flaws.

Microsoft has fixed 48 vulnerabilities (not including 22 Microsoft Edge vulnerabilities ) with today’s update, with none of them classified as Critical.

Also Read: Battling Cyber Threats in 4 Simple Ways

The number for each type of vulnerability is listed below:

  • 16 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 16 Remote Code Execution Vulnerabilities
  • 5 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities
  • 22 Edge – Chromium Vulnerabilities

For information about the non-security Windows updates, you can read about today’s Windows 10 KB5010342 & KB5010345 updates and Windows 11’s KB5010386 update.

One zero-day fixed, none actively exploited

This month’s Patch Tuesday includes fixes for one publicly disclosed zero-day vulnerabilities. The good news is that there were no zero-day vulnerabilities actively exploited in attacks from this Patch Tuesday.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The publicly disclosed vulnerabilities fixes as part of the February 2022 Patch Tuesday are:

  •  CVE-2022-21989 – Windows Kernel Elevation of Privilege Vulnerability

However, as many of these have public proof-of-concept exploits available, they will likely be exploited by threat actors soon.

Recent updates from other companies

Other vendors who released updates in February 2022 include:

The February 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the February 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Also Read: What is Smishing? How Can We Prevent It? Explained.

TagCVE IDCVE TitleSeverity
Azure Data ExplorerCVE-2022-23256Azure Data Explorer Spoofing VulnerabilityImportant
Kestrel Web ServerCVE-2022-21986.NET Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2022-21957Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23272Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23271Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23273Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23274Microsoft Dynamics GP Remote Code Execution VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23269Microsoft Dynamics GP Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0469Chromium: CVE-2022-0469 Use after free in CastUnknown
Microsoft Edge (Chromium-based)CVE-2022-0467Chromium: CVE-2022-0467 Inappropriate implementation in Pointer LockUnknown
Microsoft Edge (Chromium-based)CVE-2022-23261Microsoft Edge (Chromium-based) Tampering VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-0453Chromium: CVE-2022-0453 Use after free in Reader ModeUnknown
Microsoft Edge (Chromium-based)CVE-2022-23262Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0468Chromium: CVE-2022-0468 Use after free in PaymentsUnknown
Microsoft Edge (Chromium-based)CVE-2022-0452Chromium: CVE-2022-0452 Use after free in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2022-23263Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0462Chromium: CVE-2022-0462 Inappropriate implementation in ScrollUnknown
Microsoft Edge (Chromium-based)CVE-2022-0461Chromium: CVE-2022-0461 Policy bypass in COOPUnknown
Microsoft Edge (Chromium-based)CVE-2022-0460Chromium: CVE-2022-0460 Use after free in Window DialogUnknown
Microsoft Edge (Chromium-based)CVE-2022-0465Chromium: CVE-2022-0465 Use after free in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2022-0464Chromium: CVE-2022-0464 Use after free in AccessibilityUnknown
Microsoft Edge (Chromium-based)CVE-2022-0463Chromium: CVE-2022-0463 Use after free in AccessibilityUnknown
Microsoft Edge (Chromium-based)CVE-2022-0459Chromium: CVE-2022-0459 Use after free in Screen CaptureUnknown
Microsoft Edge (Chromium-based)CVE-2022-0455Chromium: CVE-2022-0455 Inappropriate implementation in Full Screen ModeUnknown
Microsoft Edge (Chromium-based)CVE-2022-0454Chromium: CVE-2022-0454 Heap buffer overflow in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2022-0466Chromium: CVE-2022-0466 Inappropriate implementation in Extensions PlatformUnknown
Microsoft Edge (Chromium-based)CVE-2022-0458Chromium: CVE-2022-0458 Use after free in Thumbnail Tab StripUnknown
Microsoft Edge (Chromium-based)CVE-2022-0457Chromium: CVE-2022-0457 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-0456Chromium: CVE-2022-0456 Use after free in Web SearchUnknown
Microsoft Edge (Chromium-based)CVE-2022-0470Chromium: CVE-2022-0470 Out of bounds memory access in V8Unknown
Microsoft OfficeCVE-2022-22004Microsoft Office ClickToRun Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2022-22003Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2022-23252Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2022-22716Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office OutlookCVE-2022-23280Microsoft Outlook for Mac Security Feature Bypass VulnerabilityImportant
Microsoft Office SharePointCVE-2022-21987Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2022-21968Microsoft SharePoint Server Security Feature BypassVulnerabilityImportant
Microsoft Office SharePointCVE-2022-22005Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-21988Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft OneDriveCVE-2022-23255Microsoft OneDrive for Android Security Feature Bypass VulnerabilityImportant
Microsoft TeamsCVE-2022-21965Microsoft Teams Denial of Service VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21844HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21927HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21926HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-22709VP9 Video Extensions Remote Code Execution VulnerabilityImportant
Power BICVE-2022-23254Microsoft Power BI Elevation of Privilege VulnerabilityImportant
Roaming Security Rights Management ServicesCVE-2022-21974Roaming Security Rights Management Services Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-21984Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-21995Windows Hyper-V Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-22712Windows Hyper-V Denial of Service VulnerabilityImportant
SQL ServerCVE-2022-23276SQL Server for Linux Containers Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2022-21991Visual Studio Code Remote Development Extension Remote Code Execution VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-22000Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-22710Windows Common Log File System Driver Denial of Service VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-21981Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-21998Windows Common Log File System Driver Information Disclosure VulnerabilityImportant
Windows DWM Core LibraryCVE-2022-21994Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-21989Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-21992Windows Mobile Device Management Remote Code Execution VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2022-21993Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant
Windows Named Pipe File SystemCVE-2022-22715Named Pipe File System Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22718Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22717Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-21999Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-21997Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-21985Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-22001Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-21971Windows Runtime Remote Code Execution VulnerabilityImportant
Windows User Account ProfileCVE-2022-22002Windows User Account Profile Picture Denial of Service VulnerabilityImportant
Windows Win32KCVE-2022-21996Win32k Elevation of Privilege VulnerabilityImportant

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us