Categories: Microsoft

Microsoft February 2022 Patch Tuesday Fixes 48 flaws, 1 Zero-day

Microsoft February 2022 Patch Tuesday Fixes 48 flaws, 1 Zero-day

Today is Microsoft’s February 2022 Patch Tuesday, and with it comes fixes for one zero-day vulnerability and a total of 48 flaws.

Microsoft has fixed 48 vulnerabilities (not including 22 Microsoft Edge vulnerabilities ) with today’s update, with none of them classified as Critical.

Also Read: Battling Cyber Threats in 4 Simple Ways

The number for each type of vulnerability is listed below:

  • 16 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 16 Remote Code Execution Vulnerabilities
  • 5 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities
  • 22 Edge – Chromium Vulnerabilities

For information about the non-security Windows updates, you can read about today’s Windows 10 KB5010342 & KB5010345 updates and Windows 11’s KB5010386 update.

One zero-day fixed, none actively exploited

This month’s Patch Tuesday includes fixes for one publicly disclosed zero-day vulnerabilities. The good news is that there were no zero-day vulnerabilities actively exploited in attacks from this Patch Tuesday.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The publicly disclosed vulnerabilities fixes as part of the February 2022 Patch Tuesday are:

  • CVE-2022-21989 – Windows Kernel Elevation of Privilege Vulnerability

However, as many of these have public proof-of-concept exploits available, they will likely be exploited by threat actors soon.

Recent updates from other companies

Other vendors who released updates in February 2022 include:

The February 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the February 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Also Read: What is Smishing? How Can We Prevent It? Explained.

TagCVE IDCVE TitleSeverity
Azure Data ExplorerCVE-2022-23256Azure Data Explorer Spoofing VulnerabilityImportant
Kestrel Web ServerCVE-2022-21986.NET Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2022-21957Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23272Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23271Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23273Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23274Microsoft Dynamics GP Remote Code Execution VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23269Microsoft Dynamics GP Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0469Chromium: CVE-2022-0469 Use after free in CastUnknown
Microsoft Edge (Chromium-based)CVE-2022-0467Chromium: CVE-2022-0467 Inappropriate implementation in Pointer LockUnknown
Microsoft Edge (Chromium-based)CVE-2022-23261Microsoft Edge (Chromium-based) Tampering VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-0453Chromium: CVE-2022-0453 Use after free in Reader ModeUnknown
Microsoft Edge (Chromium-based)CVE-2022-23262Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0468Chromium: CVE-2022-0468 Use after free in PaymentsUnknown
Microsoft Edge (Chromium-based)CVE-2022-0452Chromium: CVE-2022-0452 Use after free in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2022-23263Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0462Chromium: CVE-2022-0462 Inappropriate implementation in ScrollUnknown
Microsoft Edge (Chromium-based)CVE-2022-0461Chromium: CVE-2022-0461 Policy bypass in COOPUnknown
Microsoft Edge (Chromium-based)CVE-2022-0460Chromium: CVE-2022-0460 Use after free in Window DialogUnknown
Microsoft Edge (Chromium-based)CVE-2022-0465Chromium: CVE-2022-0465 Use after free in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2022-0464Chromium: CVE-2022-0464 Use after free in AccessibilityUnknown
Microsoft Edge (Chromium-based)CVE-2022-0463Chromium: CVE-2022-0463 Use after free in AccessibilityUnknown
Microsoft Edge (Chromium-based)CVE-2022-0459Chromium: CVE-2022-0459 Use after free in Screen CaptureUnknown
Microsoft Edge (Chromium-based)CVE-2022-0455Chromium: CVE-2022-0455 Inappropriate implementation in Full Screen ModeUnknown
Microsoft Edge (Chromium-based)CVE-2022-0454Chromium: CVE-2022-0454 Heap buffer overflow in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2022-0466Chromium: CVE-2022-0466 Inappropriate implementation in Extensions PlatformUnknown
Microsoft Edge (Chromium-based)CVE-2022-0458Chromium: CVE-2022-0458 Use after free in Thumbnail Tab StripUnknown
Microsoft Edge (Chromium-based)CVE-2022-0457Chromium: CVE-2022-0457 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-0456Chromium: CVE-2022-0456 Use after free in Web SearchUnknown
Microsoft Edge (Chromium-based)CVE-2022-0470Chromium: CVE-2022-0470 Out of bounds memory access in V8Unknown
Microsoft OfficeCVE-2022-22004Microsoft Office ClickToRun Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2022-22003Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2022-23252Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2022-22716Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office OutlookCVE-2022-23280Microsoft Outlook for Mac Security Feature Bypass VulnerabilityImportant
Microsoft Office SharePointCVE-2022-21987Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2022-21968Microsoft SharePoint Server Security Feature BypassVulnerabilityImportant
Microsoft Office SharePointCVE-2022-22005Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-21988Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft OneDriveCVE-2022-23255Microsoft OneDrive for Android Security Feature Bypass VulnerabilityImportant
Microsoft TeamsCVE-2022-21965Microsoft Teams Denial of Service VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21844HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21927HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21926HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-22709VP9 Video Extensions Remote Code Execution VulnerabilityImportant
Power BICVE-2022-23254Microsoft Power BI Elevation of Privilege VulnerabilityImportant
Roaming Security Rights Management ServicesCVE-2022-21974Roaming Security Rights Management Services Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-21984Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-21995Windows Hyper-V Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-22712Windows Hyper-V Denial of Service VulnerabilityImportant
SQL ServerCVE-2022-23276SQL Server for Linux Containers Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2022-21991Visual Studio Code Remote Development Extension Remote Code Execution VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-22000Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-22710Windows Common Log File System Driver Denial of Service VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-21981Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-21998Windows Common Log File System Driver Information Disclosure VulnerabilityImportant
Windows DWM Core LibraryCVE-2022-21994Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-21989Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-21992Windows Mobile Device Management Remote Code Execution VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2022-21993Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant
Windows Named Pipe File SystemCVE-2022-22715Named Pipe File System Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22718Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22717Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-21999Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-21997Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-21985Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-22001Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-21971Windows Runtime Remote Code Execution VulnerabilityImportant
Windows User Account ProfileCVE-2022-22002Windows User Account Profile Picture Denial of Service VulnerabilityImportant
Windows Win32KCVE-2022-21996Win32k Elevation of Privilege VulnerabilityImportant

Privacy Ninja

Published by
Privacy Ninja
2 years ago

Recent Posts

Strengthening Cybersecurity: The Fundamental Role of Password Security

The Fundamental Role of Password Security that every Organisation in Singapore should know. Strengthening Cybersecurity:…

2 weeks ago

Prioritizing Website Security: The Importance of Security Testing

The Importance of Security Testing that every Organisation in Singapore should know. Prioritizing Website Security:…

2 weeks ago

Role of Enhanced Access Controls in Safeguarding Personal Data in Telecommunications

Role of Enhanced Access Controls in Safeguarding Personal Data in Telecommunications that every Organisation in…

3 weeks ago

Role of Effective Incident Response Procedures in Strengthening Data Security

Effective Incident Response Procedures in Strengthening Data Security that every Organisation in Singapore should know…

3 weeks ago

Strengthening Your Cyber Defenses: The Crucial Role of Regular Vulnerability Scanning

Crucial Role of Regular Vulnerability Scanning that every Organisation in Singapore should know. Strengthening Your…

3 weeks ago

Enhancing Data Security with Multi-Factor Authentication

Enhancing Data Security with Multi-Factor Authentication that every Organisation in Singapore should know. Enhancing Data…

4 weeks ago