Microsoft Patch Tuesday February 2022

Microsoft patched 48 CVEs in the February 2022 Patch Tuesday release, with all 48 rated as important. While none of the patches address bugs that earned Microsoft’s most dire “critical” rating, there are multiple “remote code execution” vulnerabilities.

This month’s update includes patches for:

• Azure Data Explorer
• Kestrel Web Server
• Microsoft Dynamics
• Microsoft Dynamics GP
• Microsoft Edge (Chromium-based)
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office Outlook
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft OneDrive
• Microsoft Teams
• Microsoft Windows Codecs Library
• Power BI
• Roaming Security Rights Management Services
• Role: DNS Server
• Role: Windows Hyper-V
• SQL Server
• Visual Studio Code
• Windows Common Log File System Driver
• Windows DWM Core Library
• Windows Kernel
• Windows Kernel-Mode Drivers
• Windows Named Pipe File System
• Windows Print Spooler Components
• Windows Remote Access Connection Manager
• Windows Remote Procedure Call Runtime
• Windows User Account Profile
• Windows Win32K

The number for each type of vulnerability is listed below:

• 16 Elevation of Privilege Vulnerabilities
• 3 Security Feature Bypass Vulnerabilities
• 16 Remote Code Execution Vulnerabilities
• 5 Information Disclosure Vulnerabilities
• 5 Denial of Service Vulnerabilities
• 3 Spoofing Vulnerabilities
• 22 Edge – Chromium Vulnerabilities

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-21989 is an EoP vulnerability in the Windows Kernel and the only zero-day vulnerability addressed this month. This vulnerability is more likely to be exploited, however it has not been actively exploited at the time this blog was published. The advisory does note that an attacker needs to take additional actions prior to exploitation of this vulnerability, which is evident by the “High” rating for “Attack Complexity” in the CVSSv3 score of 7.8.

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2022-22005 is a RCE vulnerability in Microsoft SharePoint Server with a CVSSv3 score of 8.8. Microsoft rates this as “exploitation more likely,” however at this time no public proof-of-concept appears to exist. In order to exploit this vulnerability, an attacker would need to be authenticated and have the ability to create pages in SharePoint.

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2022-21999, CVE-2022-22718, CVE-2022-22717 and CVE-2022-21997 are EoP vulnerabilities in Windows Print Spooler. CVE-2022-21999 and CVE-2022-22718 received CVSSv3 scores of 7.8 and were rated Exploitation More Likely. CVE-2022-22717 (CVSSv3 7.0) and CVE-2022-21997 (CVSSv3 7.1) were rated Less Likely.

Win32k Elevation of Privilege Vulnerability

CVE-2022-21996 is an EoP vulnerability in Microsoft’s Win32k, a core kernel-side driver used in Windows. This vulnerability received a CVSSv3 score of 7.8 and is more likely to be exploited according to Microsoft. This vulnerability is similar to another EoP flaw from January’s Patch Tuesday  release, CVE-2022-21882. CVE-2022-21882 has been actively exploited in the wild by threat actors, CVE-2022-21882 is a patch bypass for another vulnerability, CVE-2021-1732.

Named Pipe File System Elevation of Privilege Vulnerability

CVE-2022-22715 is an EoP vulnerability in the Named Pipe File System. It is rated as Exploitation More Likely. To exploit this flaw, an attacker would need to have established a presence on the vulnerable system in order to run a specially crafted application. Successful exploitation would allow an attacker to run processes with elevated privileges.