Microsoft Patch Tuesday – February 2022

Patch Tuesday is once again upon us. The February 2022 edition of Patch Tuesday brings us 48 fixes, with 0 critical! We've listed the most important changes below.

⚡ TL;DR | Go Straight to the February 2022 Patch Tuesday Audit Report

Print Spooler Vulnerabilities Return

Amongst the non-critical patches this month are 4 Print Spooler vulnerability fixes. CVE-2022-22717, CVE-2022-22718, CVE-2022-21997, and CVE-2022-21999. Ranging from a CVSS base score of 7-7.8. Microsoft hasn't provided a lot of details, but these four fixes come only a few months after PrintNightmare caused a chain reaction which led to months of patches for the Print Spooler service.

Windows DNS Server RCE Vulnerability

The most severe Windows OS vulnerability of this month is CVE-2022-21984. With a CVSS base score of 8.1 it ranks at the top this month but Microsoft lists that servers are only vulnerable if dynamic updates are enabled. Further, according to Microsoft's exploitability assessment, exploitation is less likely.

Microsoft Dynamics Vulnerabilities

Just like the Print Spooler, Microsoft Dynamics gets 4 fixes. CVE-2022-23274, CVE-2022-23273, CVE-2022-23272, and CVE-2022-23271. The most severe of the four is a remote code execution vulnerability with a CVSS score of 8.3 that allows an authenticated user could send a specially-crafted SQL request to a Dynamics GP Web Service and perform remote code execution. If you are using Microsoft Dynamics GP, best you schedule your update in the near future.

Run the Patch Tuesday February 2022 Audit Report

To help manage your update progress, we've created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured

Patch Tuesday February 2022 CVE Codes & Titles

CVE NumberCVE Title
CVE-2022-23280Microsoft Outlook for Mac Security Feature Bypass Vulnerability
CVE-2022-23276SQL Server for Linux Containers Elevation of Privilege Vulnerability
CVE-2022-23274Microsoft Dynamics GP Remote Code Execution Vulnerability
CVE-2022-23273Microsoft Dynamics GP Elevation Of Privilege Vulnerability
CVE-2022-23272Microsoft Dynamics GP Elevation Of Privilege Vulnerability
CVE-2022-23271Microsoft Dynamics GP Elevation Of Privilege Vulnerability
CVE-2022-23269Microsoft Dynamics GP Spoofing Vulnerability
CVE-2022-23256Azure Data Explorer Spoofing Vulnerability
CVE-2022-23255Microsoft OneDrive for Android Security Feature Bypass Vulnerability
CVE-2022-23254Microsoft Power BI Elevation of Privilege Vulnerability
CVE-2022-23252Microsoft Office Information Disclosure Vulnerability
CVE-2022-22718Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-22717Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-22716Microsoft Excel Information Disclosure Vulnerability
CVE-2022-22715Named Pipe File System Elevation of Privilege Vulnerability
CVE-2022-22712Windows Hyper-V Denial of Service Vulnerability
CVE-2022-22710Windows Common Log File System Driver Denial of Service Vulnerability
CVE-2022-22709VP9 Video Extensions Remote Code Execution Vulnerability
CVE-2022-22005Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-22004Microsoft Office ClickToRun Remote Code Execution Vulnerability
CVE-2022-22003Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-22002Windows User Account Profile Picture Denial of Service Vulnerability
CVE-2022-22001Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2022-22000Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-21999Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-21998Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2022-21997Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-21996Win32k Elevation of Privilege Vulnerability
CVE-2022-21995Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-21994Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-21993Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
CVE-2022-21992Windows Mobile Device Management Remote Code Execution Vulnerability
CVE-2022-21991Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
CVE-2022-21989Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-21988Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-21987Microsoft SharePoint Server Spoofing Vulnerability
CVE-2022-21986.NET Denial of Service Vulnerability
CVE-2022-21985Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2022-21984Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-21981Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-21974Roaming Security Rights Management Services Remote Code Execution Vulnerability
CVE-2022-21971Windows Runtime Remote Code Execution Vulnerability
CVE-2022-21968Microsoft SharePoint Server Security Feature BypassVulnerability
CVE-2022-21965Microsoft Teams Denial of Service Vulnerability
CVE-2022-21957Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2022-21927HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2022-21926HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2022-21844HEVC Video Extensions Remote Code Execution Vulnerability

Receive the Latest Patch Tuesday Report for FREE Every Month

  • Hidden
  • This field is for validation purposes and should be left unchanged.

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​