Patch Tuesday is once again upon us. The February 2022 edition of Patch Tuesday brings us 48 fixes, with 0 critical! We’ve listed the most important changes below.
⚡ TL;DR | Go Straight to the February 2022 Patch Tuesday Audit Report
Print Spooler Vulnerabilities Return
Amongst the non-critical patches this month are 4 Print Spooler vulnerability fixes. CVE-2022-22717, CVE-2022-22718, CVE-2022-21997, and CVE-2022-21999. Ranging from a CVSS base score of 7-7.8. Microsoft hasn’t provided a lot of details, but these four fixes come only a few months after PrintNightmare caused a chain reaction which led to months of patches for the Print Spooler service.
Windows DNS Server RCE Vulnerability
The most severe Windows OS vulnerability of this month is CVE-2022-21984. With a CVSS base score of 8.1 it ranks at the top this month but Microsoft lists that servers are only vulnerable if dynamic updates are enabled. Further, according to Microsoft’s exploitability assessment, exploitation is less likely.
Microsoft Dynamics Vulnerabilities
Just like the Print Spooler, Microsoft Dynamics gets 4 fixes. CVE-2022-23274, CVE-2022-23273, CVE-2022-23272, and CVE-2022-23271. The most severe of the four is a remote code execution vulnerability with a CVSS score of 8.3 that allows an authenticated user could send a specially-crafted SQL request to a Dynamics GP Web Service and perform remote code execution. If you are using Microsoft Dynamics GP, best you schedule your update in the near future.
Run the Patch Tuesday February 2022 Audit Report
To help manage your update progress, we’ve created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured
Patch Tuesday February 2022 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2022-23280 | Microsoft Outlook for Mac Security Feature Bypass Vulnerability |
| CVE-2022-23276 | SQL Server for Linux Containers Elevation of Privilege Vulnerability |
| CVE-2022-23274 | Microsoft Dynamics GP Remote Code Execution Vulnerability |
| CVE-2022-23273 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability |
| CVE-2022-23272 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability |
| CVE-2022-23271 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability |
| CVE-2022-23269 | Microsoft Dynamics GP Spoofing Vulnerability |
| CVE-2022-23256 | Azure Data Explorer Spoofing Vulnerability |
| CVE-2022-23255 | Microsoft OneDrive for Android Security Feature Bypass Vulnerability |
| CVE-2022-23254 | Microsoft Power BI Elevation of Privilege Vulnerability |
| CVE-2022-23252 | Microsoft Office Information Disclosure Vulnerability |
| CVE-2022-22718 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-22717 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-22716 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2022-22715 | Named Pipe File System Elevation of Privilege Vulnerability |
| CVE-2022-22712 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2022-22710 | Windows Common Log File System Driver Denial of Service Vulnerability |
| CVE-2022-22709 | VP9 Video Extensions Remote Code Execution Vulnerability |
| CVE-2022-22005 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2022-22004 | Microsoft Office ClickToRun Remote Code Execution Vulnerability |
| CVE-2022-22003 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2022-22002 | Windows User Account Profile Picture Denial of Service Vulnerability |
| CVE-2022-22001 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2022-22000 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-21999 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-21998 | Windows Common Log File System Driver Information Disclosure Vulnerability |
| CVE-2022-21997 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-21996 | Win32k Elevation of Privilege Vulnerability |
| CVE-2022-21995 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2022-21994 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2022-21993 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability |
| CVE-2022-21992 | Windows Mobile Device Management Remote Code Execution Vulnerability |
| CVE-2022-21991 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability |
| CVE-2022-21989 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-21988 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2022-21987 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2022-21986 | .NET Denial of Service Vulnerability |
| CVE-2022-21985 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2022-21984 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2022-21981 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-21974 | Roaming Security Rights Management Services Remote Code Execution Vulnerability |
| CVE-2022-21971 | Windows Runtime Remote Code Execution Vulnerability |
| CVE-2022-21968 | Microsoft SharePoint Server Security Feature BypassVulnerability |
| CVE-2022-21965 | Microsoft Teams Denial of Service Vulnerability |
| CVE-2022-21957 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability |
| CVE-2022-21927 | HEVC Video Extensions Remote Code Execution Vulnerability |
| CVE-2022-21926 | HEVC Video Extensions Remote Code Execution Vulnerability |
| CVE-2022-21844 | HEVC Video Extensions Remote Code Execution Vulnerability |
"*" indicates required fields
Receive the Latest Patch Tuesday Report for FREE Every Month
