Security News > 2022 > February > A “light” February 2022 Patch Tuesday that should not be ignored

A “light” February 2022 Patch Tuesday that should not be ignored
2022-02-08 19:42

February 2022 Patch Tuesday is here and it's all-around "Light" - light in fixed CVE-numbered vulnerabilities, extremely light in critical fixes, and light in exploited vulnerabilities.

Mac users of Microsoft Outlook may also want to patch CVE-2022-23280, a feature bypass vulnerability, quickly.

Danny Kim, Principal Architect at Virsec, noted that it's interesting that Microsoft republished a CVE-2013-3900, a vulnerability from 2013, to notify customers that an update to Windows 10/11 is available that addresses it.

Satnam Narang, staff research engineer at Tenable, singled out four elevation of privilege vulnerabilities in its Windows Print Spooler, including two rated Exploitation More Likely.

"One of these two flaws, CVE-2022-21999, is credited to researchers at Sangfor, who were responsible for disclosing some of the PrintNightmare vulnerabilities last summer. Because of the ubiquity of Print Spooler, vulnerabilities like this have been leveraged by ransomware groups. Organizations should apply these patches as soon as possible," he advises.

Finally, Kevin Breen, Director of Cyber Threat Research at Immersive Labs, noted that Microsoft has released more patches for the same style of vulnerability as CVE-2022-21882, a vulnerability in Win32k that is being actively exploited in the wild, which prompted CISA to issue a directive to all federal agencies to mandate that patches be applied.


News URL

https://www.helpnetsecurity.com/2022/02/08/february-2022-patch-tuesday/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-09 CVE-2022-23280 Unspecified vulnerability in Microsoft Outlook 2016
Microsoft Outlook for Mac Security Feature Bypass Vulnerability
network
low complexity
microsoft
5.3
2022-02-09 CVE-2022-21999 Link Following vulnerability in Microsoft products
Windows Print Spooler Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-59
7.8
2022-01-11 CVE-2022-21882 Out-of-bounds Write vulnerability in Microsoft products
Win32k Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-787
7.8
2013-12-11 CVE-2013-3900 Improper Input Validation vulnerability in Microsoft products
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
0.0