Security News > 2022 > February > A “light” February 2022 Patch Tuesday that should not be ignored
February 2022 Patch Tuesday is here and it's all-around "Light" - light in fixed CVE-numbered vulnerabilities, extremely light in critical fixes, and light in exploited vulnerabilities.
Mac users of Microsoft Outlook may also want to patch CVE-2022-23280, a feature bypass vulnerability, quickly.
Danny Kim, Principal Architect at Virsec, noted that it's interesting that Microsoft republished a CVE-2013-3900, a vulnerability from 2013, to notify customers that an update to Windows 10/11 is available that addresses it.
Satnam Narang, staff research engineer at Tenable, singled out four elevation of privilege vulnerabilities in its Windows Print Spooler, including two rated Exploitation More Likely.
"One of these two flaws, CVE-2022-21999, is credited to researchers at Sangfor, who were responsible for disclosing some of the PrintNightmare vulnerabilities last summer. Because of the ubiquity of Print Spooler, vulnerabilities like this have been leveraged by ransomware groups. Organizations should apply these patches as soon as possible," he advises.
Finally, Kevin Breen, Director of Cyber Threat Research at Immersive Labs, noted that Microsoft has released more patches for the same style of vulnerability as CVE-2022-21882, a vulnerability in Win32k that is being actively exploited in the wild, which prompted CISA to issue a directive to all federal agencies to mandate that patches be applied.
News URL
https://www.helpnetsecurity.com/2022/02/08/february-2022-patch-tuesday/
Related news
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-23280 | Unspecified vulnerability in Microsoft Outlook 2016 Microsoft Outlook for Mac Security Feature Bypass Vulnerability | 0.0 |
| 2022-02-09 | CVE-2022-21999 | Link Following vulnerability in Microsoft products Windows Print Spooler Elevation of Privilege Vulnerability | 0.0 |
| 2022-01-11 | CVE-2022-21882 | Out-of-bounds Write vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |
| 2013-12-11 | CVE-2013-3900 | Improper Verification of Cryptographic Signature vulnerability in Microsoft products Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. | 5.5 |