Security News > 2022 > February > Microsoft manages a mere 51 security fixes for February update bundle
Microsoft for its February Patch Tuesday gave Windows admins just 51 fixes to apply, the smallest number of patches since the meager ration of 44 in August 2021.
Perhaps more noteworthy is that there's not a single critical CVE listed in the February patch list.
"Since dynamic updates aren't enabled by default, this doesn't get a critical rating. However, if your DNS servers do use dynamic updates, you should treat this bug as Critical."
As is now traditional, Adobe published a passel of patches, described in five security bulletins that cover a total of 17 vulnerabilities in Illustrator, Creative Cloud Desktop, After Effects, Photoshop, and Premiere Rush.
According to security firm Onapsis, three of the vulnerabilities - CVE-2022-22536, CVE-2022-22532 and CVE-2022-22533 - affect SAP's Internet Communication Manager, a core component of SAP's software.
US-CISA on Tuesday published an alert warning that these critical vulnerabilities expose organizations to data theft, fraud, business disruption, and ransomware.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/02/09/microsoft_patch_tuesday/
Related news
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- AI agents swarm Microsoft Security Copilot (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)
- Microsoft: Windows 'inetpub' folder created by security fix, don’t delete (source)
- Widespread Microsoft Entra lockouts tied to new security feature rollout (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-22536 | Unspecified vulnerability in SAP products SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. | 10.0 |
| 2022-02-09 | CVE-2022-22533 | Unspecified vulnerability in SAP Netweaver Application Server Java Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. | 7.5 |
| 2022-02-09 | CVE-2022-22532 | Unspecified vulnerability in SAP Netweaver Application Server Java In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. | 9.8 |