Security News > 2022 > February > Microsoft manages a mere 51 security fixes for February update bundle
Microsoft for its February Patch Tuesday gave Windows admins just 51 fixes to apply, the smallest number of patches since the meager ration of 44 in August 2021.
Perhaps more noteworthy is that there's not a single critical CVE listed in the February patch list.
"Since dynamic updates aren't enabled by default, this doesn't get a critical rating. However, if your DNS servers do use dynamic updates, you should treat this bug as Critical."
As is now traditional, Adobe published a passel of patches, described in five security bulletins that cover a total of 17 vulnerabilities in Illustrator, Creative Cloud Desktop, After Effects, Photoshop, and Premiere Rush.
According to security firm Onapsis, three of the vulnerabilities - CVE-2022-22536, CVE-2022-22532 and CVE-2022-22533 - affect SAP's Internet Communication Manager, a core component of SAP's software.
US-CISA on Tuesday published an alert warning that these critical vulnerabilities expose organizations to data theft, fraud, business disruption, and ransomware.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/02/09/microsoft_patch_tuesday/
Related news
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- ‘Sneaky Log’ Microsoft Spoofing Scheme Sidesteps Two-Factor Security (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Microsoft: January Windows security updates break audio playback (source)
- Microsoft shares workaround for Windows security update issues (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-22536 | Unspecified vulnerability in SAP products SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. | 10.0 |
| 2022-02-09 | CVE-2022-22533 | Unspecified vulnerability in SAP Netweaver Application Server Java Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. | 7.5 |
| 2022-02-09 | CVE-2022-22532 | Unspecified vulnerability in SAP Netweaver Application Server Java In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. | 9.8 |