Site icon TechNewsBoy.com

Microsoft February 2022 Patch Tuesday: 48 bugs squashed, one zero-day resolved | ZDNet

Naomi Gleit

Microsoft has released 48 security fixes for software, including a patch for a zero-day bug, but there are no critical-severity flaws on the list this month. 

In the Redmond giant’s latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, Microsoft has fixed problems including remote code execution (RCE) vulnerabilities, privilege escalation bugs, spoofing issues, information leaks, and policy bypass exploits. 

ZDNet Recommends

The best Surface PCs

Microsoft’s lineup of Surface PCs now covers a wide range of hardware factors and price points — and every model is Windows 11-ready.

Read More

Products impacted by February’s security update include the Windows Kernel, Hyper-V, Microsoft Outlook and Office, Azure Data Explorer, and Microsoft SharePoint. 

The single zero-day vulnerability, now patched by Microsoft, is CVE-2022-21989. Issued a CVSS severity score of 7.8, this bug — which is publicly known — can be exploited to escalate privileges via the kernel. However, it has not been issued a critical rating, as Microsoft says triggering the exploit “requires an attacker to take additional actions prior to exploitation to prepare the target environment.”

Some of the other vulnerabilities of interest in this update are: 

  • CVE-2022-21984 (CVSS 8.8): Windows DNS Server Remote Code Execution Vulnerability
  • CVE-2022-22005 (CVSS 8.8): Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2022-23256 (CVSS 8.1): Azure Data Explorer Spoofing Vulnerability
  • CVE-2022-23274 (CVSS 8.3): Microsoft Dynamics GP Remote Code Execution Vulnerability

According to the Zero Day Initiative (ZDI), the volume of fixes is roughly in line with past releases in the month of February, which aside from 2020, is approximately 50 CVEs.

Last month, Microsoft resolved six zero-day vulnerabilities in the first batch of security fixes for 2022. The previously-unknown bugs could be exploited for purposes including Man-in-The-Middle (MiTM) attacks, denial-of-service, spoofing, and remote code execution. 

Also: Microsoft is working on these new Windows 11 features hidden in test builds

A month prior, the tech giant tackled 67 security issues during December’s Patch Tuesday. A zero-day bug of note was being actively exploited by cybercriminals to spread Emotet malware.

Alongside Microsoft’s Patch Tuesday round, other vendors, too, have published security updates which can be accessed below.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here
Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version