IaaS, Azure & IT News | Foundation IT

Patch Tuesday Update - Feb 22 | Foundation IT

Written by Dan Robinson | Feb 10, 2022 5:03:01 PM

Foundation IT's February 2022 Patching Blog

February is upon us – already. It doesn’t feel like it was that long ago since writing the January patching blog. Compared to January, February’s feels like a friendly patch Tuesday. There has been 1 zero-day fix, and quite a few Edge updates released. The overall size of the February patch push is relatively low as well, sitting at 48 fixes plus 22 Microsoft Edge fixes too. Let’s look in more detail.

Dan Robinson

Technical Support Engineer

(dan.robinson@foundation-it.com)

What’s been published?

Microsoft fixes published: 48

Of which:

  • Flagged as Critical: 0
  • Flagged as Important: 48 (not including Microsoft Edge)
  • Flagged as Moderate: 0

Zero-Days Fixed: 1

The full breakdown for this month’s patch Tuesday by vulnerability type is:

  • 16 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 16 Remote Code Execution Vulnerabilities
  • 5 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities
  • 22 Edge - Chromium Vulnerabilities

There is only 1 zero-day fix to discuss this month and that relates to CVE-2022-21989 which is entitled: Windows Kernel Elevation of Privilege Vulnerability. There is a CVSS severity score associated of 7.8. The good news is that there were no zero-day vulnerabilities actively exploited.

You can read more about this zero-day here.

Other vulnerabilities of interest resolved are:

  • CVE-2022-21984 (CVSS 8.8): Windows DNS Server Remote Code Execution Vulnerability
  • CVE-2022-22005 (CVSS 8.8): Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2022-23256 (CVSS 8.1): Azure Data Explorer Spoofing Vulnerability
  • CVE-2022-23274 (CVSS 8.3): Microsoft Dynamics GP Remote Code Execution Vulnerability

Worthy Mentions

  • Android – February security updates were released yesterday.
  • Cisco – Numerous security related product updates this month.
  • SAP – February security updates released.
  • VMware – No new security advisories yet, last was 31/01/2022
  • Intel – New advisories have been released and can reviewed here.

Summary

February 2022 patch Tuesday is roughly on par with the patch Tuesdays from previous years for the same month. You could say that Microsoft’s Edge is being as troublesome as we thought it would be due to the volume of updates and exploits which often come out of the woodwork. However as imagined, the updates for Windows 10 and Server 2016 are large in size. Windows 11 is more of pleasing size.

  • 2022-02 Windows Server 2016 (Cumulative Update) – 1541.5 MB
  • 2022-02 Windows 10 (1607 / 1507) – 1541.5 MB
  • 2022-02 Windows 11 (Cumulative) – 227.5 MB

Happy Patching!

Additional Details


All details of this months patches can be downloaded here

We have also curated a free downloadable Patching Best Practice Guide.
View full post