Report Name: Microsoft Patch Tuesday, February 2022
Generated: 2022-02-27 13:44:11

Product Name	Prevalence	U	C	H	M	L	Comment
Named Pipe File System	0.9				1		Windows component
Windows DNS Server	0.9			1			Windows DNS Server
Windows Kernel	0.9		1		1		Windows Kernel
Windows Win32k	0.9				1		Windows kernel-mode driver
Microsoft Edge	0.8			6	33	6	Web browser
Roaming Security Rights Management Services	0.8		1				Roaming Security Rights Management Services
Windows Authenticode	0.8		1				Windows component
Windows Common Log File System Driver	0.8				4		Windows component
Windows DWM Core Library	0.8				1		Windows component
Windows Print Spooler	0.8			2	2		Windows component
Windows Remote Access Connection Manager	0.8				2		Windows component
Windows Services for NFS ONCRPC XDR Driver	0.8				1		Windows component
Windows User Account Profile Picture	0.8				1		Windows component
.NET	0.7				1		.NET
HEVC Video Extensions	0.7			3			HEVC Video Extensions
Microsoft SharePoint	0.7			1	2		Microsoft SharePoint
VP9 Video Extensions	0.7			1			VP9 is an open and royalty-free video coding format developed by Google
Windows Mobile Device Management	0.7			1			Windows Mobile Device Management
Microsoft Dynamics GP	0.6			1	4		Microsoft Dynamics GP is a mid-market business accounting software or ERP software package
Microsoft Excel	0.6				1		MS Office product
Microsoft Office	0.6				1		Microsoft Office
Microsoft Office ClickToRun	0.6			1			Microsoft Office ClickToRun
Microsoft Office Graphics	0.6			1			Microsoft Office Graphics
Microsoft Office Visio	0.6			1			Microsoft Visio
Microsoft Outlook	0.6				1		MS Office product
SQL Server for Linux Containers	0.6				1		SQL Server for Linux Containers
Teams	0.6				1		MS Office product
Windows Hyper-V	0.6			1	1		Hardware virtualization component of the client editions of Windows NT
Microsoft Dynamics 365	0.5				1		Microsoft Dynamics 365 is a product line of enterprise resource planning (ERP) and customer relationship management (CRM) intelligent business applications
Azure	0.4				1		Azure
Microsoft OneDrive for Android	0.4				1		Microsoft OneDrive for Android
Power BI	0.3				1		Power BI is a business analytics service by Microsoft
Visual Studio Code	0.3				1		Integrated development environment

Vulnerability Type	Criticality	U	C	H	M	L	Comment
Remote Code Execution	1.0		3	12	2		Remote Code Execution
Security Feature Bypass	0.9			5	4		Security Feature Bypass
Denial of Service	0.7				5		Denial of Service
Memory Corruption	0.6			1	28		Memory Corruption
Elevation of Privilege	0.5			2	15		Elevation of Privilege
Information Disclosure	0.4				6		Information Disclosure
Spoofing	0.4				4		Spoofing
Tampering	0.3				1		Tampering
Unknown Vulnerability Type	0					6	Unknown Vulnerability Type

Urgent (0)

Critical (3)

1. Remote Code Execution - Windows Kernel (CVE-2022-21971) - Critical [710]

Description: Windows Runtime Remote Code Execution Vulnerability.

2. Remote Code Execution - Roaming Security Rights Management Services (CVE-2022-21974) - Critical [691]

Description: Roaming Security Rights Management Services Remote Code Execution Vulnerability.

3. Remote Code Execution - Windows Authenticode (CVE-2013-3900) - Critical [691]

Description: WinVerifyTrust Signature Validation Vulnerability. Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, the information herein remains unchanged from the original text published on December 10, 2013. Microsoft does not plan to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. This behavior remains available as an opt-in feature via reg key setting, and is available on supported editions of Windows released since December 10, 2013. This includes all currently supported versions of Windows 10 and Windows 11. The reg key already exists in Window 10 and Window 11, so no security update is required but the reg key must be set. See the Security Updates table for the list of affected software. Vulnerability Description A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable (PE) files. An anonymous attacker could exploit the vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of this vulnerability requires that a user or application run or install a specially crafted, signed PE file. An attacker could modify an existing signed file to include malicious code without invalidating the signature. This code would execute in the context of the privilege in which the signed PE file was launched. In an email attack scenario, an attacker could exploit this vulnerability by sending a user an email message containing the specially crafted PE file and convincing the user to open the file. In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted PE file. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit this vulnerability. An attacker would have no way to force users to visit a website that is hosting the specially crafted PE file. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that directs them to the attacker's website. Update History On December 10, 2013, Microsoft released an update for all supported releases of Microsoft Windows that changes how signatures are verified for binaries signed with the Windows Authenticode signature format. This change can be enabled on an opt-in basis. When enabled, the new behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure, and Windows will no longer recognize non-compliant binaries as signed. On July 29, 2014 Microsoft announced that it no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. To this date, it remains available as an opt-in feature in all currently supported releases of Microsoft Windows. Recommendation. Microsoft recommends that executables authors consider conforming all signed binaries to the new verification standard by ensuring that they contain no extraneous information in the WIN_CERTIFICATE structure. Microsoft also recommends that customers appropriately test this change to evaluate how it will behave in their environments. Please see the Suggested Actions section for more information.

MS PT Extended: CVE-2013-3900 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

High (20)

4. Elevation of Privilege - Windows Print Spooler (CVE-2022-21999) - High [590]

Description: Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-22717, CVE-2022-22718.

tenable: CVE-2022-21999, CVE-2022-22718, CVE-2022-22717 and CVE-2022-21997 are EoP vulnerabilities in Windows Print Spooler. CVE-2022-21999 and CVE-2022-22718 received CVSSv3 scores of 7.8 and were rated Exploitation More Likely. CVE-2022-22717 (CVSSv3 7.0) and CVE-2022-21997 (CVSSv3 7.1) were rated Less Likely. Discovery of CVE-2022-21999 was credited to Xuefeng Li and Zhiniang Peng of Sangfor at the Tianfu Cup. These are the same researchers who disclosed CVE-2021-34527, kicking off the PrintNightmare saga in June 2021. CVE-2022-21997 was disclosed by Bo Wu and CVE-2022-22717 was credited to Thibault Van Geluwe de Berlaere with Mandiant. As researchers continue to focus their time on discovering flaws in Print Spooler, it is likely that attackers are as well, therefore organizations should apply these updates urgently.

zdi: Speaking of Dynamics GP, there are three patches fixing elevation of privilege (EoP) bugs in the component. Those are three of the 18 EoP patches in this month’s release. This includes an update for the Windows Kernel that is listed as publicly known. The remaining patches are mostly in other Windows components and require a logged-on user to execute a specially crafted program. The other EoP updates that stand out fix vulnerabilities in the Windows Print Spooler. Ever since PrintNightmare, the print spooler has been an attractive target for attackers and researchers alike. Pay special attention to CVE-2022-21999 since it was reported during the Tianfu Cup. Other bugs associated with this contest have been used in active attacks.

5. Elevation of Privilege - Windows Print Spooler (CVE-2022-22718) - High [590]

Description: Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-21999, CVE-2022-22717.

tenable: CVE-2022-21999, CVE-2022-22718, CVE-2022-22717 and CVE-2022-21997 are EoP vulnerabilities in Windows Print Spooler. CVE-2022-21999 and CVE-2022-22718 received CVSSv3 scores of 7.8 and were rated Exploitation More Likely. CVE-2022-22717 (CVSSv3 7.0) and CVE-2022-21997 (CVSSv3 7.1) were rated Less Likely. Discovery of CVE-2022-21999 was credited to Xuefeng Li and Zhiniang Peng of Sangfor at the Tianfu Cup. These are the same researchers who disclosed CVE-2021-34527, kicking off the PrintNightmare saga in June 2021. CVE-2022-21997 was disclosed by Bo Wu and CVE-2022-22717 was credited to Thibault Van Geluwe de Berlaere with Mandiant. As researchers continue to focus their time on discovering flaws in Print Spooler, it is likely that attackers are as well, therefore organizations should apply these updates urgently.

6. Remote Code Execution - Windows DNS Server (CVE-2022-21984) - High [494]

Description: Windows DNS Server Remote Code Execution Vulnerability.

rapid7: Despite the lack of Critical fixes, it’s worth remembering that attackers love to use elevation of privilege vulnerabilities, of which there are 18 this month. RCE vulnerabilities are also important to patch, even if they may not be considered “wormable.” In terms of prioritization, defenders should first focus on patching server systems. SharePoint has RCE (CVE-2022-22005), Security Feature Bypass (CVE-2022-21968), and Spoofing (CVE-2022-21987) vulnerabilities getting fixed today. CVE-2022-21984 is an RCE affecting DNS Server. Microsoft Dynamics administrators should also be aware that there are six CVEs being patched, including 2 RCEs, 3 allowing elevation of privilege, and a spoofing vulnerability.

zdi: CVE-2022-21984 – Windows DNS Server Remote Code Execution Vulnerability. This patch fixes a remote code execution bug in the Microsoft DNS server. The server is only affected if dynamic updates are enabled, but this is a relatively common configuration. If you have this setup in your environment, an attacker could completely take over your DNS and execute code with elevated privileges. Since dynamic updates aren’t enabled by default, this doesn’t get a Critical rating. However, if your DNS servers do use dynamic updates, you should treat this bug as Critical.

7. Remote Code Execution - Microsoft SharePoint (CVE-2022-22005) - High [456]

Description: Microsoft SharePoint Server Remote Code Execution Vulnerability.

tenable: CVE-2022-22005 is a RCE vulnerability in Microsoft SharePoint Server with a CVSSv3 score of 8.8. Microsoft rates this as “exploitation more likely,” however at this time no public proof-of-concept appears to exist. In order to exploit this vulnerability, an attacker would need to be authenticated and have the ability to create pages in SharePoint.

rapid7: Despite the lack of Critical fixes, it’s worth remembering that attackers love to use elevation of privilege vulnerabilities, of which there are 18 this month. RCE vulnerabilities are also important to patch, even if they may not be considered “wormable.” In terms of prioritization, defenders should first focus on patching server systems. SharePoint has RCE (CVE-2022-22005), Security Feature Bypass (CVE-2022-21968), and Spoofing (CVE-2022-21987) vulnerabilities getting fixed today. CVE-2022-21984 is an RCE affecting DNS Server. Microsoft Dynamics administrators should also be aware that there are six CVEs being patched, including 2 RCEs, 3 allowing elevation of privilege, and a spoofing vulnerability.

zdi: CVE-2022-22005 – Microsoft SharePoint Server Remote Code Execution Vulnerability. This patch fixes a bug in SharePoint Server that could allow an authenticated user to execute any arbitrary .NET code on the server under the context and permissions of the service account of SharePoint Web Application. An attacker would need “Manage Lists” permissions to exploit this, by default, authenticated users are able to create their own sites and, in this case, the user will be the owner of this site and will have all necessary permissions. This case came through the ZDI, and we’ll have additional details out about it in the near future.

8. Remote Code Execution - HEVC Video Extensions (CVE-2022-21844) - High [443]

Description: HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21926, CVE-2022-21927.

9. Remote Code Execution - HEVC Video Extensions (CVE-2022-21926) - High [443]

Description: HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21927.

10. Remote Code Execution - HEVC Video Extensions (CVE-2022-21927) - High [443]

Description: HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21926.

11. Remote Code Execution - VP9 Video Extensions (CVE-2022-22709) - High [443]

Description: VP9 Video Extensions Remote Code Execution Vulnerability.

12. Remote Code Execution - Windows Mobile Device Management (CVE-2022-21992) - High [443]

Description: Windows Mobile Device Management Remote Code Execution Vulnerability.

13. Security Feature Bypass - Microsoft Edge (CVE-2022-0291) - High [428]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0291 Inappropriate implementation in Storage. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2022-0291 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

14. Security Feature Bypass - Microsoft Edge (CVE-2022-0292) - High [428]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0292 Inappropriate implementation in Fenced Frames. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2022-0292 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

15. Security Feature Bypass - Microsoft Edge (CVE-2022-0294) - High [428]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0294 Inappropriate implementation in Push messaging. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2022-0294 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

16. Security Feature Bypass - Microsoft Edge (CVE-2022-0305) - High [428]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0305 Inappropriate implementation in Service Worker API. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2022-0305 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

17. Security Feature Bypass - Microsoft Edge (CVE-2022-0309) - High [428]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0309 Inappropriate implementation in Autofill. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2022-0309 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

18. Remote Code Execution - Microsoft Dynamics GP (CVE-2022-23274) - High [424]

Description: Microsoft Dynamics GP Remote Code Execution Vulnerability.

19. Remote Code Execution - Microsoft Office ClickToRun (CVE-2022-22004) - High [424]

Description: Microsoft Office ClickToRun Remote Code Execution Vulnerability.

rapid7: On the client side, CVE-2022-22003 and CVE-2022-22004 are RCEs affecting Microsoft Office. Although this requires a local user to open a malicious file, these sorts of social engineering attacks are common and can be very effective. Updates should be rolled out to end users as soon as reasonably practicable.

20. Remote Code Execution - Microsoft Office Graphics (CVE-2022-22003) - High [424]

Description: Microsoft Office Graphics Remote Code Execution Vulnerability.

rapid7: On the client side, CVE-2022-22003 and CVE-2022-22004 are RCEs affecting Microsoft Office. Although this requires a local user to open a malicious file, these sorts of social engineering attacks are common and can be very effective. Updates should be rolled out to end users as soon as reasonably practicable.

21. Remote Code Execution - Microsoft Office Visio (CVE-2022-21988) - High [424]

Description: Microsoft Office Visio Remote Code Execution Vulnerability.

22. Remote Code Execution - Windows Hyper-V (CVE-2022-21995) - High [424]

Description: Windows Hyper-V Remote Code Execution Vulnerability.

zdi: CVE-2022-21995 – Windows Hyper-V Remote Code Execution Vulnerability. This patch fixes a guest-to-host escape in Hyper-V server. Microsoft marks the CVSS exploit complexity as High here stating an attacker, “must prepare the target environment to improve exploit reliability.” Since this is the case for most exploits, it’s not clear how this vulnerability is different. If you rely on Hyper-V servers in your enterprise, it’s recommended to treat this as a Critical update.

23. Memory Corruption - Microsoft Edge (CVE-2022-0290) - High [408]

Description: Chromium: CVE-2022-0290 Use after free in Site isolation. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0290 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

Medium (65)

24. Memory Corruption - Microsoft Edge (CVE-2022-0289) - Medium [394]

Description: Chromium: CVE-2022-0289 Use after free in Safe browsing. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0289 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

25. Memory Corruption - Microsoft Edge (CVE-2022-0293) - Medium [394]

Description: Chromium: CVE-2022-0293 Use after free in Web packaging. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0293 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

26. Memory Corruption - Microsoft Edge (CVE-2022-0295) - Medium [394]

Description: Chromium: CVE-2022-0295 Use after free in Omnibox. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0295 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

27. Memory Corruption - Microsoft Edge (CVE-2022-0296) - Medium [394]

Description: Chromium: CVE-2022-0296 Use after free in Printing. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0296 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

28. Memory Corruption - Microsoft Edge (CVE-2022-0297) - Medium [394]

Description: Chromium: CVE-2022-0297 Use after free in Vulkan. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0297 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

29. Memory Corruption - Microsoft Edge (CVE-2022-0298) - Medium [394]

Description: Chromium: CVE-2022-0298 Use after free in Scheduling. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0298 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

30. Memory Corruption - Microsoft Edge (CVE-2022-0300) - Medium [394]

Description: Chromium: CVE-2022-0300 Use after free in Text Input Method Editor. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0300 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

31. Memory Corruption - Microsoft Edge (CVE-2022-0302) - Medium [394]

Description: Chromium: CVE-2022-0302 Use after free in Omnibox. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0302 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

32. Memory Corruption - Microsoft Edge (CVE-2022-0304) - Medium [394]

Description: Chromium: CVE-2022-0304 Use after free in Bookmarks. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0304 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

33. Memory Corruption - Microsoft Edge (CVE-2022-0306) - Medium [394]

Description: Chromium: CVE-2022-0306 Heap buffer overflow in PDFium. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0306 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

34. Memory Corruption - Microsoft Edge (CVE-2022-0307) - Medium [394]

Description: Chromium: CVE-2022-0307 Use after free in Optimization Guide. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0307 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

35. Memory Corruption - Microsoft Edge (CVE-2022-0308) - Medium [394]

Description: Chromium: CVE-2022-0308 Use after free in Data Transfer. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0308 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

36. Memory Corruption - Microsoft Edge (CVE-2022-0310) - Medium [394]

Description: Chromium: CVE-2022-0310 Heap buffer overflow in Task Manager. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0310 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

37. Memory Corruption - Microsoft Edge (CVE-2022-0311) - Medium [394]

Description: Chromium: CVE-2022-0311 Heap buffer overflow in Task Manager. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0311 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

38. Remote Code Execution - Microsoft Dynamics 365 (CVE-2022-21957) - Medium [391]

Description: Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability.

39. Denial of Service - .NET (CVE-2022-21986) - Medium [382]

Description: .NET Denial of Service Vulnerability.

40. Memory Corruption - Microsoft Edge (CVE-2022-0301) - Medium [381]

Description: Chromium: CVE-2022-0301 Heap buffer overflow in DevTools. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0301 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

41. Elevation of Privilege - Named Pipe File System (CVE-2022-22715) - Medium [379]

Description: Named Pipe File System Elevation of Privilege Vulnerability.

tenable: CVE-2022-22715 is an EoP vulnerability in the Named Pipe File System. It is rated as Exploitation More Likely. To exploit this flaw, an attacker would need to have established a presence on the vulnerable system in order to run a specially crafted application. Successful exploitation would allow an attacker to run processes with elevated privileges. The vulnerability is credited to researchers at Kunlun Lab, who participated in the Tianfu Cup, China’s biggest hacking competition.

42. Elevation of Privilege - Windows Kernel (CVE-2022-21989) - Medium [379]

Description: Windows Kernel Elevation of Privilege Vulnerability.

tenable: CVE-2022-21989 is an EoP vulnerability in the Windows Kernel and the only zero-day vulnerability addressed this month. According to Microsoft’s Exploitability Index rating, this vulnerability is more likely to be exploited, however it has not been actively exploited at the time this blog was published. The advisory does note that an attacker needs to take additional actions prior to exploitation of this vulnerability, which is evident by the “High” rating for “Attack Complexity” in the CVSSv3 score of 7.8.

rapid7: Although 16 of this month’s vulnerabilities allow remote code execution (RCE), none carry a CVSS base score higher than 8.8. Only one vulnerability was publicly disclosed before today: CVE-2022-21989, an elevation of privilege vulnerability in the Windows Kernel. None of this month’s vulnerabilities have yet been seen exploited in the wild.

43. Elevation of Privilege - Windows Win32k (CVE-2022-21996) - Medium [379]

Description: Win32k Elevation of Privilege Vulnerability.

tenable: CVE-2022-21996 is an EoP vulnerability in Microsoft’s Win32k, a core kernel-side driver used in Windows. This vulnerability received a CVSSv3 score of 7.8 and is more likely to be exploited according to Microsoft. This vulnerability is similar to another EoP flaw from January’s Patch Tuesday release, CVE-2022-21882. CVE-2022-21882 has been actively exploited in the wild by threat actors and the Cybersecurity and Infrastructure Security Agency has added the vulnerability to it’s Known Exploited Vulnerabilities Catalog, requiring federal agencies to remediate the vulnerability by February 18. Interestingly enough, CVE-2022-21882 is a patch bypass for another vulnerability, CVE-2021-1732 according to RyeLv, one of the researchers credited with reporting the vulnerability to Microsoft.

44. Denial of Service - Windows Common Log File System Driver (CVE-2022-22710) - Medium [374]

Description: Windows Common Log File System Driver Denial of Service Vulnerability.

45. Denial of Service - Windows User Account Profile Picture (CVE-2022-22002) - Medium [374]

Description: Windows User Account Profile Picture Denial of Service Vulnerability.

46. Security Feature Bypass - Microsoft SharePoint (CVE-2022-21968) - Medium [368]

Description: Microsoft SharePoint Server Security Feature BypassVulnerability.

rapid7: Despite the lack of Critical fixes, it’s worth remembering that attackers love to use elevation of privilege vulnerabilities, of which there are 18 this month. RCE vulnerabilities are also important to patch, even if they may not be considered “wormable.” In terms of prioritization, defenders should first focus on patching server systems. SharePoint has RCE (CVE-2022-22005), Security Feature Bypass (CVE-2022-21968), and Spoofing (CVE-2022-21987) vulnerabilities getting fixed today. CVE-2022-21984 is an RCE affecting DNS Server. Microsoft Dynamics administrators should also be aware that there are six CVEs being patched, including 2 RCEs, 3 allowing elevation of privilege, and a spoofing vulnerability.

47. Remote Code Execution - Visual Studio Code (CVE-2022-21991) - Medium [367]

Description: Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability.

48. Denial of Service - Teams (CVE-2022-21965) - Medium [363]

Description: Microsoft Teams Denial of Service Vulnerability.

49. Security Feature Bypass - Microsoft Outlook (CVE-2022-23280) - Medium [363]

Description: Microsoft Outlook for Mac Security Feature Bypass Vulnerability.

zdi: CVE-2022-23280 – Microsoft Outlook for Mac Security Feature Bypass Vulnerability. This Outlook bug could allow images to appear in the Preview Pane automatically, even if this option is disabled. On its own, exploiting this will only expose the target's IP information. However, it’s possible a second bug affecting image rendering could be paired with this bug to allow remote code execution. If you are using Outlook for Mac, you should double-check to ensure your version has been updated to an unaffected version.

50. Elevation of Privilege - Microsoft Edge (CVE-2022-23263) - Medium [360]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262.

MS PT Extended: CVE-2022-23263 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

51. Elevation of Privilege - Windows Common Log File System Driver (CVE-2022-21981) - Medium [360]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22000.

52. Elevation of Privilege - Windows Common Log File System Driver (CVE-2022-22000) - Medium [360]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21981.

53. Elevation of Privilege - Windows DWM Core Library (CVE-2022-21994) - Medium [360]

Description: Windows DWM Core Library Elevation of Privilege Vulnerability.

54. Elevation of Privilege - Windows Remote Access Connection Manager (CVE-2022-22001) - Medium [360]

Description: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability.

55. Elevation of Privilege - Windows Print Spooler (CVE-2022-21997) - Medium [347]

Description: Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21999, CVE-2022-22717, CVE-2022-22718.

tenable: CVE-2022-21999, CVE-2022-22718, CVE-2022-22717 and CVE-2022-21997 are EoP vulnerabilities in Windows Print Spooler. CVE-2022-21999 and CVE-2022-22718 received CVSSv3 scores of 7.8 and were rated Exploitation More Likely. CVE-2022-22717 (CVSSv3 7.0) and CVE-2022-21997 (CVSSv3 7.1) were rated Less Likely. Discovery of CVE-2022-21999 was credited to Xuefeng Li and Zhiniang Peng of Sangfor at the Tianfu Cup. These are the same researchers who disclosed CVE-2021-34527, kicking off the PrintNightmare saga in June 2021. CVE-2022-21997 was disclosed by Bo Wu and CVE-2022-22717 was credited to Thibault Van Geluwe de Berlaere with Mandiant. As researchers continue to focus their time on discovering flaws in Print Spooler, it is likely that attackers are as well, therefore organizations should apply these updates urgently.

56. Elevation of Privilege - Windows Print Spooler (CVE-2022-22717) - Medium [347]

Description: Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-21999, CVE-2022-22718.

tenable: CVE-2022-21999, CVE-2022-22718, CVE-2022-22717 and CVE-2022-21997 are EoP vulnerabilities in Windows Print Spooler. CVE-2022-21999 and CVE-2022-22718 received CVSSv3 scores of 7.8 and were rated Exploitation More Likely. CVE-2022-22717 (CVSSv3 7.0) and CVE-2022-21997 (CVSSv3 7.1) were rated Less Likely. Discovery of CVE-2022-21999 was credited to Xuefeng Li and Zhiniang Peng of Sangfor at the Tianfu Cup. These are the same researchers who disclosed CVE-2021-34527, kicking off the PrintNightmare saga in June 2021. CVE-2022-21997 was disclosed by Bo Wu and CVE-2022-22717 was credited to Thibault Van Geluwe de Berlaere with Mandiant. As researchers continue to focus their time on discovering flaws in Print Spooler, it is likely that attackers are as well, therefore organizations should apply these updates urgently.

57. Information Disclosure - Windows Services for NFS ONCRPC XDR Driver (CVE-2022-21993) - Medium [340]

Description: Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability.

58. Security Feature Bypass - Microsoft OneDrive for Android (CVE-2022-23255) - Medium [339]

Description: Microsoft OneDrive for Android Security Feature Bypass Vulnerability.

59. Denial of Service - Windows Hyper-V (CVE-2022-22712) - Medium [336]

Description: Windows Hyper-V Denial of Service Vulnerability.

60. Elevation of Privilege - Microsoft Edge (CVE-2022-23262) - Medium [333]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263.

MS PT Extended: CVE-2022-23262 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

61. Security Feature Bypass - Microsoft Edge (CVE-2022-0461) - Medium [333]

Description: Chromium: CVE-2022-0461 Policy bypass in COOP. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0461 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

62. Elevation of Privilege - Microsoft Dynamics GP (CVE-2022-23272) - Medium [322]

Description: Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23271, CVE-2022-23273.

63. Elevation of Privilege - SQL Server for Linux Containers (CVE-2022-23276) - Medium [322]

Description: SQL Server for Linux Containers Elevation of Privilege Vulnerability.

64. Spoofing - Microsoft SharePoint (CVE-2022-21987) - Medium [321]

Description: Microsoft SharePoint Server Spoofing Vulnerability.

rapid7: Despite the lack of Critical fixes, it’s worth remembering that attackers love to use elevation of privilege vulnerabilities, of which there are 18 this month. RCE vulnerabilities are also important to patch, even if they may not be considered “wormable.” In terms of prioritization, defenders should first focus on patching server systems. SharePoint has RCE (CVE-2022-22005), Security Feature Bypass (CVE-2022-21968), and Spoofing (CVE-2022-21987) vulnerabilities getting fixed today. CVE-2022-21984 is an RCE affecting DNS Server. Microsoft Dynamics administrators should also be aware that there are six CVEs being patched, including 2 RCEs, 3 allowing elevation of privilege, and a spoofing vulnerability.

65. Information Disclosure - Windows Common Log File System Driver (CVE-2022-21998) - Medium [313]

Description: Windows Common Log File System Driver Information Disclosure Vulnerability.

66. Information Disclosure - Windows Remote Access Connection Manager (CVE-2022-21985) - Medium [313]

Description: Windows Remote Access Connection Manager Information Disclosure Vulnerability.

67. Elevation of Privilege - Microsoft Dynamics GP (CVE-2022-23271) - Medium [309]

Description: Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23272, CVE-2022-23273.

68. Elevation of Privilege - Microsoft Dynamics GP (CVE-2022-23273) - Medium [309]

Description: Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23271, CVE-2022-23272.

69. Spoofing - Microsoft Edge (CVE-2022-23258) - Medium [300]

Description: Microsoft Edge for Android Spoofing Vulnerability.

MS PT Extended: CVE-2022-23258 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

70. Spoofing - Microsoft Dynamics GP (CVE-2022-23269) - Medium [289]

Description: Microsoft Dynamics GP Spoofing Vulnerability.

71. Tampering - Microsoft Edge (CVE-2022-23261) - Medium [279]

Description: Microsoft Edge (Chromium-based) Tampering Vulnerability.

MS PT Extended: CVE-2022-23261 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

72. Information Disclosure - Microsoft Excel (CVE-2022-22716) - Medium [275]

Description: Microsoft Excel Information Disclosure Vulnerability.

73. Information Disclosure - Microsoft Office (CVE-2022-23252) - Medium [275]

Description: Microsoft Office Information Disclosure Vulnerability.

74. Memory Corruption - Microsoft Edge (CVE-2022-0452) - Medium [272]

Description: Chromium: CVE-2022-0452 Use after free in Safe Browsing. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0452 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

75. Memory Corruption - Microsoft Edge (CVE-2022-0453) - Medium [272]

Description: Chromium: CVE-2022-0453 Use after free in Reader Mode. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0453 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

76. Memory Corruption - Microsoft Edge (CVE-2022-0454) - Medium [272]

Description: Chromium: CVE-2022-0454 Heap buffer overflow in ANGLE. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0454 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

77. Memory Corruption - Microsoft Edge (CVE-2022-0456) - Medium [272]

Description: Chromium: CVE-2022-0456 Use after free in Web Search. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0456 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

78. Memory Corruption - Microsoft Edge (CVE-2022-0458) - Medium [272]

Description: Chromium: CVE-2022-0458 Use after free in Thumbnail Tab Strip. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0458 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

79. Memory Corruption - Microsoft Edge (CVE-2022-0459) - Medium [272]

Description: Chromium: CVE-2022-0459 Use after free in Screen Capture. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0459 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

80. Memory Corruption - Microsoft Edge (CVE-2022-0460) - Medium [272]

Description: Chromium: CVE-2022-0460 Use after free in Window Dialog. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0460 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

81. Memory Corruption - Microsoft Edge (CVE-2022-0463) - Medium [272]

Description: Chromium: CVE-2022-0463 Use after free in Accessibility. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0463 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

82. Memory Corruption - Microsoft Edge (CVE-2022-0464) - Medium [272]

Description: Chromium: CVE-2022-0464 Use after free in Accessibility. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0464 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

83. Memory Corruption - Microsoft Edge (CVE-2022-0465) - Medium [272]

Description: Chromium: CVE-2022-0465 Use after free in Extensions. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0465 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

84. Memory Corruption - Microsoft Edge (CVE-2022-0468) - Medium [272]

Description: Chromium: CVE-2022-0468 Use after free in Payments. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0468 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

85. Memory Corruption - Microsoft Edge (CVE-2022-0469) - Medium [272]

Description: Chromium: CVE-2022-0469 Use after free in Cast. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0469 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

86. Memory Corruption - Microsoft Edge (CVE-2022-0470) - Medium [272]

Description: Chromium: CVE-2022-0470 Out of bounds memory access in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-0470 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

87. Spoofing - Azure (CVE-2022-23256) - Medium [264]

Description: Azure Data Explorer Spoofing Vulnerability.

88. Information Disclosure - Power BI (CVE-2022-23254) - Medium [205]

Description: Microsoft Power BI Information Disclosure Vulnerability.

Low (6)

89. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0303) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0303 Race in GPU Watchdog. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2022-0303 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

90. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0455) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0455 Inappropriate implementation in Full Screen Mode. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2022-0455 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

91. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0457) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0457 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2022-0457 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

92. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0462) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0462 Inappropriate implementation in Scroll. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2022-0462 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

93. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0466) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0466 Inappropriate implementation in Extensions Platform. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2022-0466 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

94. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-0467) - Low [151]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-0467 Inappropriate implementation in Pointer Lock. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2022-0467 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

Exploitation in the wild detected (1)

Remote Code Execution (1)

• Windows Authenticode (CVE-2013-3900)

MS PT Extended: CVE-2013-3900 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

Public exploit exists, but exploitation in the wild is NOT detected (4)

Remote Code Execution (2)

• Windows Kernel (CVE-2022-21971)
• Roaming Security Rights Management Services (CVE-2022-21974)

Elevation of Privilege (2)

• Windows Print Spooler (CVE-2022-21999, CVE-2022-22718)

tenable: CVE-2022-21999, CVE-2022-22718, CVE-2022-22717 and CVE-2022-21997 are EoP vulnerabilities in Windows Print Spooler. CVE-2022-21999 and CVE-2022-22718 received CVSSv3 scores of 7.8 and were rated Exploitation More Likely. CVE-2022-22717 (CVSSv3 7.0) and CVE-2022-21997 (CVSSv3 7.1) were rated Less Likely. Discovery of CVE-2022-21999 was credited to Xuefeng Li and Zhiniang Peng of Sangfor at the Tianfu Cup. These are the same researchers who disclosed CVE-2021-34527, kicking off the PrintNightmare saga in June 2021. CVE-2022-21997 was disclosed by Bo Wu and CVE-2022-22717 was credited to Thibault Van Geluwe de Berlaere with Mandiant. As researchers continue to focus their time on discovering flaws in Print Spooler, it is likely that attackers are as well, therefore organizations should apply these updates urgently.

zdi: Speaking of Dynamics GP, there are three patches fixing elevation of privilege (EoP) bugs in the component. Those are three of the 18 EoP patches in this month’s release. This includes an update for the Windows Kernel that is listed as publicly known. The remaining patches are mostly in other Windows components and require a logged-on user to execute a specially crafted program. The other EoP updates that stand out fix vulnerabilities in the Windows Print Spooler. Ever since PrintNightmare, the print spooler has been an attractive target for attackers and researchers alike. Pay special attention to CVE-2022-21999 since it was reported during the Tianfu Cup. Other bugs associated with this contest have been used in active attacks.

Other Vulnerabilities (89)

Remote Code Execution (14)

• Windows DNS Server (CVE-2022-21984)

rapid7: Despite the lack of Critical fixes, it’s worth remembering that attackers love to use elevation of privilege vulnerabilities, of which there are 18 this month. RCE vulnerabilities are also important to patch, even if they may not be considered “wormable.” In terms of prioritization, defenders should first focus on patching server systems. SharePoint has RCE (CVE-2022-22005), Security Feature Bypass (CVE-2022-21968), and Spoofing (CVE-2022-21987) vulnerabilities getting fixed today. CVE-2022-21984 is an RCE affecting DNS Server. Microsoft Dynamics administrators should also be aware that there are six CVEs being patched, including 2 RCEs, 3 allowing elevation of privilege, and a spoofing vulnerability.

zdi: CVE-2022-21984 – Windows DNS Server Remote Code Execution Vulnerability. This patch fixes a remote code execution bug in the Microsoft DNS server. The server is only affected if dynamic updates are enabled, but this is a relatively common configuration. If you have this setup in your environment, an attacker could completely take over your DNS and execute code with elevated privileges. Since dynamic updates aren’t enabled by default, this doesn’t get a Critical rating. However, if your DNS servers do use dynamic updates, you should treat this bug as Critical.

• Microsoft SharePoint (CVE-2022-22005)

tenable: CVE-2022-22005 is a RCE vulnerability in Microsoft SharePoint Server with a CVSSv3 score of 8.8. Microsoft rates this as “exploitation more likely,” however at this time no public proof-of-concept appears to exist. In order to exploit this vulnerability, an attacker would need to be authenticated and have the ability to create pages in SharePoint.

rapid7: Despite the lack of Critical fixes, it’s worth remembering that attackers love to use elevation of privilege vulnerabilities, of which there are 18 this month. RCE vulnerabilities are also important to patch, even if they may not be considered “wormable.” In terms of prioritization, defenders should first focus on patching server systems. SharePoint has RCE (CVE-2022-22005), Security Feature Bypass (CVE-2022-21968), and Spoofing (CVE-2022-21987) vulnerabilities getting fixed today. CVE-2022-21984 is an RCE affecting DNS Server. Microsoft Dynamics administrators should also be aware that there are six CVEs being patched, including 2 RCEs, 3 allowing elevation of privilege, and a spoofing vulnerability.

zdi: CVE-2022-22005 – Microsoft SharePoint Server Remote Code Execution Vulnerability. This patch fixes a bug in SharePoint Server that could allow an authenticated user to execute any arbitrary .NET code on the server under the context and permissions of the service account of SharePoint Web Application. An attacker would need “Manage Lists” permissions to exploit this, by default, authenticated users are able to create their own sites and, in this case, the user will be the owner of this site and will have all necessary permissions. This case came through the ZDI, and we’ll have additional details out about it in the near future.

• HEVC Video Extensions (CVE-2022-21844, CVE-2022-21926, CVE-2022-21927)
• VP9 Video Extensions (CVE-2022-22709)
• Windows Mobile Device Management (CVE-2022-21992)
• Microsoft Dynamics GP (CVE-2022-23274)
• Microsoft Office ClickToRun (CVE-2022-22004)

rapid7: On the client side, CVE-2022-22003 and CVE-2022-22004 are RCEs affecting Microsoft Office. Although this requires a local user to open a malicious file, these sorts of social engineering attacks are common and can be very effective. Updates should be rolled out to end users as soon as reasonably practicable.

• Microsoft Office Graphics (CVE-2022-22003)

rapid7: On the client side, CVE-2022-22003 and CVE-2022-22004 are RCEs affecting Microsoft Office. Although this requires a local user to open a malicious file, these sorts of social engineering attacks are common and can be very effective. Updates should be rolled out to end users as soon as reasonably practicable.

• Microsoft Office Visio (CVE-2022-21988)
• Windows Hyper-V (CVE-2022-21995)

zdi: CVE-2022-21995 – Windows Hyper-V Remote Code Execution Vulnerability. This patch fixes a guest-to-host escape in Hyper-V server. Microsoft marks the CVSS exploit complexity as High here stating an attacker, “must prepare the target environment to improve exploit reliability.” Since this is the case for most exploits, it’s not clear how this vulnerability is different. If you rely on Hyper-V servers in your enterprise, it’s recommended to treat this as a Critical update.

• Microsoft Dynamics 365 (CVE-2022-21957)
• Visual Studio Code (CVE-2022-21991)

Security Feature Bypass (9)

• Microsoft Edge (CVE-2022-0291, CVE-2022-0292, CVE-2022-0294, CVE-2022-0305, CVE-2022-0309, CVE-2022-0461)

MS PT Extended: CVE-2022-0461 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0294 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0291 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0292 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0309 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0305 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

• Microsoft SharePoint (CVE-2022-21968)

rapid7: Despite the lack of Critical fixes, it’s worth remembering that attackers love to use elevation of privilege vulnerabilities, of which there are 18 this month. RCE vulnerabilities are also important to patch, even if they may not be considered “wormable.” In terms of prioritization, defenders should first focus on patching server systems. SharePoint has RCE (CVE-2022-22005), Security Feature Bypass (CVE-2022-21968), and Spoofing (CVE-2022-21987) vulnerabilities getting fixed today. CVE-2022-21984 is an RCE affecting DNS Server. Microsoft Dynamics administrators should also be aware that there are six CVEs being patched, including 2 RCEs, 3 allowing elevation of privilege, and a spoofing vulnerability.

• Microsoft Outlook (CVE-2022-23280)

zdi: CVE-2022-23280 – Microsoft Outlook for Mac Security Feature Bypass Vulnerability. This Outlook bug could allow images to appear in the Preview Pane automatically, even if this option is disabled. On its own, exploiting this will only expose the target's IP information. However, it’s possible a second bug affecting image rendering could be paired with this bug to allow remote code execution. If you are using Outlook for Mac, you should double-check to ensure your version has been updated to an unaffected version.

• Microsoft OneDrive for Android (CVE-2022-23255)

Memory Corruption (29)

• Microsoft Edge (CVE-2022-0289, CVE-2022-0290, CVE-2022-0293, CVE-2022-0295, CVE-2022-0296, CVE-2022-0297, CVE-2022-0298, CVE-2022-0300, CVE-2022-0301, CVE-2022-0302, CVE-2022-0304, CVE-2022-0306, CVE-2022-0307, CVE-2022-0308, CVE-2022-0310, CVE-2022-0311, CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0456, CVE-2022-0458, CVE-2022-0459, CVE-2022-0460, CVE-2022-0463, CVE-2022-0464, CVE-2022-0465, CVE-2022-0468, CVE-2022-0469, CVE-2022-0470)

MS PT Extended: CVE-2022-0311 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0456 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0289 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0464 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0460 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0306 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0453 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0463 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0300 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0454 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0293 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0296 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0465 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0298 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0308 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0469 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0458 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0470 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0468 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0302 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0295 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0452 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0310 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0307 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0297 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0301 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0304 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0290 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0459 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

Denial of Service (5)

• .NET (CVE-2022-21986)
• Windows Common Log File System Driver (CVE-2022-22710)
• Windows User Account Profile Picture (CVE-2022-22002)
• Teams (CVE-2022-21965)
• Windows Hyper-V (CVE-2022-22712)

Elevation of Privilege (15)

• Named Pipe File System (CVE-2022-22715)

tenable: CVE-2022-22715 is an EoP vulnerability in the Named Pipe File System. It is rated as Exploitation More Likely. To exploit this flaw, an attacker would need to have established a presence on the vulnerable system in order to run a specially crafted application. Successful exploitation would allow an attacker to run processes with elevated privileges. The vulnerability is credited to researchers at Kunlun Lab, who participated in the Tianfu Cup, China’s biggest hacking competition.

• Windows Kernel (CVE-2022-21989)

tenable: CVE-2022-21989 is an EoP vulnerability in the Windows Kernel and the only zero-day vulnerability addressed this month. According to Microsoft’s Exploitability Index rating, this vulnerability is more likely to be exploited, however it has not been actively exploited at the time this blog was published. The advisory does note that an attacker needs to take additional actions prior to exploitation of this vulnerability, which is evident by the “High” rating for “Attack Complexity” in the CVSSv3 score of 7.8.

rapid7: Although 16 of this month’s vulnerabilities allow remote code execution (RCE), none carry a CVSS base score higher than 8.8. Only one vulnerability was publicly disclosed before today: CVE-2022-21989, an elevation of privilege vulnerability in the Windows Kernel. None of this month’s vulnerabilities have yet been seen exploited in the wild.

• Windows Win32k (CVE-2022-21996)

tenable: CVE-2022-21996 is an EoP vulnerability in Microsoft’s Win32k, a core kernel-side driver used in Windows. This vulnerability received a CVSSv3 score of 7.8 and is more likely to be exploited according to Microsoft. This vulnerability is similar to another EoP flaw from January’s Patch Tuesday release, CVE-2022-21882. CVE-2022-21882 has been actively exploited in the wild by threat actors and the Cybersecurity and Infrastructure Security Agency has added the vulnerability to it’s Known Exploited Vulnerabilities Catalog, requiring federal agencies to remediate the vulnerability by February 18. Interestingly enough, CVE-2022-21882 is a patch bypass for another vulnerability, CVE-2021-1732 according to RyeLv, one of the researchers credited with reporting the vulnerability to Microsoft.

• Microsoft Edge (CVE-2022-23262, CVE-2022-23263)

MS PT Extended: CVE-2022-23263 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-23262 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

• Windows Common Log File System Driver (CVE-2022-21981, CVE-2022-22000)
• Windows DWM Core Library (CVE-2022-21994)
• Windows Remote Access Connection Manager (CVE-2022-22001)
• Windows Print Spooler (CVE-2022-21997, CVE-2022-22717)

tenable: CVE-2022-21999, CVE-2022-22718, CVE-2022-22717 and CVE-2022-21997 are EoP vulnerabilities in Windows Print Spooler. CVE-2022-21999 and CVE-2022-22718 received CVSSv3 scores of 7.8 and were rated Exploitation More Likely. CVE-2022-22717 (CVSSv3 7.0) and CVE-2022-21997 (CVSSv3 7.1) were rated Less Likely. Discovery of CVE-2022-21999 was credited to Xuefeng Li and Zhiniang Peng of Sangfor at the Tianfu Cup. These are the same researchers who disclosed CVE-2021-34527, kicking off the PrintNightmare saga in June 2021. CVE-2022-21997 was disclosed by Bo Wu and CVE-2022-22717 was credited to Thibault Van Geluwe de Berlaere with Mandiant. As researchers continue to focus their time on discovering flaws in Print Spooler, it is likely that attackers are as well, therefore organizations should apply these updates urgently.

• Microsoft Dynamics GP (CVE-2022-23271, CVE-2022-23272, CVE-2022-23273)
• SQL Server for Linux Containers (CVE-2022-23276)

Information Disclosure (6)

• Windows Services for NFS ONCRPC XDR Driver (CVE-2022-21993)
• Windows Common Log File System Driver (CVE-2022-21998)
• Windows Remote Access Connection Manager (CVE-2022-21985)
• Microsoft Excel (CVE-2022-22716)
• Microsoft Office (CVE-2022-23252)
• Power BI (CVE-2022-23254)

Spoofing (4)

• Microsoft SharePoint (CVE-2022-21987)

rapid7: Despite the lack of Critical fixes, it’s worth remembering that attackers love to use elevation of privilege vulnerabilities, of which there are 18 this month. RCE vulnerabilities are also important to patch, even if they may not be considered “wormable.” In terms of prioritization, defenders should first focus on patching server systems. SharePoint has RCE (CVE-2022-22005), Security Feature Bypass (CVE-2022-21968), and Spoofing (CVE-2022-21987) vulnerabilities getting fixed today. CVE-2022-21984 is an RCE affecting DNS Server. Microsoft Dynamics administrators should also be aware that there are six CVEs being patched, including 2 RCEs, 3 allowing elevation of privilege, and a spoofing vulnerability.

• Microsoft Edge (CVE-2022-23258)

MS PT Extended: CVE-2022-23258 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

• Microsoft Dynamics GP (CVE-2022-23269)
• Azure (CVE-2022-23256)

Tampering (1)

• Microsoft Edge (CVE-2022-23261)

MS PT Extended: CVE-2022-23261 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

Unknown Vulnerability Type (6)

• Microsoft Edge (CVE-2022-0303, CVE-2022-0455, CVE-2022-0457, CVE-2022-0462, CVE-2022-0466, CVE-2022-0467)

MS PT Extended: CVE-2022-0462 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0466 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0457 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0303 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0455 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07

MS PT Extended: CVE-2022-0467 was published before February 2022 Patch Tuesday from 2022-01-12 to 2022-02-07