Tripwire’s February 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.

First on the patch priority list this month is a vulnerability for Microsoft Windows LSA (CVE-2021-36942). This vulnerability has been added to Metasploit Exploit Framework and any vulnerable systems should be patched as soon as possible.

Up next are patches for Microsoft Edge that resolve over 20 vulnerabilities such as user after free, type confusion, heap buffer overflow, tampering, and elevation of privilege vulnerabilities.

Following Edge are patches for Microsoft Office, Excel, Outlook, Teams, and Visio. These patches resolve 7 vulnerabilities, including security feature bypass, remote code execution, denial of service, and information disclosure vulnerabilities.

Next are patches that affect components of the Windows operating systems. These patches resolve over 20 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, DWM Core Library, Windows Defender, NFS, Print Spooler, Named Pipe File System, and others.

Next are patches for the .NET Framework that resolve a denial of service vulnerability in the Kestrel Web Server and a remote code execution vulnerability in Visual Studio Code.

Lastly, administrators should focus on server-side patches for SharePoint, Hyper-V, Dynamics, DNS, SQL Server, and Power BI. These patches resolve numerous issues including remote code execution, elevation of privileges, security feature bypass, and spoofing vulnerabilities.

BULLETIN

CVE

Exploit Framework – Metasploit

CVE-2021-36942

Microsoft Edge (Chromium-based)

CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455, CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459, CVE-2022-0460, CVE-2022-0461, CVE-2022-0462, CVE-2022-0463, CVE-2022-0464, CVE-2022-0465, CVE-2022-0466, CVE-2022-0467, CVE-2022-0468, CVE-2022-0469, CVE-2022-0470, CVE-2022-23263,CVE-2022-23262,CVE-2022-23261

Microsoft Office Outlook

CVE-2022-23280

Microsoft Office Visio

CVE-2022-21988

Microsoft Teams

CVE-2022-21965

Microsoft Office Excel

CVE-2022-22716

Microsoft Office

CVE-2022-22004, CVE-2022-22003, CVE-2022-23252

Windows

CVE-2022-22002, CVE-2022-21989, CVE-2022-21992, CVE-2022-21994, CVE-2022-22001, CVE-2022-21985, CVE-2022-21971, CVE-2022-21996, CVE-2022-21974, CVE-2022-21993, CVE-2022-21997, CVE-2022-21999, CVE-2022-22717, CVE-2022-22718, CVE-2022-22710, CVE-2022-21981, CVE-2022-22000, CVE-2022-21998, CVE-2022-22715

.NET (Kestrel Web Server)

(Read more...)