Patch Tuesday February 2022 – Microsoft Releases 76 Security Fixes. Log4j Criticality Reduced. Hunt Continues.
Patch Tuesday February 2022 Roundup
During the February patching bout, Microsoft addressed and fixed 76 security and non-security issues affecting machines running Windows 10 and Windows 11. Most of the issues patched by Microsoft in early and late February, have been earmarked “Important” with emphasis on Remote Code Execution, Escalation of Privileges, and Information Disclosure.
Patch Tuesday February 2022 Roundup
February’s Patch Tuesday brings a number of security fixes for Microsoft’s Dynamics GP, .NET, Windows Kernel, Windows Hyper-V, and the Chromium-based Edge browser. As pointed out in the intro, this month’s patching endeavor addresses vulnerabilities labeled as “Important”. Meanwhile, Microsoft did indeed manage to make consistent headway in plugging Log4j holes, but the hunt continues, with no predictable end in sight. Below, I have enclosed a list of February’s highlights in (fixed) vulnerabilities.
Here’s a drill-down of February’s most important (and fixed) CVEs.
CVE-2022-22001 – Windows Remote Access Connection Manager Elevation of Privileges
Fully documented at the beginning of the month, CVE-2022-22001 would allow a threat actor to leverage a flaw in the Remote Access Connection Manager in order to obtain higher privileges on the victim’s machine. Attack vector is “local-only”. The flaw has not yet been discovered in the wild. An official fix is available.
CVE-2022-22000 – Windows Common Log File System Driver Elevation of Privileges
A flaw identified in one of the Log File System driver’s components can trigger unjustified rights escalation on the victim’s machine. Microsoft earmarked this defect as “Important” and put forward an official fix. However, according to NIST’s review, the flaw may have a larger impact on affected machine. The defect is currently undergoing further analysis.
CVE – 2022 – 21995 – Windows Hyper-V Remote Code Execution Vulnerability
A low-privileges attack that leverages a limitation in Hyper-V’s security boundary. If performed successfully, the threat actor can coax the victim into running a crafted package which executes arbitrary code on the machine. A fix is available for CVE-2022-21995.
CVE – 2022 – 21993 – Windows Services for NFS ONCRPC XDR Driver Information Disclosure
A kernel defect in Windows’s Server for NFS Data Storage may lead to information disclosure, aiding a threat actor in gaining valuable information on the victim’s system. The defect has received an official fix as part of Microsoft’s February patch bout.
CVE – 2022 – 21992 Windows Mobile Device Management Remote Code Execution
An undisclosed code block in one of MDM’s components might be leveraged by a hacker to run malicious arbitrary code on the machine. The defect affects multiple Windows and Server builds including 20H2, 21H2, 1607, 1809, 1909, Server 2022, Server 2016, and Server 2019. The fix is available for download.
CVE – 2022 – 21991 – Visual Studio Code Remote Development Extension Remote Code Vulnerability
A flawed component in the Remote Development Extension for Microsoft Visual Studio Code can be abused by an unknown party for remote code execution (RCE) purposes. The attack’s been labeled “remote-only”. CVE-2022-21991 has not been sighted in the wild. A fix is available.
CVE – 2022 – 21986 – .NET Denial of Service
A threat actor can remotely induce a DoS when interacting with the.NET ASP.NET Cores Krestel. The attack itself leverages an expected response when pooling HTTP/3 and HTTP/2 headers. CVE-2022-21986 has received an official fix.
Additional Cybersecurity Advice and Parting Thoughts
Patch Tuesday February sure surprised us with goodies. Although these RCEs are nowhere near the Log4j affair, they do pose a threat to both IT admins and users. With February’s roundup just about done, here is some more stuff you can try out in order to improve your overall cybersecurity posture.
- Automated patching. With the risk of sounding like a broken record, automated patching is the way to go if you want to take some of that heat off your IT admins. Not only can it save time, but it can also ensure correct – and timely – patch deployment. Heimdal™ Security’s Patch & Asset Management can help you download and push any type of patch, whether it’s 3rd party, Windows, proprietary or optional.
- Prioritizing your patches. Don’t forget the golden rule of patch management – security updates/patches go first, non-security patches go second, and optional patches are last. Don’t mix them up!
- Patching’s not only for PCs. Every device you have should be patched. This includes desktops, laptops, mobile devices, routers, firewalls, hubs, and servers.
That’s it for Patch Tuesday February. Stay tuned for more news about vulnerabilities, bounty hunts, fixes, and other things that go bump in the web. As always, stay safe, and don’t forget to subscribe.
- Previous Patch Tuesday post.
- IT Asset Inventory Management article.
- Asset Tracking Software article.
Heimdal® Patch & Asset Management Software
- Schedule updates at your convenience;
- See any software assets in inventory;
- Global deployment and LAN P2P;
- And much more than we can fit in here...