202209 Feb

Microsoft stomps on 48 bugs in February Patch Tuesday update


Even so, it is perhaps more notable for not being nearly as severe as usual, as Recorded Future senior security architect Allan Liska noted. “The new CUs should help teams get caught up and back in compliance with their patch management controls.” Kev Breen, director of cyber threat research at Immersive Labs, said: “January’s patch release may have left some IT teams feeling somewhat sour as Microsoft had to reissue updates to fix some unexpected issues caused by the updates. Tenable staff research engineer Satnam Narang explained: “The complexity to exploit [this] vulnerability is high because of the added legwork required to prepare the target – this type of vulnerability is often leveraged by an attacker once they’ve already compromised the target.” Nevertheless, despite the lower-than-usual rating for a publicly disclosed zero-day, it is highly likely it will be exploited in short order, as Ivanti product management vice-president Chris Goettl explained: “Exploit code maturity is at proof-of-concept; this means that much of the initial investigative work for a weaponised exploit has already been done, and details could be publicly available to threat actors.” Some of the other more noteworthy vulnerabilities this month include CVE-2022-21984, a remote code execution vulnerability in Windows DNS Server affecting Windows 10 and 11, and Server 2022, but only if they have dynamic updates enabled; and CVE-2022-22005, a remote code execution vulnerability in Sharepoint Server affecting versions 2013-19 and Subscription Edition, which requires a malicious actor to be authenticated on their target system to be exploited. There are also four new privilege escalation vulnerabilities in Windows Print Spooler – one of them credited to the same Chinese team who uncovered the PrintNightmare nightmare last year. Breen at Immersive Labs observed: “Is it really Patch Tuesday if we don’t talk about a vulnerability in the Windows Print Spooler Components?

Source: Computerweekly