New Update Microsoft February 2022 Patch Tuesday

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
11,050
Today is Microsoft's February 2022 Patch Tuesday, and with it comes fixes for one zero-day vulnerability and a total of 48 flaws.

Microsoft has fixed 48 vulnerabilities (not including 22 Microsoft Edge vulnerabilities ) with today's update, with none of them classified as Critical.

The number for each type of vulnerability is listed below:
  • 16 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 16 Remote Code Execution Vulnerabilities
  • 5 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities
  • 22 Edge - Chromium Vulnerabilities
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
11,050
The new update is now available for Windows 10 21H2, version 21H1, and version 20H2 As per the official release notes, Microsoft has published two main cumulative updates for Windows 10 - KB5010342 and KB5010345.

Microsoft has released these updates for November 2021 Update, May 2021 Update, October 2020 Update (version 20H2). This update is not available for May 2020 Update (version 2004) if you use the consumer edition, but the same update will be offered on devices using enterprise or education SKUs.

The full list of Windows 10 updates released today are:
 

Gandalf_The_Grey

Level 82
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,198
The February 2022 Security Update Review
It’s the second patch Tuesday of 2022, which means the latest security updates from Adobe and Microsoft are here. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.

Adobe Patches for February 2022

For February, Adobe released five bulletins addressing 17 CVEs in Adobe Illustrator, Creative Cloud Desktop, After Effects, Photoshop, and Rush. Two of these 17 were reported by ZDI Vulnerability Researcher Mat Powell. The update for Illustrator fixes a total of 13 bugs, the most severe of which could allow arbitrary code execution through either a buffer overflow or an Out-Of-Bounds (OOB) Write. The patch for Creative Cloud Desktop also fixes a single, Critical-rated code execution bug.

The theme of Critical-rated code execution bugs continues with the fix for After Effects. This patch addresses an OOB write bug that exists within the parsing of 3GP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. The final Critical-rated patch from Adobe this month fixes a buffer overflow in Photoshop that could allow code execution.

The only Moderate-rated patch this month is the update for Premiere Rush. This patch fixes a bug that exists within the parsing of JPEG images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release.

Microsoft Patches for February 2022

For February, Microsoft released 51 new patches addressing CVEs in Microsoft Windows and Windows Components, Azure Data Explorer, Kestrel Web Server, Microsoft Edge (Chromium-based), Windows Codecs Library, Microsoft Dynamics, Microsoft Dynamics GP, Microsoft Office and Office Components, Windows Hyper-V Server, SQL Server, Visual Studio Code, and Microsoft Teams. A total of five of these bugs came through the ZDI program. This is in addition to the 19 CVEs patched by Microsoft Edge (Chromium-based) earlier this month, which brings the February total to 70 CVEs.

This volume is in line with February releases from previous years, which (apart from 2020) tend to be around 50 CVEs. What’s more curious about this release is the complete lack of Critical-rated patches. Of the patches released today, 50 are rated Important and one is rated Moderate in severity. It may have happened before, but I can’t find an example of a monthly release from Microsoft that doesn’t include at least one Critical-rated patch. It certainly hasn’t happened in recent memory. Interestingly, Microsoft has chosen to provide some additional explanations of CVSS ratings in this month’s release, but there are still many details about the bugs themselves that are left obscured.

None of the bugs are listed as under active exploit this month, while one is listed as publicly known at the time of release. Last month, Microsoft also initially listed the release as having no active attacks only to revise CVE-2022-21882 two days post release to indicate “Microsoft was aware of limited, targeted attacks that attempt to exploit this vulnerability.” We’ll update this blog should they change their mind this month as well.
 

Gandalf_The_Grey

Level 82
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,198
Microsoft Windows Security Updates February 2022 overview
Microsoft released security updates for its Windows operating system and other company products on February 8, 2022. The February 2022 Patch Day is the second of the year and this guides gives you an overview of the releases.

The updates are already available via Windows Update and update management services such as WSUS. Administrators may download the updates to install them manually, or check for updates to install them on devices.

The guide lists all relevant information, links to support pages and downloads, lists known issues, and provides you with other information.

The following Excel spreadsheet includes the released security updates for Windows and other company products. Just download it with a click on the following link: windows-security-updates-february-2022

Executive Summary​

  • Microsoft released security updates for all supported client and server versions of Windows.
  • Microsoft released no critical updates for Windows on this Patch Day.
  • Security updates were also released for other Microsoft products, including Microsoft Dynamics, Microsoft Office, Microsoft Edge, SQL Server, Power BI, Visual Studio Code and Kestrel Web Server
  • The following client operating systems have known issues: Windows 7, Windows 8.1, Windows 10 version 1809, Windows 10 version 20H2, 21H1, 21H2,
  • The following server operating systems have known issues: Windows Server 2008 and 2008 R2, Windows Server 2012 and 2012 R2, Windows Server 2019, Windows Server 2022
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top