Qualys about the Microsoft & Adobe Patch Tuesday 02/22

Tanium kommentiert aktiv ausgenutzten Google Chrome-Exploit

Microsoft patches 70 vulnerabilities, including 0 critical; Adobe patches 17 vulnerabilities, including 5 critical

Debra M. Fezza Reed, Solution Architect, Subject Matter Expert (SA/SME) Dashboards and Reporting at Qualys

Microsoft fixes 70 vulnerabilities in the Patch Tuesday release of February 2022. Even if none of the vulnerabilities were classified as critical this month, several received a high risk rating (CVSSv3.1 score of 7.0-8.9). At this point, none of the vulnerabilities listed this month are known to be exploitable in the wild.
Microsoft has fixed issues in its software, including remote code execution (RCE) vulnerabilities, privilege escalation vulnerabilities, spoofing bugs, information disclosure, feature circumvention, and denial-of-service (DoS) issues.
The advisory includes Microsoft products such as Azure Data Explorer, Kestrel Web Server, Microsoft Edge (Chromium-based), Windows Codecs Library, Microsoft Dynamics, Microsoft Dynamics GP, Microsoft Office and Office Components, Windows Hyper-V Server, SQL Server, Visual Studio Code and Microsoft Teams.

Patched Microsoft vulnerabilities

CVE-2022-21984 – Remote Code Execution vulnerability in Windows DNS Server
This vulnerability has a CVSSv3.1 rating of 8.8/10. The Microsoft DNS server has a Remote Code Execution (RCE) vulnerability that has been fixed with this patch. The server is affected only when dynamic updates are enabled, but this is a fairly common configuration. An attacker could completely take control of the DNS server and execute code with elevated privileges, if this is set up in the environment.
Exploitability assessment: Vulnerability is less likely.

CVE-2022-21989 – Vulnerability in Windows-Kenel regarding rights extensions

This vulnerability has a CVSSv3.1 value of 7.8/10. An AppContainer with low privileges could be used for a successful attack. The attacker could gain elevated privileges that allow him to execute code or access resources that have a higher level of integrity than the AppContainer’s execution environment.
Exploitability assessment: Vulnerability is more likely.

CVE-2022-22003 – Remote Code Execution vulnerability in Microsoft Office Graphics Component

This vulnerability has a CVSSv3.1 rating of 7.8/10. This Remote Code Execution (RCE) vulnerability affects the graphics component in Microsoft Office. In order to successfully exploit the vulnerability, a user must be tricked into executing malicious files.
Exploitability assessment: Vulnerability is less likely.

CVE-2022-22005 – Remote Code Execution Vulnerability in Microsoft SharePoint Server

This vulnerability has a CVSSv3.1 rating of 8.8/10. This Remote Code Execution (RCE) vulnerability affects Microsoft SharePoint Server. An attacker must be authenticated and have permission to create pages in SharePoint to exploit the vulnerability.
Exploitability assessment: Vulnerability is more likely.

Adobe Patch Tuesday – February 2022

Adobe has released updates to fix 17 vulnerabilities affecting Premiere Rush, Illustrator, Photoshop, AfterEffects and the Creative Cloud Desktop application. Of these 17 vulnerabilities, five are classified as critical.
Adobe has released security updates for Illustrator, Photoshop and AfterEffects for Windows and macOS. These updates address several critical, important, and moderate security vulnerabilities.
A successful exploitation of these vulnerabilities could lead to a denial-of-service (DoS) of the application, the execution of arbitrary code, the extension of privileges and memory leaks.

About Patch Tuesday

Qualys Patch Tuesday QIDs are typically released late on Patch Tuesday as security alerts, followed by the release of the monthly queries for the Unified Dashboard: 2022 Patch Tuesday (QID-based) dashboard.

Unity 3D Development Outsourcing | IT Outsource Support

Ready to see us in action:

More To Explore

IWanta.tech
Logo
Enable registration in settings - general
Have any project in mind?

Contact us:

small_c_popup.png