Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
MICROSOFT PATCH TUESDAY February 2022
Image
Published : 09/02/2022
Reference:
Advisory #2022-001
Version:
1.0
Affected software:
Microsoft Office suite (Word, Excel, SharePoint)
Microsoft Teams
Microsoft Dynamics
Microsoft Windows Kernel
Windows RDP
Windows Hyper-V
Windows UEFI
For more information consult the release notes on: https://msrc.microsoft.com/update-guide/releaseNote/2022-Feb
Type:
Several types, ranging from spoofing to privilege escalation and remote code execution.
CVE/CVSS:
48 vulnerabilities rated as important: → 16 Remote Code Execution vulnerabilities
→ 15 Elevation of Privilege vulnerabilities
→ 6 Information Disclosure vulnerabilities
→ 5 Denial of Service vulnerabilities
→ 3 Spoofing vulnerabilities
→ 3 Security Feature Bypass vulnerabilities
Risks
This month’s Patch Tuesday includes 48 important vulnerabilities for a wide range of Microsoft products, impacting Microsoft Server and Workstations.
Currently, none of this month’s list of vulnerabilities is known to be exploited in the wild.
Description
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday”, and contain security fixes for Microsoft devices and software.
This month’s release covers 48 vulnerabilities. Although all vulnerabilities are marked as important, some are more likely to be exploited in the near future and urgent patching is advised.
Highlighted Vulnerabilities
Windows Kernel Elevation of Privilege Vulnerability (CVE-2022-21989)
CVE-2022-21989 is an EoP vulnerability in the Windows Kernel with a CVSSv3 score of 7.8. This was the only publicly disclosed CVE prior to patch Tuesday. Microsoft rates this as "exploitation more likely,” however at this time no public proof-of-concept appears to exist. In order to exploit this vulnerability, an attacker would need to be authenticated.
Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-22005)
CVE-2022-22005 is a RCE vulnerability in Microsoft SharePoint Server with a CVSSv3 score of 8.8. Microsoft rates this as “exploitation more likely,” however at this time no public proof-of-concept appears to exist. In order to exploit this vulnerability, an attacker would need to be authenticated.
Windows Hyper-V Remote Code Execution Vulnerability (CVE-2022-21995)
CVE-2022-21995 is a RCE vulnerability in Microsoft Windows Hyper-V with a CVSSv3 score of 7.9. Microsoft rates this as "Exploitation Less Likely", however at this time no public proof-of-concept appears to exist. In order to exploit this vulnerability, an attacker requires prior actions from the user.
Recommended Actions
The CCB recommends installing updates for vulnerable devices with the highest priority, after thorough testing.