As scheduled, the monthly Patch Tuesday updates from Microsoft have arrived for February containing a zero-day fix among a number of other bug fixes.
Microsoft Patch Tuesday February Overview
Perhaps the single vulnerability worth paying attention to this month is a zero-day affecting the Windows Kernel. Microsoft has categorised it as a privilege escalation vulnerability (CVE-2022-21989). It achieved an important severity rating with a CVSS score of 7.8.
As explained in the advisory, exploiting the bug required an attacker to set up the target environment by performing additional activities. However, once done, the attacker could gain code execution privileges, while merely using a low privilege AppContainer.
Microsoft admitted that this bug became publicly known before a fix could arrive. Nonetheless, the Redmond giant assured no active exploitation of the flaw.
Furthermore, Microsoft fixed 49 other important severity bugs and 1 moderate severity flaw.
Two such noteworthy bugs include CVE-2022-21984 and CVE-2022-22005 – remote code execution vulnerabilities affecting Windows DNS Server and Microsoft SharePoint, respectively. Both the bugs received CVSS scores of 8.8, becoming the most severe bugs patched this month.
Whereas, the only moderate severity bug addressed here also affected Microsoft SharePoint. Identified as CVE-2022-21968, an attacker with read access to the target site could exploit the bug to bypass SharePoint security. As stated in the advisory,
The attacker would be able to bypass the protection in SharePoint blocking the HTTP request based on IP range. If an attacker successfully exploited this vulnerability, they could validate the presence or absence of an HTTP endpoint within the blocked IP range.
Besides, the other important severity bugs affected various components, such as Windows Print Spooler, Hyper-V, User Account Profile Picture, Microsoft Office, and more. Exploiting the bugs could impart varying impacts, including RCE, spoofing, privilege escalation, or even denial of service.