Η Microsoft κυκλοφόρησε το Patch Tuesday του Φεβρουαρίου 2022, που διορθώνει συνολικά 48 ευπάθειες, συμπεριλαμβανομένης και μιας zero-day.

Δείτε επίσης: Microsoft: Πώς σχεδιάζει να περιορίσει τη διανομή malware μέσω εγγράφων του Office;

Ένα θετικό στοιχείο είναι ότι καμία από αυτές τις ευπάθειες δεν έχει ταξινομηθεί ως “Κρίσιμη“.

Patch Tuesday Φεβρουαρίου 2022: Η Microsoft διορθώνει 48 ευπάθειες

Στην παρακάτω λίστα μπορείτε να δείτε το είδος τον ευπαθειών που διορθώνονται και τον αριθμό τους:

  • 16 Elevation of Privilege ευπάθειες
  • 16 Remote Code Execution ευπάθειες
  • 5 Information Disclosure ευπάθειες
  • 5 Denial of Service ευπάθειες
  • 3 Spoofing ευπάθειες
  • 3 Security Feature Bypass ευπάθειες

Ξεχωριστά από το Patch Tuesday, η Microsoft έχει διορθώσει και 22 ευπάθειες στο Microsoft Edge.

Δείτε επίσης: Microsoft: Οι απειλές αυξάνονται αλλά οι οργανισμοί εξακολουθούν να μη χρησιμοποιούν MFA

Patch Tuesday Φεβρουαρίου: Διορθώνεται zero-day ευπάθεια

Η ενημέρωση ασφαλείας αυτού του μήνα περιλαμβάνει επιδιορθώσεις και για μία ευπάθεια zero-day που αποκαλύφθηκε δημόσια. Τα καλά νέα είναι ότι σε αυτό το Patch δεν υπάρχουν zero-days που να έχουν χρησιμοποιηθεί σε επιθέσεις.

Η Microsoft ταξινομεί μια ευπάθεια ως zero-day, εάν αποκαλύπτεται δημόσια ή χρησιμοποιείται από εγκληματίες του κυβερνοχώρου χωρίς να υπάρχει ενημέρωση που να τη διορθώνει.

Δείτε επίσης: Microsoft: Μπλόκαρε δισεκατομμύρια brute-force και phishing επιθέσεις το 2021

Η zero-day ευπάθεια που διορθώνεται αυτό το μήνα είναι η CVE-2022-21989, μια Windows Kernel Elevation of Privilege ευπάθεια.

Microsoft Patch Tuesday Φεβρουαρίου 2022: Όλες οι ευπάθειες που διορθώνονται

Στον παρακάτω πίνακα μπορείτε να δείτε όλες τις ευπάθειες που διορθώνει η Microsoft αυτό το μήνα μαζί με τις ευπάθειες στο Microsoft Edge.

TagCVE IDCVE TitleSeverity
Azure Data ExplorerCVE-2022-23256Azure Data Explorer Spoofing VulnerabilityImportant
Kestrel Web ServerCVE-2022-21986.NET Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2022-21957Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23272Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23271Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23273Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23274Microsoft Dynamics GP Remote Code Execution VulnerabilityImportant
Microsoft Dynamics GPCVE-2022-23269Microsoft Dynamics GP Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0469Chromium: CVE-2022-0469 Use after free in CastUnknown
Microsoft Edge (Chromium-based)CVE-2022-0467Chromium: CVE-2022-0467 Inappropriate implementation in Pointer LockUnknown
Microsoft Edge (Chromium-based)CVE-2022-23261Microsoft Edge (Chromium-based) Tampering VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-0453Chromium: CVE-2022-0453 Use after free in Reader ModeUnknown
Microsoft Edge (Chromium-based)CVE-2022-23262Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0468Chromium: CVE-2022-0468 Use after free in PaymentsUnknown
Microsoft Edge (Chromium-based)CVE-2022-0452Chromium: CVE-2022-0452 Use after free in Safe BrowsingUnknown
Microsoft Edge (Chromium-based)CVE-2022-23263Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0462Chromium: CVE-2022-0462 Inappropriate implementation in ScrollUnknown
Microsoft Edge (Chromium-based)CVE-2022-0461Chromium: CVE-2022-0461 Policy bypass in COOPUnknown
Microsoft Edge (Chromium-based)CVE-2022-0460Chromium: CVE-2022-0460 Use after free in Window DialogUnknown
Microsoft Edge (Chromium-based)CVE-2022-0465Chromium: CVE-2022-0465 Use after free in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2022-0464Chromium: CVE-2022-0464 Use after free in AccessibilityUnknown
Microsoft Edge (Chromium-based)CVE-2022-0463Chromium: CVE-2022-0463 Use after free in AccessibilityUnknown
Microsoft Edge (Chromium-based)CVE-2022-0459Chromium: CVE-2022-0459 Use after free in Screen CaptureUnknown
Microsoft Edge (Chromium-based)CVE-2022-0455Chromium: CVE-2022-0455 Inappropriate implementation in Full Screen ModeUnknown
Microsoft Edge (Chromium-based)CVE-2022-0454Chromium: CVE-2022-0454 Heap buffer overflow in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2022-0466Chromium: CVE-2022-0466 Inappropriate implementation in Extensions PlatformUnknown
Microsoft Edge (Chromium-based)CVE-2022-0458Chromium: CVE-2022-0458 Use after free in Thumbnail Tab StripUnknown
Microsoft Edge (Chromium-based)CVE-2022-0457Chromium: CVE-2022-0457 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-0456Chromium: CVE-2022-0456 Use after free in Web SearchUnknown
Microsoft Edge (Chromium-based)CVE-2022-0470Chromium: CVE-2022-0470 Out of bounds memory access in V8Unknown
Microsoft OfficeCVE-2022-22004Microsoft Office ClickToRun Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2022-22003Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2022-23252Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft Office ExcelCVE-2022-22716Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office OutlookCVE-2022-23280Microsoft Outlook for Mac Security Feature Bypass VulnerabilityImportant
Microsoft Office SharePointCVE-2022-21987Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2022-21968Microsoft SharePoint Server Security Feature BypassVulnerabilityImportant
Microsoft Office SharePointCVE-2022-22005Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2022-21988Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft OneDriveCVE-2022-23255Microsoft OneDrive for Android Security Feature Bypass VulnerabilityImportant
Microsoft TeamsCVE-2022-21965Microsoft Teams Denial of Service VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21844HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21927HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21926HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-22709VP9 Video Extensions Remote Code Execution VulnerabilityImportant
Power BICVE-2022-23254Microsoft Power BI Elevation of Privilege VulnerabilityImportant
Roaming Security Rights Management ServicesCVE-2022-21974Roaming Security Rights Management Services Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2022-21984Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-21995Windows Hyper-V Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-22712Windows Hyper-V Denial of Service VulnerabilityImportant
SQL ServerCVE-2022-23276SQL Server for Linux Containers Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2022-21991Visual Studio Code Remote Development Extension Remote Code Execution VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-22000Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-22710Windows Common Log File System Driver Denial of Service VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-21981Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-21998Windows Common Log File System Driver Information Disclosure VulnerabilityImportant
Windows DWM Core LibraryCVE-2022-21994Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-21989Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-21992Windows Mobile Device Management Remote Code Execution VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2022-21993Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant
Windows Named Pipe File SystemCVE-2022-22715Named Pipe File System Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22718Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-22717Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-21999Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2022-21997Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-21985Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-22001Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-21971Windows Runtime Remote Code Execution VulnerabilityImportant
Windows User Account ProfileCVE-2022-22002Windows User Account Profile Picture Denial of Service VulnerabilityImportant
Windows Win32KCVE-2022-21996Win32k Elevation of Privilege VulnerabilityImportant

Πηγή: Bleeping Computer