- Windows 11 24H2 hit by a brand new bug, but there's a workaround
- This Samsung OLED spoiled every other TV for me, and it's $1,400 off for Black Friday
- NetBox Labs launches tools to combat network configuration drift
- Navigating the Complexities of AI in Content Creation and Cybersecurity
- Russian Cyber Spies Target Organizations with Custom Malware
Tripwire Patch Priority Index for February 2022 | The State of Security
Tripwire’s February 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
First on the patch priority list this month is a vulnerability for Microsoft Windows LSA (CVE-2021-36942). This vulnerability has been added to Metasploit Exploit Framework and any vulnerable systems should be patched as soon as possible.
Up next are patches for Microsoft Edge that resolve over 20 vulnerabilities such as user after free, type confusion, heap buffer overflow, tampering, and elevation of privilege vulnerabilities.
Following Edge are patches for Microsoft Office, Excel, Outlook, Teams, and Visio. These patches resolve 7 vulnerabilities, including security feature bypass, remote code execution, denial of service, and information disclosure vulnerabilities.
Next are patches that affect components of the Windows operating systems. These patches resolve over 20 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, DWM Core Library, Windows Defender, NFS, Print Spooler, Named Pipe File System, and others.
Next are patches for the .NET Framework that resolve a denial of service vulnerability in the Kestrel Web Server and a remote code execution vulnerability in Visual Studio Code.
Lastly, administrators should focus on server-side patches for SharePoint, Hyper-V, Dynamics, DNS, SQL Server, and Power BI. These patches resolve numerous issues including remote code execution, elevation of privileges, security feature bypass, and spoofing vulnerabilities.
BULLETIN |
CVE |
CVE-2021-36942 |
|
CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455, CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459, CVE-2022-0460, CVE-2022-0461, CVE-2022-0462, CVE-2022-0463, CVE-2022-0464, CVE-2022-0465, CVE-2022-0466, CVE-2022-0467, CVE-2022-0468, CVE-2022-0469, CVE-2022-0470, CVE-2022-23263,CVE-2022-23262,CVE-2022-23261 |
|
CVE-2022-23280 |
|
CVE-2022-21988 |
|
CVE-2022-21965 |
|
CVE-2022-22716 |
|
CVE-2022-22004, CVE-2022-22003, CVE-2022-23252 |
|
CVE-2022-22002, CVE-2022-21989, CVE-2022-21992, CVE-2022-21994, CVE-2022-22001, CVE-2022-21985, CVE-2022-21971, CVE-2022-21996, CVE-2022-21974, CVE-2022-21993, CVE-2022-21997, CVE-2022-21999, CVE-2022-22717, CVE-2022-22718, CVE-2022-22710, CVE-2022-21981, CVE-2022-22000, CVE-2022-21998, CVE-2022-22715 |
|
CVE-2022-21986 |
|
CVE-2022-21991 |
|
CVE-2022-22005, CVE-2022-21968, CVE-2022-21987 |
|
CVE-2022-21984 |
|
CVE-2022-22712, CVE-2022-21995 |
|
CVE-2022-23272, CVE-2022-23273, CVE-2022-23271, CVE-2022-23274, CVE-2022-23269, CVE-2022-21957 |
|
CVE-2022-23276 |
|
CVE-2022-23254 |