Tripwire Patch Priority Index for February 2022 | The State of Security

Tripwire’s February 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.

First on the patch priority list this month is a vulnerability for Microsoft Windows LSA (CVE-2021-36942). This vulnerability has been added to Metasploit Exploit Framework and any vulnerable systems should be patched as soon as possible.

Up next are patches for Microsoft Edge that resolve over 20 vulnerabilities such as user after free, type confusion, heap buffer overflow, tampering, and elevation of privilege vulnerabilities.

Following Edge are patches for Microsoft Office, Excel, Outlook, Teams, and Visio. These patches resolve 7 vulnerabilities, including security feature bypass, remote code execution, denial of service, and information disclosure vulnerabilities.

Next are patches that affect components of the Windows operating systems. These patches resolve over 20 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, DWM Core Library, Windows Defender, NFS, Print Spooler, Named Pipe File System, and others.

Next are patches for the .NET Framework that resolve a denial of service vulnerability in the Kestrel Web Server and a remote code execution vulnerability in Visual Studio Code.

Lastly, administrators should focus on server-side patches for SharePoint, Hyper-V, Dynamics, DNS, SQL Server, and Power BI. These patches resolve numerous issues including remote code execution, elevation of privileges, security feature bypass, and spoofing vulnerabilities.