Tripwire Patch Priority Index for February 2022 | The State of Security


Tripwire’s February 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.

First on the patch priority list this month is a vulnerability for Microsoft Windows LSA (CVE-2021-36942). This vulnerability has been added to Metasploit Exploit Framework and any vulnerable systems should be patched as soon as possible.

Up next are patches for Microsoft Edge that resolve over 20 vulnerabilities such as user after free, type confusion, heap buffer overflow, tampering, and elevation of privilege vulnerabilities.

Following Edge are patches for Microsoft Office, Excel, Outlook, Teams, and Visio. These patches resolve 7 vulnerabilities, including security feature bypass, remote code execution, denial of service, and information disclosure vulnerabilities.

Next are patches that affect components of the Windows operating systems. These patches resolve over 20 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, DWM Core Library, Windows Defender, NFS, Print Spooler, Named Pipe File System, and others.

Next are patches for the .NET Framework that resolve a denial of service vulnerability in the Kestrel Web Server and a remote code execution vulnerability in Visual Studio Code.

Lastly, administrators should focus on server-side patches for SharePoint, Hyper-V, Dynamics, DNS, SQL Server, and Power BI. These patches resolve numerous issues including remote code execution, elevation of privileges, security feature bypass, and spoofing vulnerabilities.

BULLETIN

CVE

Exploit Framework – Metasploit

CVE-2021-36942

Microsoft Edge (Chromium-based)

CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455, CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459, CVE-2022-0460, CVE-2022-0461, CVE-2022-0462, CVE-2022-0463, CVE-2022-0464, CVE-2022-0465, CVE-2022-0466, CVE-2022-0467, CVE-2022-0468, CVE-2022-0469, CVE-2022-0470, CVE-2022-23263,CVE-2022-23262,CVE-2022-23261

Microsoft Office Outlook

CVE-2022-23280

Microsoft Office Visio

CVE-2022-21988

Microsoft Teams

CVE-2022-21965

Microsoft Office Excel

CVE-2022-22716

Microsoft Office

CVE-2022-22004, CVE-2022-22003, CVE-2022-23252

Windows

CVE-2022-22002, CVE-2022-21989, CVE-2022-21992, CVE-2022-21994, CVE-2022-22001, CVE-2022-21985, CVE-2022-21971, CVE-2022-21996, CVE-2022-21974, CVE-2022-21993, CVE-2022-21997, CVE-2022-21999, CVE-2022-22717, CVE-2022-22718, CVE-2022-22710, CVE-2022-21981, CVE-2022-22000, CVE-2022-21998, CVE-2022-22715

.NET (Kestrel Web Server)

CVE-2022-21986

Visual Studio Code

CVE-2022-21991

Microsoft Office SharePoint

CVE-2022-22005, CVE-2022-21968, CVE-2022-21987

Role: DNS Server

CVE-2022-21984

Role: Windows Hyper-V

CVE-2022-22712, CVE-2022-21995

Microsoft Dynamics

CVE-2022-23272, CVE-2022-23273, CVE-2022-23271, CVE-2022-23274, CVE-2022-23269, CVE-2022-21957

SQL Server

CVE-2022-23276

Power BI

CVE-2022-23254



Source link