February 9, 2022
Microsoft has released 48 fixes as part of its monthly Patch Tuesday event. The update fixes several security issues, including remote code execution (RCE) vulnerabilities, privilege escalation bugs, spoofing issues, information leaks, and policy bypass exploits.
The company also includes a patch for a zero-day vulnerability. Products affected by the February security update include the Windows Kernel, Hyper-V, Microsoft Outlook and Office, Azure Data Explorer and Microsoft SharePoint.
Among the known bugs that have been fixed is CVE-2022-21989, a zero-day flaw with a 7.8 severity rating. The flaw can be exploited to escalate privileges via the kernel.
Other vulnerabilities included in this update are:
- Windows DNS Server Remote Code Execution Vulnerability (CVE-2022-21984) has a severity of 8.8.
- Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-22005). The vulnerability has a severity of 8.8.
- Azure Data Explorer Spoofing Vulnerability (CVE-2022-23256). The flaw has a CVSS score of 8.1.
- Microsoft Dynamics GP Remote Code Execution Vulnerability (CVE-2022-23274). The flaw has a severity score of 8.3.
For more innformation, read the original story in ZDNet.
