Microsoft’s release of relatively sparse vulnerability information makes it difficult for organizations to prioritize mitigation efforts, security experts say.
Microsoft’s security update for February did not include any critical vulnerabilities — a rarity. But there are still plenty of serious vulns in the update to merit immediate attention, security experts said this week.
Among the biggest concerns are a Windows DNS Server remote code execution (RCE) vulnerability (CVE-2022-21984), a Windows 32K elevation of privileges flaw (CVE-2022-21989), an RCE in SharePoint server (CVE-2022-22005), and a set of four vulnerabilities in the company’s perennially insecure Windows Print Spooler technology, one of which already has an exploit.
The vulnerabilities are among a set of 51 flaws that Microsoft patched this week. That made it one of the smaller monthly security updates that Microsoft has released in a while. Last month’s rollout, for instance, contained fixes for 96 vulnerabilities, while the one in December had patches for 67 flaws, including one for a zero-day flaw that was being used to spread Emotet ransomware.
“This month had no critical-rated bugs for the first time in quite a while,” says Dustin Childs, communications manager at Trend Micro’s ZDI. “Of the 51 patches, 50 are rated Important and one is Moderate,” he notes. Read more: https://bit.ly/3HFyPUM