Experts: Several CVEs From Microsoft’s February Security Update Require Prompt Attention

Microsoft’s release of relatively sparse vulnerability information makes it difficult for organizations to prioritize mitigation efforts, security experts say.

Microsoft’s security update for February did not include any critical vulnerabilities — a rarity. But there are still plenty of serious vulns in the update to merit immediate attention, security experts said this week.

Among the biggest concerns are a Windows DNS Server remote code execution (RCE) vulnerability (CVE-2022-21984), a Windows 32K elevation of privileges flaw (CVE-2022-21989), an RCE in SharePoint server (CVE-2022-22005), and a set of four vulnerabilities in the company’s perennially insecure Windows Print Spooler technology, one of which already has an exploit.

The vulnerabilities are among a set of 51 flaws that Microsoft patched this week. That made it one of the smaller monthly security updates that Microsoft has released in a while. Last month’s rollout, for instance, contained fixes for 96 vulnerabilities, while the one in December had patches for 67 flaws, including one for a zero-day flaw that was being used to spread Emotet ransomware.

“This month had no critical-rated bugs for the first time in quite a while,” says Dustin Childs, communications manager at Trend Micro’s ZDI. “Of the 51 patches, 50 are rated Important and one is Moderate,” he notes. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *