Microsoft’s February 2022 Patch Tuesday Addresses 48 CVEs

On February 8, Microsoft released its monthly Patch Tuesday security update. This month, Microsoft addressed 48 CVEs, all of which were rated Important and one of which was publicly disclosed as a zero-day. 

This month, Microsoft patched CVE-2022-21989, an elevation of privilege vulnerability in the Windows Kernel. This is the only zero-day vulnerability patched this month. While it was rated “Exploitation More Likely” according to Microsoft’s Exploitability Index, the attack complexity is high because an attacker needs to take additional steps to prepare the target. 

This month’s update includes patches for:

• Azure Data Explorer
• Kestrel Web Server
• Microsoft Dynamics
• Microsoft Dynamics GP
• Microsoft Edge (Chromium-based)
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office Outlook
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft OneDrive
• Microsoft Teams
• Microsoft Windows Codecs Library
• Power BI
• Roaming Security Rights Management Services
• Role: DNS Server
• Role: Windows Hyper-V
• SQL Server
• Visual Studio Code
• Windows Common Log File System Driver
• Windows DWM Core Library
• Windows Kernel
• Windows Kernel-Mode Drivers
• Windows Named Pipe File System
• Windows Print Spooler Components
• Windows Remote Access Connection Manager
• Windows Remote Procedure Call Runtime
• Windows User Account Profile
• Windows Win32K

For more information about the notable vulnerabilities in this month’s Patch Tuesday, including the availability of patches and Tenable product coverage, please visit our blog.