A total of 51 CVEs were addressed by Microsoft this month

News

Reading time icon 6 min. read

Calendar icon Updated on

by Alexandru Poloboc 

updated on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Key notes

  • A pretty light month for a Microsoft Patch Tuesday release, with 51 CVEs.
  • Out of all the CVEs, 50 were marked as important, and one as moderate.
  • So, the good news is that there are no critical severity ones this month.
  • We've included each and everyone in this article, with direct links as well.
patch tuesday februaty 2022

It’s that time of the month again, and everyone is looking towards Microsoft, in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve already provided the direct download links for the cumulative updates released today for Windows 10, but now it’s time to talk about Critical Vulnerabilities and Exposures again.

In terms of heft, this month’s release coincides with February releases from previous years, which are usually around 50 CVEs.

Let’s dive right into it and see what vulnerabilities are completely gone from our lives, now that these patches are live.

There were no Critical CVEs to fix for February 2022

The silver lining for the month of February 2022, is the complete lack of Critical-rated patches. Out of the ones released today, 50 are rated as Important and one is rated as Moderate in severity.

So, the 51 new patches that became available today address CVEs in:

  • Microsoft Windows and Windows Components
  • Azure Data Explorer
  • Kestrel Web Server
  • Microsoft Edge (Chromium-based)
  • Windows Codecs Library
  • Microsoft Dynamics
  • Microsoft Dynamics GP
  • Microsoft Office and Office Components
  • Windows Hyper-V Server
  • SQL Server
  • Visual Studio Code
  • Microsoft Teams

Some more good news is that none of the bugs that were addressed this month are listed as being under active exploit, except for one, which is listed as publicly known at the time of release.

We know you’re curious and would like to explore each and every single one of the patches, so we are going to present them to you.

CVE TitleSeverityCVSSPublicExploitedType
CVE-2022-21989Windows Kernel Elevation of Privilege VulnerabilityImportant7.8YesNoEoP
CVE-2022-21984Windows DNS Server Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2022-23280Microsoft Outlook for Mac Security Feature Bypass VulnerabilityImportant5.3NoNoSFB
CVE-2022-21995Windows Hyper-V Remote Code Execution VulnerabilityImportant7.9NoNoRCE
CVE-2022-22005Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2022-21986.NET Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2022-23256Azure Data Explorer Spoofing VulnerabilityImportant8.1NoNoSpoofing
CVE-2022-21844HEVC Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-21926HEVC Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-21927HEVC Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-21957Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityImportant7.2NoNoRCE
CVE-2022-23271Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant6.5NoNoEoP
CVE-2022-23272Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant8.1NoNoEoP
CVE-2022-23273Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant7.1NoNoEoP
CVE-2022-23274Microsoft Dynamics GP Remote Code Execution VulnerabilityImportant8.3NoNoRCE
CVE-2022-23269Microsoft Dynamics GP Spoofing VulnerabilityImportant6.9NoNoSpoofing
CVE-2022-23262Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant6.3NoNoEoP
CVE-2022-23263Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant7.7NoNoEoP
CVE-2022-22716Microsoft Excel Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2022-22004Microsoft Office ClickToRun Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-22003Microsoft Office Graphics Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-23252Microsoft Office Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2022-21988Microsoft Office Visio Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-23255Microsoft OneDrive for Android Security Feature Bypass VulnerabilityImportant5.9NoNoSFB
CVE-2022-23254Microsoft Power BI Elevation of Privilege VulnerabilityImportant4.9NoNoEoP
CVE-2022-21968Microsoft SharePoint Server Security Feature BypassVulnerabilityImportant4.3NoNoSFB
CVE-2022-21987Microsoft SharePoint Server Spoofing VulnerabilityImportant8NoNoSpoofing
CVE-2022-21965Microsoft Teams Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2022-22715Named Pipe File System Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-21974Roaming Security Rights Management Services Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-23276SQL Server for Linux Containers Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-21991Visual Studio Code Remote Development Extension Remote Code Execution VulnerabilityImportant8.1NoNoRCE
CVE-2022-22709VP9 Video Extensions Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-21996Win32k Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-22710Windows Common Log File System Driver Denial of Service VulnerabilityImportant5.5NoNoDoS
CVE-2022-21981Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-22000Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-21998Windows Common Log File System Driver Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2022-21994Windows DWM Core Library Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-22712Windows Hyper-V Denial of Service VulnerabilityImportant5.6NoNoDoS
CVE-2022-21992Windows Mobile Device Management Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-21997Windows Print Spooler Elevation of Privilege VulnerabilityImportant7.1NoNoEoP
CVE-2022-21999Windows Print Spooler Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-22717Windows Print Spooler Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2022-22718Windows Print Spooler Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-22001Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2022-21985Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2022-21971Windows Runtime Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2022-21993Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant7.5NoNoInfo
CVE-2022-22002Windows User Account Profile Picture Denial of Service VulnerabilityImportant5.5NoNoDoS
CVE-2022-23261Microsoft Edge (Chromium-based) Tampering VulnerabilityModerate5.3NoNoTampering
CVE-2022-0452Chromium: CVE-2022-0452 Use after free in Safe BrowsingHighN/ANoNoN/A
CVE-2022-0453 Chromium: CVE-2022-0453 Use after free in Reader ModeHighN/ANoNoN/A
CVE-2022-0454Chromium: CVE-2022-0454 Heap buffer overflow in ANGLEHighN/ANoNoN/A
CVE-2022-0455Chromium: CVE-2022-0455 Inappropriate implementation in Full Screen ModeHighN/ANoNoN/A
CVE-2022-0456Chromium: CVE-2022-0456 Use after free in Web SearchHighN/ANoNoN/A
CVE-2022-0457Chromium: CVE-2022-0457 Type Confusion in V8HighN/ANoNoN/A
CVE-2022-0458Chromium: CVE-2022-0458 Use after free in Thumbnail Tab StripHighN/ANoNoN/A
CVE-2022-0459Chromium: CVE-2022-0459 Use after free in Screen CaptureHighN/ANoNoN/A
CVE-2022-0460Chromium: CVE-2022-0460 Use after free in Window DialogMediumN/ANoNoN/A
CVE-2022-0461Chromium: CVE-2022-0461 Policy bypass in COOPMediumN/ANoNoN/A
CVE-2022-0462Chromium: CVE-2022-0462 Inappropriate implementation in ScrollMediumN/ANoNoN/A
CVE-2022-0463Chromium: CVE-2022-0463 Use after free in AccessibilityMediumN/ANoNoN/A
CVE-2022-0464Chromium: CVE-2022-0464 Use after free in AccessibilityMediumN/ANoNoN/A
CVE-2022-0465Chromium: CVE-2022-0465 Use after free in ExtensionsMediumN/ANoNoN/A
CVE-2022-0466Chromium: CVE-2022-0466 Inappropriate implementation in Extensions PlatformMediumN/ANoNoN/A
CVE-2022-0467Chromium: CVE-2022-0467 Inappropriate implementation in Pointer LockMediumN/ANoNoN/A
CVE-2022-0468Chromium: CVE-2022-0468 Use after free in PaymentsMediumN/ANoNoN/A
CVE-2022-0469Chromium: CVE-2022-0469 Use after free in CastMediumN/ANoNoN/A
CVE-2022-0470Chromium: CVE-2022-0470 Out of bounds memory access in V8LowN/ANoNoN/A

These are all the CVEs addressed with this month’s Patch Tuesday release. Overall, this was a pretty light and secure month, compared to previous situations.

The next Patch Tuesday batch of software will come on March 8 and we’re all curious to see what Microsoft comes up with until then.

Let’s all hope that we won’t have to deal with critical problems, and that’s it will only be smooth sailing from now on.

Was this article helpful to you? Share your opinion in the comments section below.

More about the topics: patch tuesday

Alexandru Poloboc

Alexandru Poloboc Shield

Tech Journalist

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio entertainment show host. A certified gadget freak, he always feels the need to surround himself with next-generation electronics. When he is not working, he splits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.

User forum

0 messages