A total of 51 CVEs were addressed by Microsoft this month

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • A pretty light month for a Microsoft Patch Tuesday release, with 51 CVEs.
  • Out of all the CVEs, 50 were marked as important, and one as moderate.
  • So, the good news is that there are no critical severity ones this month.
  • We've included each and everyone in this article, with direct links as well.
patch tuesday februaty 2022

It’s that time of the month again, and everyone is looking towards Microsoft, in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve already provided the direct download links for the cumulative updates released today for Windows 10, but now it’s time to talk about Critical Vulnerabilities and Exposures again.

In terms of heft, this month’s release coincides with February releases from previous years, which are usually around 50 CVEs.

Let’s dive right into it and see what vulnerabilities are completely gone from our lives, now that these patches are live.

There were no Critical CVEs to fix for February 2022

The silver lining for the month of February 2022, is the complete lack of Critical-rated patches. Out of the ones released today, 50 are rated as Important and one is rated as Moderate in severity.

So, the 51 new patches that became available today address CVEs in:

  • Microsoft Windows and Windows Components
  • Azure Data Explorer
  • Kestrel Web Server
  • Microsoft Edge (Chromium-based)
  • Windows Codecs Library
  • Microsoft Dynamics
  • Microsoft Dynamics GP
  • Microsoft Office and Office Components
  • Windows Hyper-V Server
  • SQL Server
  • Visual Studio Code
  • Microsoft Teams

Some more good news is that none of the bugs that were addressed this month are listed as being under active exploit, except for one, which is listed as publicly known at the time of release.

We know you’re curious and would like to explore each and every single one of the patches, so we are going to present them to you.

CVE Title Severity CVSS Public Exploited Type
CVE-2022-21989 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Yes No EoP
CVE-2022-21984 Windows DNS Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-23280 Microsoft Outlook for Mac Security Feature Bypass Vulnerability Important 5.3 No No SFB
CVE-2022-21995 Windows Hyper-V Remote Code Execution Vulnerability Important 7.9 No No RCE
CVE-2022-22005 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-21986 .NET Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-23256 Azure Data Explorer Spoofing Vulnerability Important 8.1 No No Spoofing
CVE-2022-21844 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-21926 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-21927 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-21957 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-23271 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-23272 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 8.1 No No EoP
CVE-2022-23273 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 7.1 No No EoP
CVE-2022-23274 Microsoft Dynamics GP Remote Code Execution Vulnerability Important 8.3 No No RCE
CVE-2022-23269 Microsoft Dynamics GP Spoofing Vulnerability Important 6.9 No No Spoofing
CVE-2022-23262 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 6.3 No No EoP
CVE-2022-23263 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 7.7 No No EoP
CVE-2022-22716 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-22004 Microsoft Office ClickToRun Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-22003 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-23252 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-21988 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-23255 Microsoft OneDrive for Android Security Feature Bypass Vulnerability Important 5.9 No No SFB
CVE-2022-23254 Microsoft Power BI Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-21968 Microsoft SharePoint Server Security Feature BypassVulnerability Important 4.3 No No SFB
CVE-2022-21987 Microsoft SharePoint Server Spoofing Vulnerability Important 8 No No Spoofing
CVE-2022-21965 Microsoft Teams Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-22715 Named Pipe File System Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-21974 Roaming Security Rights Management Services Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-23276 SQL Server for Linux Containers Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-21991 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Important 8.1 No No RCE
CVE-2022-22709 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-21996 Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-22710 Windows Common Log File System Driver Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2022-21981 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-22000 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-21998 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-21994 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-22712 Windows Hyper-V Denial of Service Vulnerability Important 5.6 No No DoS
CVE-2022-21992 Windows Mobile Device Management Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-21997 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2022-21999 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-22717 Windows Print Spooler Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-22718 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-22001 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-21985 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-21971 Windows Runtime Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-21993 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important 7.5 No No Info
CVE-2022-22002 Windows User Account Profile Picture Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2022-23261 Microsoft Edge (Chromium-based) Tampering Vulnerability Moderate 5.3 No No Tampering
CVE-2022-0452 Chromium: CVE-2022-0452 Use after free in Safe Browsing High N/A No No N/A
CVE-2022-0453 Chromium: CVE-2022-0453 Use after free in Reader Mode High N/A No No N/A
CVE-2022-0454 Chromium: CVE-2022-0454 Heap buffer overflow in ANGLE High N/A No No N/A
CVE-2022-0455 Chromium: CVE-2022-0455 Inappropriate implementation in Full Screen Mode High N/A No No N/A
CVE-2022-0456 Chromium: CVE-2022-0456 Use after free in Web Search High N/A No No N/A
CVE-2022-0457 Chromium: CVE-2022-0457 Type Confusion in V8 High N/A No No N/A
CVE-2022-0458 Chromium: CVE-2022-0458 Use after free in Thumbnail Tab Strip High N/A No No N/A
CVE-2022-0459 Chromium: CVE-2022-0459 Use after free in Screen Capture High N/A No No N/A
CVE-2022-0460 Chromium: CVE-2022-0460 Use after free in Window Dialog Medium N/A No No N/A
CVE-2022-0461 Chromium: CVE-2022-0461 Policy bypass in COOP Medium N/A No No N/A
CVE-2022-0462 Chromium: CVE-2022-0462 Inappropriate implementation in Scroll Medium N/A No No N/A
CVE-2022-0463 Chromium: CVE-2022-0463 Use after free in Accessibility Medium N/A No No N/A
CVE-2022-0464 Chromium: CVE-2022-0464 Use after free in Accessibility Medium N/A No No N/A
CVE-2022-0465 Chromium: CVE-2022-0465 Use after free in Extensions Medium N/A No No N/A
CVE-2022-0466 Chromium: CVE-2022-0466 Inappropriate implementation in Extensions Platform Medium N/A No No N/A
CVE-2022-0467 Chromium: CVE-2022-0467 Inappropriate implementation in Pointer Lock Medium N/A No No N/A
CVE-2022-0468 Chromium: CVE-2022-0468 Use after free in Payments Medium N/A No No N/A
CVE-2022-0469 Chromium: CVE-2022-0469 Use after free in Cast Medium N/A No No N/A
CVE-2022-0470 Chromium: CVE-2022-0470 Out of bounds memory access in V8 Low N/A No No N/A

These are all the CVEs addressed with this month’s Patch Tuesday release. Overall, this was a pretty light and secure month, compared to previous situations.

The next Patch Tuesday batch of software will come on March 8 and we’re all curious to see what Microsoft comes up with until then.

Let’s all hope that we won’t have to deal with critical problems, and that’s it will only be smooth sailing from now on.

Was this article helpful to you? Share your opinion in the comments section below.

This article covers:Topics: