Microsoft February 2022 Patch Tuesday: 48 bugs squashed, one zero-day resolved

Microsoft has released 48 security fixes for software, including a patch for a zero-day bug, but there are no critical-severity flaws on the list this month. 

In the Redmond giant’s latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, Microsoft has fixed problems including remote code execution (RCE) vulnerabilities, privilege escalation bugs, spoofing issues, information leaks, and policy bypass exploits. 

ZDNet Recommends

The best Surface PCs

Microsoft’s lineup of Surface PCs now covers a wide range of hardware factors and price points — and every model is Windows 11-ready.

Read More

Products impacted by February’s security update include the Windows Kernel, Hyper-V, Microsoft Outlook and Office, Azure Data Explorer, and Microsoft SharePoint. 

The single zero-day vulnerability, now patched by Microsoft, is CVE-2022-21989. Issued a CVSS severity score of 7.8, this bug — which is publicly known — can be exploited to escalate privileges via the kernel. However, it has not been issued a critical rating, as Microsoft says triggering the exploit “requires an attacker to take additional actions prior to exploitation to prepare the target environment.”


Read More: