Microsoft Patch Tuesday for Feb. 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Chris Neal. 

Microsoft released its monthly security update Tuesday, disclosing 51 vulnerabilities across its large collection of hardware and software. 

None of the vulnerabilities disclosed this month are considered “critical,” an extreme rarity for the company’s Patch Tuesdays. Additionally, none of the issues Microsoft patched have been exploited in the wild to this point, nor have they been publicly disclosed.

There are still a few vulnerabilities of note, however, including CVE-2022-21997, CVE-2022-21999 and CVE-2022-22715, which are all privilege elevation vulnerabilities in the Microsoft print spooler service. In the event an exploit is developed, an adversary could use these vulnerabilities to execute code as a system user or higher-level privileges. 

There are four other similar vulnerabilities that could allow attackers to escalate their privileges: 

CVE-2022-21989 — Windows Kernel CVE-2022-21994 — Windows DWM Core Library CVE-2022-21996 — Win32kCVE-2022-22715 — Named Pipe File

Though considered to be of “important” severity, CVE-2022-22005 is a remote code execution vulnerability in SharePoint that received a severity score of 8.8 out of 10. An adversary would need to be authenticated and possess correct permissions for page creation to exploit this vulnerability. 

A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page. 

In response to these

Read More: http://blog.talosintelligence.com/2022/02/microsoft-patch-tuesday-for-feb-2022.html