No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day

This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don’t delay to apply the patches, security experts said.

Oh, blessed day: Microsoft’s Patch Tuesday is a featherweight in comparison to some of its not-atypical, 10-ton security updates, with just 51 patches — none of them rated critical.

For February, Microsoft’s releases address CVEs in Windows and Windows Components, Azure Data Explorer, Kestrel Web Server, Microsoft Edge (Chromium-based), Windows Codecs Library, Microsoft Dynamics, Microsoft Dynamics GP, Microsoft Office and Office Components, Windows Hyper-V Server, SQL Server, Visual Studio Code and Microsoft Teams.

Among these, Microsoft addressed one zero-day: CVE-2022-21989, a Windows Kernel elevation-of-privilege vulnerability. And, one of the updates is for a CVE first published in 2013.

This crop is in addition to the 19 CVEs patched by Microsoft Edge (Chromium-based) earlier this month, which brings the February total to 70 CVEs.

Whaaa? No Critical CVEs?!

Of course, it’s not size that matters. But February’s patch-a-palooza is light not just in number of CVEs, but also in that it comes with nary a single patch that’s labeled critical.

Has that ever happened?

As of Monday afternoon, Dustin

Read More: https://threatpost.com/microsoft-february-patch-tuesday-zero-day/178286/