Patch Tuesday February 2022 – Microsoft Fixes 120 Windows-side Flaws, Including Six Critical. Wormable HTTP Flaw Discovered and Patched.

During the February patching bout, Microsoft addressed and fixed 120 issues affecting machines running Windows 10 and Windows 11. Of the grand total, six issues, which have previously been labeled as “Critical”, received an official fix. The highlight of Patch Tuesday February is CVE-2022-21907, an RCE vulnerability with worm-like capabilities that can affect both Windows and server-side machines.

Patch Tuesday February 2022 Roundup

February’s Patch Tuesday is all about worms, Microsoft Exchange, and HTTP Protocol Stack flaws. Of course, Microsoft hasn’t neglected the more “minor” flaws and released fixes for those as well. To name a few, we have security and non-security related patches for Dynamics, Remote Desktop Protocol (RDP), .NET Framework, Windows Defender, and, the public’s all-time favorite Windows Hyper-V.

This month’s highlight is undoubtedly CVE-2022-21907, a wormable vulnerability found to have affected both servers and all the machines connected to them. Since misery loves company, CVE-2022-21907 comes in tow with other equally ‘interesting’ vulnerabilities – CVE-2022-21846, CVE-2021-22947, CVE-2021-36976, and CVE-2022-21840. Among other releases, we have patches for Thunderbird, Firefox ESR, Firefox, Acrobat, and Acrobat Reader.

CVE Highlights

Here’s a drill-down of February’s most important (and fixed) CVEs.

CVE-2022-21846 – Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability


Read More: