Today’s VERT Alert addresses Microsoft’s February 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-985 on Wednesday, February 9th.
In-The-Wild & Disclosed CVEs
This month, only a single vulnerability, CVE-2022-21989 has been publicly disclosed and Microsoft is not reporting any known public exploitation. Additionally, Microsoft has stated that the attack complexity of this vulnerability is high because an attacker must “prepare the target environment” for exploitation. Microsoft offers an isolated execution environment by means of AppContainer, which minimizes risk by limiting access to resources and other applications. In this case, however, Microsoft has noted that the attack can be performed from an AppContainer and allow the attacker to execute code that allows access to resources that they shouldn’t normally be able to access.
Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be bold.
| Tag | CVE Count | CVEs |
| Windows User Account Profile | 1 | CVE-2022-22002 |
| Microsoft Dynamics | 1 | CVE-2022-21957 |
| Kestrel Web Server | 1 | CVE-2022-21986 |
| Microsoft Office SharePoint | 3 | CVE-2022-21987, CVE-2022-21968, CVE-2022-22005 |
| Microsoft Windows Codecs Library | 4 | CVE-2022-21844, CVE-2022-21926, CVE-2022-21927, CVE-2022-22709 |
| Visual Studio Code | 1 | CVE-2022-21991 |
| SQL Server | 1 | CVE-2022-23276 |
| Microsoft Office Visio | 1 | CVE-2022-21988 |
| Microsoft Teams | 1 | CVE-2022-21965 |
| Microsoft Office Excel | 1 | CVE-2022-22716 |
| Windows Kernel | 2 | CVE-2022-21989, CVE-2022-21992 |
| Windows DWM Core Library | 1 | CVE-2022-21994 |
| Windows Remote Access Connection Manager | 2 | CVE-2022-21985, CVE-2022-22001 |
| Microsoft Office | 3 | CVE-2022-22003, CVE-2022-22004, CVE-2022-23252 |
| Windows Remote Procedure Call Runtime | 1 | CVE-2022-21971 |
| Power BI | 1 | CVE-2022-23254 |
| Microsoft OneDrive | 1 | CVE-2022-23255 |
| Azure Data Explorer | 1 | CVE-2022-23256 |
| Role: DNS Server | 1 | CVE-2022-21984 |
| Windows Win32K | 1 | CVE-2022-21996 |
| Microsoft Office Outlook | 1 | CVE-2022-23280 |
| Roaming Security Rights Management Services | 1 | CVE-2022-21974 |
| Windows Kernel-Mode Drivers | 1 | CVE-2022-21993 |
| Windows Print Spooler Components | 4 | CVE-2022-22717, CVE-2022-22718, CVE-2022-21997, CVE-2022-21999 |
| Role: Windows Hyper-V | 2 | CVE-2022-22712, CVE-2022-21995 |
| Microsoft Edge (Chromium-based) | 22 | CVE-2022-23261, CVE-2022-23262, CVE-2022-23263, CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455, CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459, CVE-2022-0460, CVE-2022-0461, CVE-2022-0462, CVE-2022-0463, CVE-2022-0464, CVE-2022-0465, CVE-2022-0466, CVE-2022-0467, CVE-2022-0468, CVE-2022-0469, CVE-2022-0470 |
| Windows Named Pipe File System | 1 | CVE-2022-22715 |
| Microsoft Dynamics GP | 5 | CVE-2022-23269, CVE-2022-23271, CVE-2022-23272, CVE-2022-23273, CVE-2022-23274 |
| Windows Common Log File System Driver | 4 | CVE-2022-21981, CVE-2022-22710, CVE-2022-21998, CVE-2022-22000 |
| Microsoft Office SharePoint | 3 | CVE-2022-21987, CVE-2022-21968, CVE-2022-22005 |
| Microsoft Windows Codecs Library | 4 | CVE-2022-21844, CVE-2022-21926, CVE-2022-21927, CVE-2022-22709 |
Other Information
There were no new advisories included with the February Security Guidance.
