{"id":29140,"date":"2022-02-09T19:27:37","date_gmt":"2022-02-09T19:27:37","guid":{"rendered":"https:\/\/www.n-able.com\/?p=29140"},"modified":"2022-06-10T18:02:35","modified_gmt":"2022-06-10T17:02:35","slug":"february-2022-patch-tuesday","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday","title":{"rendered":"February 2022 Patch Tuesday: No critical vulnerabilities and CUs to get everyone caught up"},"content":{"rendered":"

This February Patch Tuesday we have a lower number of total vulnerabilities addressed (only 51) compared to January and for the first time in a long while no vulnerabilities were marked as \u201ccritical\u201d. Also, there\u2019s a change of pace this month as none are marked \u201cexploitation detected\u201d either. This means Microsoft doesn\u2019t believe a single zero-day vulnerability from this month is being used in any attack campaigns. We\u2019ll get into more detail later why proof-of-concept attacks concerning zero days should push a vulnerability toward the top of your priority list regardless of their exploitability rating.<\/p>\n

Perhaps more important are the new cumulative updates (CUs) for this month, which should ease frustration for teams that are still deferring updates from January due to multiple complications. The new CUs should help teams get caught up and back in compliance with their patch management controls. January CUs provided headaches for many Server 2012, Server 2016 Hyper-V, and Domain Controller admins along with complications with LT2P VPN connections on workstations. February\u2019s CUs should contain fixes for these issues and provide a smoother patching experience for this month.<\/p>\n

Microsoft vulnerabilities<\/h2>\n

With only 51 security vulnerabilities being addressed this month and none of them being marked as critical, some may see the month as an opportunity to relax a little on ensuring patching is done on time. I\u2019d warn against complacency just because none of them are marked as \u201ccritical\u201d since many of the vulnerabilities are remote code execution vulnerabilities and many of those already have proof-of-concept exploitations available freely.<\/p>\n

CVE-2022-21989<\/a><\/span> is a great example of why relying on severity ratings alone can leave you with a false sense of security. CVE-2022-21989 is marked only as \u201cimportant\u201d even though it was a zero day that has proof of concept publicly available. Microsoft tracks this in its \u201ctemporal score metrics\u201d as \u201cexploit code maturity\u201d, which \u201cmeasures the likelihood of the vulnerability being attacked and is typically based on the current state of exploit techniques, exploit code availability, or active, \u2018in-the-wild\u2019 exploitation\u201d. CVE-2022-21989 is marked as \u201cproof of concept\u201d for \u201cexploit code maturity\u201d,<\/i> which is what lets you know Microsoft is aware of exploitation tools or processes existing for a vulnerability. This should raise the priority of applying fixes for the vulnerability independent of what its severity rating is.<\/p>\n

Vulnerability prioritization<\/h2>\n

It is important to not just prioritize vulnerabilities based on their severity but also their exploitation likelihood. Vulnerabilities marked as \u201cexploitation more likely\u201d <\/i>are as important, and some may say even more important, to address quickly due to their increased likelihood to cause actual impacts to an environment. These CVEs from Microsoft should be top of the list as they are all marked as „exploitation more likely\u201d, \u201cexploitation detected\u201d, or \u201ccritical\u201d.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\n

CVE<\/strong><\/p>\n<\/td>\n

\n

Description<\/strong><\/p>\n<\/td>\n

\n

Exploitability<\/strong><\/p>\n<\/td>\n

\n

Severity<\/strong><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-22718<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Print Spooler Elevation of Privilege Vulnerability<\/p>\n<\/td>\n

\n

Exploitation More Likely<\/p>\n<\/td>\n

\n

Important<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-22715<\/a><\/span><\/p>\n<\/td>\n

\n

Named Pipe File System Elevation of Privilege Vulnerability<\/p>\n<\/td>\n

\n

Exploitation More Likely<\/p>\n<\/td>\n

\n

Important<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-22005<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft SharePoint Server Remote Code Execution Vulnerability<\/p>\n<\/td>\n

\n

Exploitation More Likely<\/p>\n<\/td>\n

\n

Important<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-22000<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/p>\n<\/td>\n

\n

Exploitation More Likely<\/p>\n<\/td>\n

\n

Important<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-21999<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Print Spooler Elevation of Privilege Vulnerability<\/p>\n<\/td>\n

\n

Exploitation More Likely<\/p>\n<\/td>\n

\n

Important<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-21996<\/a><\/span><\/p>\n<\/td>\n

\n

Win32k Elevation of Privilege Vulnerability<\/p>\n<\/td>\n

\n

Exploitation More Likely<\/p>\n<\/td>\n

\n

Important<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-21994<\/a><\/span><\/p>\n<\/td>\n

\n

Windows DWM Core Library Elevation of Privilege Vulnerability<\/p>\n<\/td>\n

\n

Exploitation More Likely<\/p>\n<\/td>\n

\n

Important<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-21989<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Kernel Elevation of Privilege Vulnerability<\/p>\n<\/td>\n

\n

Exploitation More Likely<\/p>\n<\/td>\n

\n

Important<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2022-21981<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/p>\n<\/td>\n

\n

Exploitation More Likely<\/p>\n<\/td>\n

\n

Important<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2019-0887<\/a><\/span><\/p>\n<\/td>\n

\n

Remote Desktop Services\u00a0Remote Code Execution Vulnerability<\/p>\n<\/td>\n

\n

Exploitation More Likely<\/p>\n<\/td>\n

\n

Important<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Cumulative updates<\/h2>\n

KB5010342<\/a><\/span> and KB5010345<\/span><\/a> appear to fix an LDAP error and some other general use improvements for Bluetooth device battery percentages being reported incorrectly, audio fixes, and HDR displays displaying \u201clight\u201d colors as more washed out or a different color all together.<\/p>\n

Summary<\/h2>\n

As always, make sure you have established patching processes for evaluation, testing, and pushing into production. If you have traditionally only dealt with patches by applying them based on their severity consider including prioritization of patches for zero-days, exploitation detected, and exploitation more likely vulnerabilities in your patch management<\/span><\/a> routines.<\/p>\n

Lewis Pope is the head security nerd at N‑able. You can follow him on:<\/i><\/p>\n

Twitter:\u00a0<\/i>@cybersec_nerd<\/i><\/span><\/a><\/span><\/p>\n

LinkedIn:\u00a0<\/i>thesecuritypope<\/i><\/span><\/a><\/span><\/p>\n

Twitch:\u00a0<\/i>cybersec_ner<\/i><\/span><\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

This month\u2019s Patch Tuesday may look lighter than usual, but, as Lewis Pope explains, you shouldn\u2019t be tempted to put your feet up.<\/p>\n","protected":false},"author":62,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-29140","post","type-post","status-publish","format-standard","hentry","topic-head-nerds","topic-patch-management","topic-security"],"acf":[],"yoast_head":"\nFebruary 2022 Patch Tuesday: No critical vulnerabilities and CUs to get everyone caught up - N-able<\/title>\n<meta name=\"description\" content=\"February's Patch Tuesday may address just 51 vulnerabilities, with none marked \u201ccritical\u201d, but don't be tempted to take it easy. Read more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"February 2022 Patch Tuesday: No critical vulnerabilities and CUs to get everyone caught up - N-able\" \/>\n<meta property=\"og:description\" content=\"February's Patch Tuesday may address just 51 vulnerabilities, with none marked \u201ccritical\u201d, but don't be tempted to take it easy. Read more.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-09T19:27:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-10T17:02:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope-white.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"720\" \/>\n\t<meta property=\"og:image:height\" content=\"356\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Lewis Pope\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope-white.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lewis Pope\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"4\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday\"},\"author\":{\"name\":\"Lewis Pope\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\"},\"headline\":\"February 2022 Patch Tuesday: No critical vulnerabilities and CUs to get everyone caught up\",\"datePublished\":\"2022-02-09T19:27:37+00:00\",\"dateModified\":\"2022-06-10T17:02:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday\"},\"wordCount\":728,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"articleSection\":[\"Head Nerds\",\"Patch Management\",\"Security\"],\"inLanguage\":\"de\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday\",\"url\":\"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday\",\"name\":\"February 2022 Patch Tuesday: No critical vulnerabilities and CUs to get everyone caught up - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de#website\"},\"datePublished\":\"2022-02-09T19:27:37+00:00\",\"dateModified\":\"2022-06-10T17:02:35+00:00\",\"description\":\"February's Patch Tuesday may address just 51 vulnerabilities, with none marked \u201ccritical\u201d, but don't be tempted to take it easy. Read more.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Head Nerds\",\"item\":\"https:\/\/www.n-able.com\/de\/blog\/category\/head-nerds-de\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"February 2022 Patch Tuesday: No critical vulnerabilities and CUs to get everyone caught up\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/de#website\",\"url\":\"https:\/\/www.n-able.com\/de\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/de?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/de#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/de\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\",\"name\":\"Lewis Pope\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"caption\":\"Lewis Pope\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"February 2022 Patch Tuesday: No critical vulnerabilities and CUs to get everyone caught up - N-able","description":"February's Patch Tuesday may address just 51 vulnerabilities, with none marked \u201ccritical\u201d, but don't be tempted to take it easy. Read more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday","og_locale":"de_DE","og_type":"article","og_title":"February 2022 Patch Tuesday: No critical vulnerabilities and CUs to get everyone caught up - N-able","og_description":"February's Patch Tuesday may address just 51 vulnerabilities, with none marked \u201ccritical\u201d, but don't be tempted to take it easy. Read more.","og_url":"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2022-02-09T19:27:37+00:00","article_modified_time":"2022-06-10T17:02:35+00:00","og_image":[{"width":720,"height":356,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope-white.jpg","type":"image\/jpeg"}],"author":"Lewis Pope","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope-white.jpg","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Verfasst von":"Lewis Pope","Gesch\u00e4tzte Lesezeit":"4\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday"},"author":{"name":"Lewis Pope","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae"},"headline":"February 2022 Patch Tuesday: No critical vulnerabilities and CUs to get everyone caught up","datePublished":"2022-02-09T19:27:37+00:00","dateModified":"2022-06-10T17:02:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday"},"wordCount":728,"publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"articleSection":["Head Nerds","Patch Management","Security"],"inLanguage":"de"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday","url":"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday","name":"February 2022 Patch Tuesday: No critical vulnerabilities and CUs to get everyone caught up - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/de#website"},"datePublished":"2022-02-09T19:27:37+00:00","dateModified":"2022-06-10T17:02:35+00:00","description":"February's Patch Tuesday may address just 51 vulnerabilities, with none marked \u201ccritical\u201d, but don't be tempted to take it easy. Read more.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/de\/blog\/february-2022-patch-tuesday#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Head Nerds","item":"https:\/\/www.n-able.com\/de\/blog\/category\/head-nerds-de"},{"@type":"ListItem","position":2,"name":"February 2022 Patch Tuesday: No critical vulnerabilities and CUs to get everyone caught up"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/de#website","url":"https:\/\/www.n-able.com\/de","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/de?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/de#organization","name":"N-able","url":"https:\/\/www.n-able.com\/de","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae","name":"Lewis Pope","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","caption":"Lewis Pope"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/29140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/comments?post=29140"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/29140\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/media?parent=29140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}