Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in February's Patch Tuesday Index below.
Microsoft released their lowest amount vulnerability fixes in recent memory this month, with a total of only 48. All are rated "High" with a lone fix being publicly disclosed, CVE-2022-21989.
Adobe released security bulletins for 5 of their products: Premier Rush, Illustrator, Photoshop, After Effects, and Creative Cloud Desktop Application. All were given Adobe Priority 3 and in total there were 17 CVEs.
Apple recently pushed out updates for a number of their products including fixes for 16 documented CVEs. Among these is an urgent iOS update in which Apple warned that one of the vulnerabilities, CVE-2022-22587, “may have been actively exploited.”
Google has released Chrome version 97.0.4692.99 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
Mozilla released 2 security advisories for Firefox 97 and Firefox ESR 91.6, both advisories were given the "High" rating. Between these 2 advisories, there are 13 CVEs addressed.
For a more detailed breakdown, visit our Automox Patch Tuesday Webinar: February 2022. Automox’s Eric Feldman and Adam Whitman review the latest security patches and how school systems are being especially impacted by cyber attacks in the new year.
Last Updated 1:40 PM ET - February 8, 2021.
 Mozilla Firefox |
|||
| Product |
Title |
Identifier |
Severity |
| Firefox | 12 security vulnerabilities fixed in Firefox 97 | MFSA 2022-04 | High |
| Firefox ESR | 12 security vulnerabilities fixed in Firefox ESR 91.6 | MFSA 2022-05 | High |
 Adobe |
|||
| Product |
Title |
Identifier |
Severity |
| Adobe Premiere Rush | 1 security vulnerability fixed in Premiere Rush | APSB22-06 | Adobe Priority 3 |
| Adobe Illustrator | 13 security vulnerabilities fixed in Illustrator | APSB22-07 | Adobe Priority 3 |
| Adobe Photoshop | 1 security vulnerability fixed in Photoshop | APSB22-08 | Adobe Priority 3 |
| Adobe After Effects | 1 security vulnerability fixed in After Effects | APSB22-09 | Adobe Priority 3 |
| Adobe Creative Cloud Desktop Application | 1 security vulnerability fixed in Creative Cloud Desktop Application | APSB22-11 | Adobe Priority 3 |
 Microsoft |
|||
| Product |
Title |
Identifier |
Severity |
| Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2022-21989 | High |
| Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2022-21844 | High |
| Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2022-21926 | High |
| Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2022-21927 | High |
| Microsoft Dynamics | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | CVE-2022-21957 | High |
| Microsoft Teams | Microsoft Teams Denial of Service Vulnerability | CVE-2022-21965 | High |
| Microsoft Office SharePoint | Microsoft SharePoint Server Security Feature BypassVulnerability | CVE-2022-21968 | High |
| Windows Remote Procedure Call Runtime | Windows Runtime Remote Code Execution Vulnerability | CVE-2022-21971 | High |
| Roaming Security Rights Management Services | Roaming Security Rights Management Services Remote Code Execution Vulnerability | CVE-2022-21974 | High |
| Windows Common Log File System Driver | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2022-21981 | High |
| Role: DNS Server | Windows DNS Server Remote Code Execution Vulnerability | CVE-2022-21984 | High |
| Windows Remote Access Connection Manager | Windows Remote Access Connection Manager Information Disclosure Vulnerability | CVE-2022-21985 | High |
| Kestrel Web Server | Kestrel Web Server Denial of Service Vulnerability | CVE-2022-21986 | High |
| Microsoft Office SharePoint | Microsoft SharePoint Server Spoofing Vulnerability | CVE-2022-21987 | High |
| Microsoft Office Visio | Microsoft Office Visio Remote Code Execution Vulnerability | CVE-2022-21988 | High |
| Visual Studio Code | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | CVE-2022-21991 | High |
| Windows Kernel | Windows Mobile Device Management Remote Code Execution Vulnerability | CVE-2022-21992 | High |
| Windows Kernel-Mode Drivers | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | CVE-2022-21993 | High |
| Windows DWM Core Library | Windows DWM Core Library Elevation of Privilege Vulnerability | CVE-2022-21994 | High |
| Role: Windows Hyper-V | Windows Hyper-V Remote Code Execution Vulnerability | CVE-2022-21995 | High |
| Windows Win32K | Win32k Elevation of Privilege Vulnerability | CVE-2022-21996 | High |
| Windows Print Spooler Components | Windows Print Spooler Elevation of Privilege Vulnerability | CVE-2022-21997 | High |
| Windows Common Log File System Driver | Windows Common Log File System Driver Information Disclosure Vulnerability | CVE-2022-21998 | High |
| Windows Print Spooler Components | Windows Print Spooler Elevation of Privilege Vulnerability | CVE-2022-21999 | High |
| Windows Common Log File System Driver | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2022-22000 | High |
| Windows Remote Access Connection Manager | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | CVE-2022-22001 | High |
| Windows User Account Profile | Windows User Account Profile Picture Denial of Service Vulnerability | CVE-2022-22002 | High |
| Microsoft Office | Microsoft Office Graphics Remote Code Execution Vulnerability | CVE-2022-22003 | High |
| Microsoft Office | Microsoft Office ClickToRun Remote Code Execution Vulnerability | CVE-2022-22004 | High |
| Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2022-22005 | High |
| Microsoft Windows Codecs Library | VP9 Video Extensions Remote Code Execution Vulnerability | CVE-2022-22709 | High |
| Windows Common Log File System Driver | Windows Common Log File System Driver Denial of Service Vulnerability | CVE-2022-22710 | High |
| Role: Windows Hyper-V | Windows Hyper-V Denial of Service Vulnerability | CVE-2022-22712 | High |
| Windows Named Pipe File System | Named Pipe File System Elevation of Privilege Vulnerability | CVE-2022-22715 | High |
| Microsoft Office Excel | Microsoft Excel Information Disclosure Vulnerability | CVE-2022-22716 | High |
| Windows Print Spooler Components | Windows Print Spooler Elevation of Privilege Vulnerability | CVE-2022-22717 | High |
| Windows Print Spooler Components | Windows Print Spooler Elevation of Privilege Vulnerability | CVE-2022-22718 | High |
| Microsoft Office | Microsoft Office Information Disclosure Vulnerability | CVE-2022-23252 | High |
| Power BI | Microsoft Power BI Elevation of Privilege Vulnerability | CVE-2022-23254 | High |
| Microsoft OneDrive | Microsoft OneDrive for Android Security Feature Bypass Vulnerability | CVE-2022-23255 | High |
| Azure Data Explorer | Azure Data Explorer Spoofing Vulnerability | CVE-2022-23256 | High |
| Microsoft Dynamics GP | Microsoft Dynamics GP Spoofing Vulnerability | CVE-2022-23269 | High |
| Microsoft Dynamics GP | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | CVE-2022-23271 | High |
| Microsoft Dynamics GP | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | CVE-2022-23272 | High |
| Microsoft Dynamics GP | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | CVE-2022-23273 | High |
| Microsoft Dynamics GP | Microsoft Dynamics GP Remote Code Execution Vulnerability | CVE-2022-23274 | High |
| SQL Server | SQL Server for Linux Containers Elevation of Privilege Vulnerability | CVE-2022-23276 | High |
| Microsoft Office Outlook | Microsoft Outlook for Mac Security Feature Bypass Vulnerability | CVE-2022-23280 | High |
About Automox for IT Operations
Today’s IT leaders deserve better than tedious legacy tools to manage their infrastructure. From our single cloud-native platform, automate and scale your IT operations to meet the growing business demands of the modern workforce. With complete visibility of your entire environment, you can easily monitor, identify, and respond to issues in real-time across any endpoint, regardless of OS or location.
Demo Automox to see how you can immediately gain effortless command of your endpoints.
