Microsoft’s February security update for multiple high-risk product vulnerabilities

Microsoft’s February security update for multiple high-risk product vulnerabilities

February 18, 2022 | Jie Ji

Overview

On February 9, NSFOCUS CERT detected that Microsoft released the February security update patch, which fixed 48 security issues involving widely used products such as Windows, Microsoft Office, Microsoft Dynamics, and Azure, including privilege escalation and remote code execution. and other high-risk vulnerability types.

Among the vulnerabilities fixed by Microsoft’s monthly update this month, there are no critical vulnerabilities, and there are 48 important vulnerabilities, including 1 0day vulnerability:

Windows Kernel Privilege Escalation Vulnerability (CVE-2022-21989)

Relevant users are requested to update patches as soon as possible for protection. For a complete list of vulnerabilities, please refer to the appendix.

NSFOCUS Remote Security Assessment System (RSAS) has the ability to detect most of the vulnerabilities in Microsoft’s patch update (including CVE-2022-21984, CVE-2022-22005, CVE-2022-21999, CVE-2022-21995 and other high-risk Vulnerability), please pay attention to the update of the NSFOCUS remote security assessment system system plug-in upgrade package, and upgrade to the latest version in time. Link to the official website: http://update.nsfocus.com/update/listRsasDetail/v/vulsys

Reference link: https://msrc.microsoft.com/update-guide/en-us/releaseNote/2022-Feb

Description of Major Vulnerabilities

Windows Kernel Privilege Escalation Vulnerability (CVE-2022-21989)

A privilege escalation vulnerability exists in the Windows Kernel, which can lead to a buffer overflow due to a boundary error in the Windows Kernel. An attacker with low privileges can exploit this vulnerability to escalate to SYSTEM privileges and execute arbitrary code on the target system under certain circumstances.

Official announcement link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21989

Windows DNS Server Remote Code Execution Vulnerability (CVE-2022-21984)

When dynamic updates are enabled on the DNS server, an attacker with low privileges can exploit this vulnerability to take over the DNS server, resulting in arbitrary code execution with user privileges on the target system without user interaction. The CVSS score was 8.8.

Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21984

Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-22005)

Due to a vulnerability in SharePoint Server that allows an authenticated user to execute arbitrary .NET code and web applications on SharePoint Server. The vulnerability can only be successfully exploited when an attacker has the “manage list” permission. The CVSS score was 8.8.

Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22005

Windows Print Spooler Privilege Escalation Vulnerability (CVE-2022-21999)

A vulnerability exists in the Windows print spooler that could be exploited by an authenticated local attacker to execute arbitrary code with SYSTEM privileges on a target system. The CVSS score was 7.8.

Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21999

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2022-21995)

Windows Hyper-V is Microsoft’s native hypervisor. Under user interaction conditions, attackers can exploit this vulnerability to bypass the user’s trust boundary in a specific environment, eventually leading to arbitrary code execution with user privileges on the Hyper-V host.

Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21995

Azure Data Explorer Spoofing Vulnerability (CVE-2022-23256)

There is a spoofing vulnerability in Azure Data Explorer. By crafting a malicious URL, an attacker can successfully induce a user to open the malicious URL on the affected system and execute arbitrary code on the target system with the user’s rights. The CVSS score was 8.1.

Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23256

Microsoft Dynamics GP Remote Code Execution Vulnerability (CVE-2022-23274)

A remote code execution vulnerability exists in Microsoft Dynamics GP that could allow an authenticated attacker to send a specially crafted SQL request to the Dynamics GP web server and ultimately execute arbitrary code on the target server.

Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23274

Scope of Impact

Vulnerability No.Affected Product Version
CVE-2022-21989
CVE-2022-21999
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2022-21984Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
CVE-2022-22005Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
CVE-2022-21995Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 for x64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for x64-based Systems
CVE-2022-23256Azure Data Explorer
CVE-2022-23274Microsoft Dynamics GP

Mitigation

Patch update

Microsoft has officially released a security patch to fix the above vulnerabilities for supported product versions. It is strongly recommended that affected users install the patch as soon as possible for protection. The official download link:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2022-Feb

Note: Due to network problems, computer environment problems, etc., the patch update of Windows Update may fail. After installing the patch, the user should promptly check whether the patch is successfully updated.

Right-click the Windows icon, select “Settings (N)”, select “Update and Security” – “Windows Update”, and view the prompt information on this page. You can also click “View Update History” to view the historical update status.

For updates that are not successfully installed, you can click the update name to jump to the official Microsoft download page. It is recommended that users click the link on this page and go to the “Microsoft Update Catalog” website to download and install the independent package.

Appendix

Affected productCVE No.Vulnerability nameSeverity
AzureCVE-2022-23256Azure Data Explorer spoofing vulnerabilityImportant
Microsoft DynamicsCVE-2022-21957Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityImportant
Microsoft DynamicsCVE-2022-23269Microsoft Dynamics GP spoofing vulnerabilityImportant
Microsoft DynamicsCVE-2022-23271Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2022-23272Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2022-23273Microsoft Dynamics GP Elevation Of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2022-23274Microsoft Dynamics GP Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2022-21965Microsoft Teams Denial of Service VulnerabilityImportant
Microsoft OfficeCVE-2022-21987Microsoft SharePoint Server spoofing vulnerabilityImportant
Microsoft OfficeCVE-2022-21988Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2022-21968Microsoft SharePoint Server Security Feature BypassVulnerabilityImportant
Microsoft OfficeCVE-2022-22716Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-22003Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2022-22004Microsoft Office ClickToRun Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2022-22005Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2022-23252Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-23255Microsoft OneDrive for Android Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2022-23280Microsoft Outlook for Mac Security Feature Bypass VulnerabilityImportant
Microsoft Visual Studio,Visual Studio,.NETCVE-2022-21986.NET Denial of Service VulnerabilityImportant
PowerBI-client JS SDKCVE-2022-23254Microsoft Power BI Information Disclosure VulnerabilityImportant
SQL ServerCVE-2022-23276SQL Server for Linux Containers Privilege Escalation VulnerabilityImportant
Visual Studio CodeCVE-2022-21991Visual Studio Code Remote Development Extension Remote Code Execution VulnerabilityImportant
WindowsCVE-2022-21971Windows Runtime Remote Code Execution VulnerabilityImportant
WindowsCVE-2022-21981Windows Common Log File System Driver Privilege Escalation VulnerabilityImportant
WindowsCVE-2022-21974Roaming Security Rights Management Services Remote Code Execution VulnerabilityImportant
WindowsCVE-2022-21844HEVC Video Extensions Remote Code Execution VulnerabilityImportant
WindowsCVE-2022-21926HEVC Video Extensions Remote Code Execution VulnerabilityImportant
WindowsCVE-2022-21927HEVC Video Extensions Remote Code Execution VulnerabilityImportant
WindowsCVE-2022-22709VP9 Video Extensions Remote Code Execution VulnerabilityImportant
WindowsCVE-2022-22710Windows Common Log File System Driver Denial of Service VulnerabilityImportant
WindowsCVE-2022-22712Windows Hyper-V Denial of Service VulnerabilityImportant
WindowsCVE-2022-22715Named Pipe File System Privilege Escalation VulnerabilityImportant
WindowsCVE-2022-22717Windows Print Spooler Privilege Escalation VulnerabilityImportant
WindowsCVE-2022-22718Windows Print Spooler Privilege Escalation VulnerabilityImportant
WindowsCVE-2022-21984Windows DNS Server Remote Code Execution VulnerabilityImportant
WindowsCVE-2022-21985Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
WindowsCVE-2022-21989Windows Kernel Privilege Escalation VulnerabilityImportant
WindowsCVE-2022-21992Windows Mobile Device Management Remote Code Execution VulnerabilityImportant
WindowsCVE-2022-21993Windows Services for NFS ONCRPC XDR Driver Information Disclosure VulnerabilityImportant
WindowsCVE-2022-21994Windows DWM Core Library Privilege Escalation VulnerabilityImportant
WindowsCVE-2022-21995Windows Hyper-V Remote Code Execution VulnerabilityImportant
WindowsCVE-2022-21996Win32k Privilege Escalation VulnerabilityImportant
WindowsCVE-2022-21997Windows Print Spooler Privilege Escalation VulnerabilityImportant
WindowsCVE-2022-21998Windows Common Log File System Driver Information Disclosure VulnerabilityImportant
WindowsCVE-2022-21999Windows Print Spooler Privilege Escalation VulnerabilityImportant
WindowsCVE-2022-22000Windows Common Log File System Driver Privilege Escalation VulnerabilityImportant
WindowsCVE-2022-22001Windows Remote Access Connection Manager Privilege Escalation VulnerabilityImportant
WindowsCVE-2022-22002Windows User Account Profile Picture Denial of Service VulnerabilityImportant

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.