Microsoft has released a whopping 51 security fixes for its Windows, Office and .NET Framework products. The updates come across all of the company’s major platforms during this past week, and are designed to protect users from attacks on vulnerabilities that were discovered in software prior to Microsoft’s release of Patch Tuesday.
Microsoft has released 51 security fixes for various products. Adobe, SAP and Chromium have all followed suit.
There were 51 security patches in Microsoft’s February Patch Tuesday, but none of them were important CVE fixes. Fifty of the upgrades are deemed critical, while one is deemed moderate in severity. Furthermore, there’s no evidence that any of these flaws are currently being exploited.
Microsoft has provided fixes for the following products:
- Library of Windows Codecs
- Hyper-V Server for Windows
- Data Explorer in Azure
- Dynamics GP is a software program that allows you to manage
- Kestrel Web Server (based on Chromium) Edge
- SQL Server is a database management system.
- Visual Studio Code is a graphical programming environment.
Only one of the flaws, a Windows kernel privilege escalation flaw dubbed CVE-2022-21989, has been made public.
Microsoft hasn’t provided this few updates in a month since August 2021, when it only delivered 44 fixes. This is mostly due to February being a sluggish month for bug fixes, since neglected issues from the holiday season are addressed in January.
Google’s newest Android upgrade addresses a significant security problem.
While none of the fixed CVEs is classified as critical, you should handle a couple of them as urgently as possible, particularly the remote code execution flaws in Windows DNS Server and Windows Hyper-V. (CVE-2022-21984 and CVE-2022-21995, respectively).
There were additional other vulnerabilities discovered in the Windows Print Spooler components. To be more precise, CVE-2022-21999, CVE-2022-22718, CVE-2022-21997, and CVE-2022-22717. They’re all privilege escalation flaws, which are a common aspect of an attack chain because attackers use them to acquire more access to systems once they’ve penetrated the weak spots and gotten low-level access.
The Chromium project was also patched earlier this month, with eight of the vulnerabilities being of high severity. Microsoft’s Edge browser is built on the Chromium project’s basis.
Adobe also issued five additional security alerts, each of which addressed 17 vulnerabilities in Illustrator, Creative Cloud Desktop, After Effects, Premiere Rush, and Photoshop, respectively.
There was just one arbitrary code execution problem in Creative Cloud Desktop, Photoshop, and After Effects that needed to be fixed. Illustrator came out on top this month, with 13 vulnerabilities addressed, two of which were critical and the rest were categorized as significant. Finally, there was a moderate privilege escalation problem in Premiere Rush.
With 13 new security notes and five modifications to earlier notes, SAP completes the security update train. Seven of them have a critical severity rating of ten out of ten, with five of them addressing log4j issues — two new and three updates to the December 2021 patches.
Three of these flaws harm SAP’s Internet Communication Manager, a critical component of the company’s software. They’re referred to as “critical memory corruption flaws” by the corporation. Additionally, the US’ CISA issued a warning on Tuesday, stating that these flaws may expose businesses to data theft, fraud, business interruption, and ransomware.
In the news: A couple has been detained for attempting to launder $4.5 billion in stolen cryptocurrencies.
When he’s not writing/editing/shooting/hosting all things tech, he streams himself racing virtual vehicles. Yadullah may be reached at [email protected], or you can follow him on Instagram or Twitter.
The “microsoft patch tuesday critical” is a security update released by Microsoft on April 10th, 2018. The update includes 51 security fixes.
- windows print spooler remote code execution vulnerability
- qualys patch tuesday dashboard
- windows update medic service elevation of privilege vulnerability
- qid 91722
- microsoft windows security update for august 2021