Patch Tuesday February 2022 – Microsoft Teams, Outlook, and Windows Get Important Updates
Microsoft releases 51 patches, fixing 48 bugs, including 1 zero-day flaw. There’s also an update for all Teams clients and Outlook on Mac on February, 2022 Patch Tuesday.
Windows and Windows Server Patch Tuesday February 2022 updates
This month Microsoft patched a remote code execution vulnerability (CVE-2022-21984) in Microsoft DNS server. The bug can only be exploited if dynamic DNS updates are enabled on the server. If you have dynamic updates enabled, it could let a malicious actor run code on the server with admin rights.
A remote code execution flaw in Hyper-V could let an attacker escape a guest virtual machine and access the host server. Microsoft has rated the issue High. But if you are using Hyper-V, you should get your servers patched as soon as possible.
There are also updates for Microsoft’s HVEC and VP9 video extensions for Windows. The extensions are distributed using the Microsoft Store, as are the updates available for them this month.
A Denial of Service (DoS) vulnerability in the .NET Framework affects applications that work with the Kestrel web server. Kestrel is a cross-platform server that is designed to work with ASP.NET Core. It is included and enabled by default with ASP.NET Core project templates.
So, if you have a Kestrel server exposed on the public Internet, make sure you get the patch for .NET applied to block DoS attacks using HTTP/2 and HTTP/3 requests.
Microsoft Teams
It’s not often I write here about security updates for Microsoft Teams. But this month, there’s a patch for all versions of Teams on all platforms, including iOS and Android. Microsoft hasn’t made any details about the flaw public yet.
SharePoint Server
There’s a fix this month to patch a bug in SharePoint Server (CVE-2022-22005) that might allow any authenticated user to run .NET code in the context of the SharePoint Web Application service account. The user would need Manage List permissions to exploit the flaw.
Microsoft Office
Outlook for Mac gets a patch for a security feature bypass flaw that might cause images to appear in the Preview Pane automatically, regardless of whether the option is turned on or off. Update Outlook on Mac to get the patch for this issue.
Table 1 – Microsoft Patch Tuesday updates, February 2021
| Product | Impact | Severity | Article | Download | Details |
| PowerBI-client JS SDK | Information Disclosure | Important | Release Notes | Security Update | CVE-2022-23254 |
| .NET 6.0 | Denial of Service | Important | Release Notes | Security Update | CVE-2022-21986 |
| Microsoft Teams Admin Center | Denial of Service | Important | Release Notes | Security Update | CVE-2022-21965 |
| SQL Server 2019 for Linux Containers | Elevation of Privilege | Important | 5010657 | Security Update | CVE-2022-23276 |
| Microsoft Outlook 2016 for Mac | Security Feature Bypass | Important | App Store | Security Update | CVE-2022-23280 |
| Microsoft Dynamics GP | Remote Code Execution | Important | Release Notes | Security Update | CVE-2022-23274 |
| Microsoft Dynamics GP | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2022-23273 |
| Microsoft Dynamics GP | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2022-23272 |
| Microsoft Dynamics GP | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2022-23271 |
| Microsoft Dynamics GP | Spoofing | Important | Release Notes | Security Update | CVE-2022-23269 |
| Azure Data Explorer | Spoofing | Important | CVE-2022-23256 | ||
| OneDrive for Android | Security Feature Bypass | Important | App Store | Security Update | CVE-2022-23255 |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | Information Disclosure | Important | 3172514 | Security Update | CVE-2022-23252 |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | Remote Code Execution | Important | 5002146 | Security Update | CVE-2022-22003 |
| Microsoft SharePoint Server Subscription Edition | Remote Code Execution | Important | 5002145 | Security Update | CVE-2022-22005 |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2022-22004 |
| Windows Server 2012 R2 (Server Core installation) | Denial of Service | Important | 5010419 | Monthly Rollup | CVE-2022-22002 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5010419 | Monthly Rollup | CVE-2022-22001 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5010419 | Monthly Rollup | CVE-2022-22000 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5010419 | Monthly Rollup | CVE-2022-21999 |
| Windows Server 2012 R2 (Server Core installation) | Information Disclosure | Important | 5010419 | Monthly Rollup | CVE-2022-21998 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5010419 | Monthly Rollup | CVE-2022-21997 |
| Windows 11 for ARM64-based Systems | Elevation of Privilege | Important | 5010386 | Security Update | CVE-2022-21996 |
| Windows Server 2016 (Server Core installation) | Remote Code Execution | Important | 5010359 | Security Update | CVE-2022-21995 |
| Windows 10 Version 21H2 for x64-based Systems | Elevation of Privilege | Important | 5010342 | Security Update | CVE-2022-21994 |
| Windows Server 2012 R2 (Server Core installation) | Information Disclosure | Important | 5010419 | Monthly Rollup | CVE-2022-21993 |
| Windows Server 2016 (Server Core installation) | Remote Code Execution | Important | 5010359 | Security Update | CVE-2022-21992 |
| Visual Studio Code | Remote Code Execution | Important | Release Notes | Security Update | CVE-2022-21991 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5010419 | Monthly Rollup | CVE-2022-21989 |
| Microsoft Office LTSC 2021 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2022-21988 |
| Microsoft SharePoint Server Subscription Edition | Spoofing | Important | 5002145 | Security Update | CVE-2022-21987 |
| Microsoft Office Web Apps Server 2013 Service Pack 1 | Information Disclosure | Important | 5002149 | Security Update | CVE-2022-22716 |
| VP9 Video Extensions | Remote Code Execution | Important | MS Store Information | Security Update | CVE-2022-22709 |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | Security Feature Bypass | Important | 5002155 | Security Update | CVE-2022-21968 |
| Microsoft Dynamics 365 (on-premises) version 9.0 | Remote Code Execution | Important | CVE-2022-21957 | ||
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5010419 | Monthly Rollup | CVE-2022-21981 |
| Windows 10 Version 21H2 for x64-based Systems | Remote Code Execution | Important | 5010342 | Security Update | CVE-2022-21984 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5010419 | Monthly Rollup | CVE-2022-22718 |
| Windows Server 2012 R2 (Server Core installation) | Information Disclosure | Important | 5010419 | Monthly Rollup | CVE-2022-21985 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5010419 | Monthly Rollup | CVE-2022-22717 |
| Windows 10 Version 21H2 for x64-based Systems | Elevation of Privilege | Important | 5010342 | Security Update | CVE-2022-22715 |
| Windows 10 Version 21H2 for x64-based Systems | Denial of Service | Important | 5010342 | Security Update | CVE-2022-22712 |
| Windows Server 2016 (Server Core installation) | Remote Code Execution | Important | 5010359 | Security Update | CVE-2022-21974 |
| Windows 10 Version 21H2 for x64-based Systems | Remote Code Execution | Important | 5010342 | Security Update | CVE-2022-21971 |
| HEVC Video Extensions | Remote Code Execution | Important | Description | Security Update | CVE-2022-21927 |
| HEVC Video Extensions | Remote Code Execution | Important | Description | Security Update | CVE-2022-21926 |
| HEVC Video Extensions | Remote Code Execution | Important | Description | Security Update | CVE-2022-21844 |
| Windows Server 2012 R2 (Server Core installation) | Denial of Service | Important | 5010419 | Monthly Rollup | CVE-2022-22710 |
Adobe
Adobe released 5 patches this month fixing 17 bugs in Illustrator, Creative Cloud Desktop, After Effects, Photoshop, and Premiere Rush, although none are thought to be used currently in active attacks.
The patch for Adobe Illustrator fixes a critical bug that could allow an attacker to run code of their choice on an affected system. The Creative Cloud Desktop update also plugs a critical remote code execution flaw.
Photoshop and After Effects also get critical security updates. And unusually, there aren’t any security fixes for Adobe Acrobat or Adobe Reader.
Windows Update testing and best practices
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
Best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.
If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.
But that is it for another month and happy patching!