Microsoft's updates for Tuesday, February 8, 2022 are too important, since they are focused on resolving 51 vulnerabilities in its different products. Among the main flaws to be resolved are CVE-2022-21989 with a cvss score of: 7.8, which makes it a high-risk vulnerability. This vulnerability allows privilege escalation by taking advantage of a bug in the Windows kernel. , CVE-2022-21984, CVSS score: 8.8, Remote Code Execution Vulnerability in Windows DNS Servers, CVE-2022-22005 in Share Pint Servers, CVE-2022-21995 in Windows Hyper-V.
Other products that received these updates were office, Teams, Azure, Visual StudioCode, SQL Server. You can check the full list of products that received updates at the following official Microsoft link.
Microsoft also said it has remediated multiple elevation of privilege flaws: four in the Print Spooler Service and one in the Win32k driver (CVE-2022-21996 CVSS score: 7.8), the latter of which has been labeled "Exploitation Most Likely" to light of a similar vulnerability in the same component that was patched last month (CVE-2022-21882) and has been under active attack ever since.
The updates come as the tech giant late last month re-released a vulnerability dating back to 2013: a signature validation issue affecting WinVerifyTrust (CVE-2013-3900), noting that the fix is "available as a feature." optional via registry key settings, and is available in supported editions of Windows released on or after December 10, 2013."
The move may have been prompted in response to an ongoing ZLoader malware campaign which, as Check Point Research discovered in early January, was found to exploit the flaw to bypass the file signature verification mechanism and launch malware capable of diverting user credentials and other sensitive information.
It is essential to install security updates to protect our systems from malicious attacks. It is also beneficial not only for closing recent security holes but also for accessing new features and avoiding security flaws in outdated systems.