• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

No Critical CVEs Fixed in February Patch Tuesday

You are here: Home / General Cyber Security News / No Critical CVEs Fixed in February Patch Tuesday
February 9, 2022

Method directors ended up blessed with a fairly peaceful Patch Tuesday this week, immediately after Microsoft launched fixes for 48 CVEs, which includes a single that experienced been publicly disclosed but not still exploited.

CVE-2022-21989 is an elevation of privilege vulnerability in the Windows kernel that was previously disclosed. It impacts Windows 7-11 and Windows Server 2008-2022.

“While Microsoft has not noticed exploitation of this vulnerability, they do assess the vulnerability as ‘Exploitation Far more Most likely,’ meaning that exploitation of the vulnerability is really probable and that it must be prioritized for patching,” argued Recorded Future’s senior security architect, Allan Liska.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


He also urged admins to address CVE-2022-22005, a distant code execution vulnerability in Microsoft’s Sharepoint Server.

Although labeled “important,” it also has an exploitation assessment of “Exploitation A lot more Most likely.” It impacts SharePoint Server versions 2013-2019 and the SharePoint Server Subscription Version.

“The vulnerability does demand an attacker to be authenticated in buy to exploit it, which is possible why Microsoft only labeled it ‘important.’ However, given the amount of stolen qualifications easily offered on underground marketplaces, acquiring authenticated could be trivial,” argued Liska.

“Organizations that have general public-facing SharePoint servers ought to prioritize utilizing this patch.”

In other places, Ivanti solution management VP, Chris Goettl, pointed to four CVEs in Windows Print Spooler, making it possible for elevation of privileges: CVE-2022-21999, CVE-2022-21997, CVE-2022-22718, and CVE-2022-22717.

“Three of these vulnerabilities experienced acknowledgments to exterior researchers. This signifies two factors. To start with that Print Spooler even now has a bit of publicity becoming cleaned up put up Print Nightmare and 2nd that there are several exterior white hat scientists even now digging in so you can guess danger actors are probably executing the same,” he stated.

“Also, there have been many variations to Print Spooler, so check your printer performance perfectly this cycle.”

Unusually for Microsoft’s every month security update round, none of the vulnerabilities tackled had been rated critical. However, businesses ought to usually prioritize CVEs for patching in accordance to their own particular risk assessments. 


Some areas of this write-up are sourced from:
www.infosecurity-journal.com

Previous Post: «building it antibodies to fight future shocks Building IT antibodies to fight future shocks
Next Post: Sophos to launch new data centre in Mumbai sophos to launch new data centre in mumbai»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data
  • New Russian-Linked Malware Poses “Immediate Threat” to Energy Grids
  • Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities
  • 5 Must-Know Facts about 5G Network Security and Its Cloud Benefits
  • Romania’s Safetech Leans into UK Cybersecurity Market
  • New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids
  • Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
  • Advanced Phishing Attacks Surge 356% in 2022
  • Expo Framework API Flaw Reveals User Data in Online Services
  • NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

Copyright © TheCyberSecurity.News, All Rights Reserved.