It is time to patch again. Although 2022 got off to a rough start, February is showing us the love and being much more kind. In January, not only did we have a large number of already known exploits, but the patches themselves caused serious issues. I don’t want to rehash all of the terrible fallout from last month because this is a safe space for sysadmins. Let’s just leave it at Microsoft had to pull the updates and republish to stop the cascade of terrible times.
Between January and February Patch Tuesdays, there was a patch put out for Chromium browsers that was bad enough to get a Cisa alert. Since then, things are looking downright sunny! February only brought 51 patches total with zero being critical. Nothing is being actively exploited, and only one is publicly known. I cannot recall any time that Patch Tuesday has been so pleasant. Microsoft has given us an early Valentine's Day gift that will be hard to match.
Some highlights (or lowlights)
CVE-2022-21984: This is the highest-rated exploit coming in at 8.8. It is a remote execution vulnerability that impacts DNS. That combination usually brings up a lot of warning bells. It does, however, require at least some authentication. The only reason this one is not critical is because dynamic updates need to be enabled. This is very common practice, but because it is not on by default, it keeps the score out of critical. If you are using dynamic updates, still treat it like a critical.
CVE-2022-21989: Let’s start with the one that is publicly known. This one is an elevation of privilege exploit for the Windows kernel that has a high level of complexity. This means that it requires a lot of preparation and time spent by the attacker. With the attack vector being local, the CVSS score only comes in at a 7.8.
CVE-2022-22005: This is another 8.8 remote execution vulnerability that only impacts SharePoint. This exploit allows users to run code at the permission level of a service account of the SharePoint web app.
Wrapping up
After one of the roughest Patch Tuesdays I have covered to start the year, it is refreshing that this one was so mild. I have never seen a month go by without a critical patch. Even if the highest rated one did not land as critical on what feels like a technicality, I will take it as a win. Even though it’s a lighter month, I don’t think you should be changing your process. Get your tests out to the lab, verify that they are working, and get patched ASAP.
As we learned from last month, patching can need a quick turnaround. Even worse, you might occasionally get extra bonus Patch Tuesdays! PDQ Deploy and PDQ Inventory can help you automate patching your environment, allowing you to keep your environment secure, and letting you focus on what is really important — watching YouTube videos about metal detecting.
