1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Latest Microsoft Patch Tuesday release is the smallest for some t

    From TechnologyDaily@1337:1/100 to All on Wed Feb 9 12:30:04 2022
    Latest Microsoft Patch Tuesday release is the smallest for some time, but still fixed some serious bugs

    Date:
    Wed, 09 Feb 2022 12:13:24 +0000

    Description:
    Experts still recommend patching the flaws immediately.

    FULL STORY ======================================================================

    This months Microsoft Patch Tuesday is out, and its left Windows admins and cybersecurity experts alike scratching their heads a little.

    As it turns out, this months fix comes with no more than 51 patches, making
    it one of the most lightweight fixes to come out of Microsoft in a long time
    - and to make matters even stranger, none of the patches were deemed "critical".

    That's not to say that the patches shouldn't still be applied, with a wide number of Microsoft software offerings affected. No news is good news?

    This months release addresses vulnerabilities in Windows and Windows Components, Azure Data Explorer, Kestrel Web Server, Microsoft Edge (Chromium-based), Windows Codecs Library, Microsoft Dynamics, Microsoft Dynamics GP, Microsoft Office and Office Components, Windows Hyper-V Server, SQL Server, Visual Studio Code, and Microsoft Teams.

    Whats more, the company only addressed one zero-day vulnerability, a Windows Kernel elevation of privilege tracked under CVE-2022-21989.

    Analyzing the patches, Zero Day Initiatives Dustin Childs said: It may have happened before, but I cant find an example of a monthly release from Microsoft that doesnt include at least one critical-rated patch.

    Immersive Labs director of cyber threat research, Kevin Breen, on the other hand, is under the impression that Windows admins shouldnt lower their guard, something Childs essentially agrees with. Read more

    Microsoft issues official PrintNightmare fix in latest Patch Tuesday blast


    Youll want to install this Windows 11 update to speed up your PC


    This Windows Server update is causing a bunch of problems

    Discussing multiple CVEs listed in the fix with The Register , Breen says
    they are all listed as elevation of privilege, which forms a key part of the attack chain. Once initial access has been gained, attackers will quickly
    seek to gain administrator-level access so they can move across the network, compromise other devices and avoid detection by disabling security tooling."

    For CVE-2022-21984, Childs says "if you have this setup in your environment, an attacker could completely take over your DNS and execute code with
    elevated privileges. Since dynamic updates arent enabled by default, this doesnt get a critical rating. However, if your DNS servers do use dynamic updates, you should treat this bug as critical." Here's the best endpoint protection software around today



    ======================================================================
    Link to news story: https://www.techradar.com/news/latest-microsoft-patch-tuesday-release-is-the-s mallest-for-some-time-but-still-fixed-some-serious-bugs/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)