Virtual Administrator’s February 2022 Patch Recommendations
This month Microsoft released patches for 51 vulnerabilities with 0 rated “Critical”, 50 “Important” and 1 “Moderate” in severity.
All patches have been approved in our patch policy.
February is a much quieter month than January. An average number of patches and no major problems with them. Remarkably there are no critical patches. No one can remember if that has ever happened before.
One (CVE-2022-21989) is publicly disclosed but none are being exploited. A remote code execution (RCE) flaw in Hyper-V (CVE-2022-21995) could allow a guest virtual machine and access the host server. A RCE vulnerability (CVE-2022-21984) affects Microsoft DNS servers where dynamic DNS updates are enabled. Another RCE in SharePoint Server (CVE-2022-22005) could allow an authenticated user (with permissions for page creation) to run .NET code in the context of the SharePoint Web Application service account.
There are a couple of known issues detailed below. Windows Server 2012 and newer with apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail. Microsoft releases a OOB patch on February 4th to address this but they need to be installed manually. On SharePoint Server 2019 the Machine Translation service may fail.
For those hesitant to patch last month due to the severity of the reported problems, you should be able to install this month’s Cumulative Updates/Monthly Rollups. The latest patches will included all of the previous updates without the bugs.
Disclosed: CVE-2022-21989
Exploited: None
Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
We will no longer listing “affected software” in this post. Previously Microsoft listed affected “software”. This month the list includes “products, features and roles” which makes the list too long. If you look at the month’s Release Notes on the Security Update Guide page you can view this list.
Microsoft Security Advisories
ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:02/08/2022)
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.
NOTE: The Windows 10 Security Stack Updates are included in the monthly Cumulative Updates.
Known Issues
There are two known issues posted by Microsoft this month. The SharePoint Server 2019 has a workaround available. The other affects Windows Servers that have been patched since last month. The fix is to install out-of-band .NET Framework updates for the version used. The OOB updates must be downloaded from the Microsoft Update Catalog and installed manually.
Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.
Windows Server 2012/2016/2019/2022
Link for Server 2022:https://support.microsoft.com/en-us/topic/february-8-2022-kb5010354-os-build-20348-524-c5355158-0f4d-4106-90f7-0a5a6c7376b9
Symptom: After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.
Workaround: To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app.
Note: These out-of-band updates are not available from Windows Update and will not install automatically.
SharePoint Server 2019 (KB5002135)
Symptom: The Machine Translation service fails if the content contains certain HTML tags
Workaround: Publishing pages cannot be translated in SharePoint Server 2019 (KB5011291)
Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.
Windows release health
https://docs.microsoft.com/en-us/windows/release-health/
Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB5010404 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5010419 – Windows 8.1, Windows Server 2012 R2
- KB5010392 – Windows Server 2012
- KB5010384 – Windows Server 2008 (ESU)
Security Only Update
- KB5010422 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5010395 – Windows 8.1, Windows Server 2012 R2
- KB5010412 – Windows Server 2012
- KB5010403 – Windows Server 2008 (ESU)
Cumulative Updates
Windows 10
- KB5010358 – Original release version 1507 (OS Build 10240)
- KB5010359 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB5010351 – Version 1809 “October 2018 Update” (OS Build 17763)
- KB5010345 – Version 1909 “November 2019 Update” (OS Build 18363)
- KB5010342 – Version 20H2 “October 2020 Update” (OS Build 19042)
- KB5010342 – Version 21H1 “May 2021 Update” (OS Build 19043)
- KB5010342 – Version 21H2 “November 2021 Update” (OS Build 19044)
(Versions 1511,1703,1709,1803,1903,2004 are no longer under support)
Windows 11
- KB5010386 – Original release (OS Build 22000)
Windows Server
- KB5010359 – Server 2016 (same KB as Windows 10 Version 1607)
- KB5010351 – Server 2019 (same KB as Windows 10 Version 1809)
- KB5010354 – Server 2022 (OS Build 20348)
February 2022 updates for Microsoft Office
Notable CVEs
CVE-2022-21984 | Windows DNS Server Remote Code Execution Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21984
CVE-2022-21989 | Windows Kernel Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21989
CVE-2022-21995 | Windows Hyper-V Remote Code Execution Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21995
CVE-2022-21996 | Win32k Elevation of Privilege Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21996
CVE-2022-22005 | Microsoft SharePoint Server Remote Code Execution Vulnerability (KB5002120,KB5002135,KB5002136,KB5002145)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22005
CVE-2022-23280 | Microsoft Outlook for Mac Security Feature Bypass Vulnerability (App Store)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23280