Virtual Administrator’s February 2022 Patch Recommendations

patch-recommedation

This month Microsoft released patches for 51 vulnerabilities with 0 rated “Critical”, 50 “Important” and 1 “Moderate” in severity.

All patches have been approved in our patch policy.

February is a much quieter month than January.  An average number of patches and no major problems with them. Remarkably there are no critical patches. No one can remember if that has ever happened before.

One (CVE-2022-21989) is publicly disclosed but none are being exploited. A remote code execution (RCE) flaw in Hyper-V (CVE-2022-21995) could allow a guest virtual machine and access the host server. A RCE vulnerability (CVE-2022-21984) affects Microsoft DNS servers where dynamic DNS updates are enabled. Another RCE in SharePoint Server (CVE-2022-22005) could allow an authenticated user (with permissions for page creation) to run .NET code in the context of the SharePoint Web Application service account.

There are a couple of known issues detailed below. Windows Server 2012 and newer with apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail. Microsoft releases a OOB patch on February 4th to address this but they need to be installed manually. On SharePoint Server 2019 the Machine Translation service may fail.

For those hesitant to patch last month due to the severity of the reported problems, you should be able to install this month’s Cumulative Updates/Monthly Rollups. The latest patches will included all of the previous updates without the bugs.

Disclosed: CVE-2022-21989

Exploited: None

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com

We will no longer listing “affected software” in this post. Previously Microsoft listed affected “software”. This month the list includes “products, features and roles” which makes the list too long. If you look at the month’s Release Notes on the Security Update Guide page you can view this list.

Microsoft Security Advisories

ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:02/08/2022)

https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

NOTE: The Windows 10 Security Stack Updates are included in the monthly Cumulative Updates.

Known Issues

There are two known issues posted by Microsoft this month. The SharePoint Server 2019 has a workaround available. The other affects Windows Servers that have been patched since last month. The fix is to install out-of-band .NET Framework updates for the version used. The OOB updates must be downloaded from the Microsoft Update Catalog and installed manually.

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

Windows Server 2012/2016/2019/2022

Link for Server 2022:https://support.microsoft.com/en-us/topic/february-8-2022-kb5010354-os-build-20348-524-c5355158-0f4d-4106-90f7-0a5a6c7376b9

Symptom: After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.

Workaround: To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app.

Note: These out-of-band updates are not available from Windows Update and will not install automatically.

SharePoint Server 2019 (KB5002135)

https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-2019-february-8-2022-kb5002135-5cfc06d2-e79a-4ec3-af02-59b5be9b6abf

Symptom: The Machine Translation service fails if the content contains certain HTML tags

Workaround: Publishing pages cannot be translated in SharePoint Server 2019 (KB5011291)

https://support.microsoft.com/en-us/topic/publishing-pages-cannot-be-translated-in-sharepoint-server-2019-kb5011291-d9156dea-7494-40f1-a023-81caadf572e2

Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.

Windows release health

https://docs.microsoft.com/en-us/windows/release-health/

Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

Security and Quality Rollup

  • KB5010404 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB5010419 – Windows 8.1, Windows Server 2012 R2
  • KB5010392 – Windows Server 2012
  • KB5010384 – Windows Server 2008 (ESU)

Security Only Update

  • KB5010422 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB5010395 – Windows 8.1, Windows Server 2012 R2
  • KB5010412 – Windows Server 2012
  • KB5010403 – Windows Server 2008 (ESU)

Cumulative Updates

Windows 10

  • KB5010358 – Original release version 1507 (OS Build 10240)
  • KB5010359 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB5010351 – Version 1809 “October 2018 Update” (OS Build 17763)
  • KB5010345 – Version 1909 “November 2019 Update” (OS Build 18363)
  • KB5010342 – Version 20H2 “October 2020 Update” (OS Build 19042)
  • KB5010342 – Version 21H1 “May 2021 Update” (OS Build 19043)
  • KB5010342 – Version 21H2 “November 2021 Update” (OS Build 19044)

(Versions 1511,1703,1709,1803,1903,2004 are no longer under support)

Windows 11

  • KB5010386 – Original release (OS Build 22000)

Windows Server

  • KB5010359 – Server 2016 (same KB as Windows 10 Version 1607)
  • KB5010351 – Server 2019 (same KB as Windows 10 Version 1809)
  • KB5010354 – Server 2022 (OS Build 20348)

February 2022 updates for Microsoft Office

https://support.microsoft.com/en-gb/topic/february-2022-updates-for-microsoft-office-4b323baf-6213-40ab-81b2-aa37d83f7296

Notable CVEs

CVE-2022-21984 | Windows DNS Server Remote Code Execution Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21984

CVE-2022-21989 | Windows Kernel Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21989

CVE-2022-21995 | Windows Hyper-V Remote Code Execution Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21995

CVE-2022-21996 | Win32k Elevation of Privilege Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21996

CVE-2022-22005 | Microsoft SharePoint Server Remote Code Execution Vulnerability (KB5002120,KB5002135,KB5002136,KB5002145)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22005

CVE-2022-23280 | Microsoft Outlook for Mac Security Feature Bypass Vulnerability (App Store)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23280

Latest Patch Updates

Virtual Administrator’s April Patch Recommendations

Read More

Third Party Updates 3-15-2024

Read More

Virtual Administrator’s March Patch Recommendations

Read More

Virtual Administrator’s February Patch Recommendations

Read More

Third Party Updates 1-12-2024

Read More

Virtual Administrator’s January 2024 Patch Recommendations

Read More