Microsoft security alert.
February 8, 2022
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 38 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft SharePoint Enterprise Server and Foundation Multiple Vulnerabilities for February 2022
- Severity
- Critical 4
- Qualys ID
- 110400
- Vendor Reference
- KB5002120, KB5002135, KB5002136, KB5002145, KB5002147, KB5002155
- CVE Reference
- CVE-2022-21968, CVE-2022-21987, CVE-2022-22005, CVE-2022-22716
- CVSS Scores
- Base 6.5 / Temporal 4.8
- Description
-
Microsoft has released February 2022 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB5002145
KB5002135
KB5002120
KB5002136
KB5002147
KB5002155QID Detection Logic:
This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system. - Consequence
-
Successful exploitation allows remote code execution.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
KB5002145
KB5002135
KB5002120
KB5002136
KB5002147
KB5002155Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update
-
Microsoft Office Security Update for February 2022
- Severity
- Critical 4
- Qualys ID
- 110401
- Vendor Reference
- KB3118335, KB3172514, KB5002133, KB5002137, KB5002140, KB5002146, KB5002149, KB5002156
- CVE Reference
- CVE-2022-21988, CVE-2022-22003, CVE-2022-22004, CVE-2022-22716, CVE-2022-23252
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft has released February 2022 security updates to fix multiple security vulnerabilities.
This security update contains the following:
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
KB3172514
KB3118335
KB5002146
KB5002140
KB5002149
KB5002156
KB5002137
KB5002133QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
MacOS Release Notes
Office Click-2-Run and Office 365 Release Notes
KB3172514
KB3118335
KB5002146
KB5002140
KB5002149
KB5002156
KB5002137
KB5002133Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft office January 2022
-
Microsoft Outlook 2016 for Mac Security Feature Bypass Vulnerability Security Update for February 2022
- Severity
- Serious 3
- Qualys ID
- 110402
- Vendor Reference
- CVE-2022-23280
- CVE Reference
- CVE-2022-23280
- CVSS Scores
- Base 5 / Temporal 3.7
- Description
-
Microsoft has released February 2022 security updates for outlook to fix a Security Feature Bypass Vulnerability.
This security update contains the following KBs:
Affected Products:
Microsoft Outlook 2016 for MacQID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected outlook applications. - Consequence
- Successful exploitation will allow an attacker to bypass the protection in Outlook that prevents an image from being shown automatically in an email.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Outlook 2016 for Mac
-
Microsoft SQL Server for Linux Containers Elevation of Privilege Vulnerability for February 2022
- Severity
- Critical 4
- Qualys ID
- 376382
- Vendor Reference
- CVE-2022-23276
- CVE Reference
- CVE-2022-23276
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
This vulnerability is not present on servers that are running SQL Server 2019 on Linux bare metal or VMs. This vulnerability is exposed only in SQL Server 2019 Linux container images.
CVE-2022-23276: SQL Server for Linux Containers Elevation of Privilege Vulnerability
SQL Server 2019 GDR, Customers who have deployed SQL Server 2019 Linux container images need to update SQL Server 15.0.2090.38. and Cumulative Update 15 for SQL Server 2019 version 15.0.4198.2.Affected Software:
SQL Server version from 15.0.2090.0 through 15.0.2090.37.
SQL Server Version from 15.0.4198.0 through 15.0.4198.1QID Detection Logic(Authenticate):
This QID will check the vulnerable version of SQL Server 2019 GDR on the Linux container. - Consequence
- Successful exploitation allows an attacker to perform escalation of privileges on the vulnerable machine.
- Solution
-
Customers are advised to refer to CVE-2022-23276 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5010657
-
Microsoft Windows Security Update for February 2022
- Severity
- Critical 4
- Qualys ID
- 91857
- Vendor Reference
- KB5010342, KB5010345, KB5010351, KB5010354, KB5010358, KB5010359, KB5010384, KB5010386, KB5010392, KB5010395, KB5010403, KB5010404, KB5010412, KB5010419, KB5010422, KB5010456
- CVE Reference
- CVE-2022-21844, CVE-2022-21926, CVE-2022-21927, CVE-2022-21971, CVE-2022-21974, CVE-2022-21981, CVE-2022-21985, CVE-2022-21989, CVE-2022-21992, CVE-2022-21993, CVE-2022-21994, CVE-2022-21995, CVE-2022-21997, CVE-2022-21998, CVE-2022-21999, CVE-2022-22000, CVE-2022-22001, CVE-2022-22002, CVE-2022-22709, CVE-2022-22710, CVE-2022-22712, CVE-2022-22715, CVE-2022-22717, CVE-2022-22718
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft Windows Security Update - February 2022
The KB Articles associated with the update:
KB5010419
KB5010395
KB5010403
KB5010412
KB5010359
KB5010358
KB5010342
KB5010386
KB5010354
KB5010345
KB5010351
KB5010456
KB5010404
KB5010422
KB5010384
KB5010392
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5010419 - 6.3.9600.20269
KB5010395 - 6.3.9600.20269
KB5010403 - 6.0.6003.21374
KB5010412 - 6.2.9200.23605
KB5010359 - 10.0.14393.4946
KB5010358 - 10.0.10240.19204
KB5010342 - 10.0.19041.1526
KB5010386 - 10.0.22000.493
KB5010354 - 10.0.20348.524
KB5010345 - 10.0.18362.2094
KB5010351 - 10.0.17763.2565
KB5010404 - 6.1.7601.25860
KB5010422 - 6.1.7601.25860
KB5010384 - 6.0.6003.21374
KB5010392 - 6.2.9200.23605
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to the KB5010419
KB5010395
KB5010403
KB5010412
KB5010359
KB5010358
KB5010342
KB5010386
KB5010354
KB5010345
KB5010351
KB5010456
KB5010404
KB5010422
KB5010384
KB5010392
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5010342
KB5010345
KB5010351
KB5010354
KB5010358
KB5010359
KB5010384
KB5010386
KB5010392
KB5010395
KB5010403
KB5010404
KB5010412
KB5010419
KB5010422
-
Microsoft Visual Studio Security Update for February 2022
- Severity
- Serious 3
- Qualys ID
- 91858
- Vendor Reference
- CVE-2022-21986
- CVE Reference
- CVE-2022-21986
- CVSS Scores
- Base 4.3 / Temporal 3.6
- Description
-
Microsoft has released a security Update for Visual Studio which resolves Denial of Service Vulnerability.
Affected Software:
Microsoft Visual Studio 2019 version 16.9 (includes 16.0-16.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2022 version 17.0
and Microsoft Visual Studio 2019 for Mac version 8.10 - Consequence
-
The vulnerable versions of Visual Studio let attackers to perform Denial of Service Attacks.
- Solution
-
Customers are advised to refer to CVE-2022-21986 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-21986
-
Microsoft .NET Security Update for February 2022
- Severity
- Serious 3
- Qualys ID
- 91859
- Vendor Reference
- CVE-2022-21986
- CVE Reference
- CVE-2022-21986
- CVSS Scores
- Base 4.3 / Temporal 3.2
- Description
-
Microsoft has released a security Update for .NET which resolves Denial of Service Vulnerability.
This security update is rated Important for supported versions of .NETAffected versions:
.NET 5.0 before version 5.0.14
and .NET 6.0 before version 6.0.2
QID Detection Logic: Authenticated
This QID detects vulnerable versions of Microsoft .NET Core by checking the file version on windows.
- Consequence
-
Successful exploitation of this vulnerability could lead to Denial of Service Vulnerability.
- Solution
-
Customers are advised to refer to CVE-2022-21986 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-21986
-
Microsoft Windows Domain Name System (DNS) Server Remote Code Execution (RCE) Vulnerability for February 2022
- Severity
- Critical 4
- Qualys ID
- 91860
- Vendor Reference
- KB5010342, KB5010345, KB5010354, KB5010386, KB5010456
- CVE Reference
- CVE-2022-21984
- CVSS Scores
- Base 6 / Temporal 4.4
- Description
-
Microsoft Windows Security Update - February 2022
The KB Articles associated with the update:
KB5010342
KB5010354
This QID checks for the file version of dns.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5010342 - 10.0.19041.1526
KB5010354 - 10.0.20348.524
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to theKB5010342
KB5010386
KB5010456
KB5010354
KB5010345
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5010342
KB5010345
KB5010354
KB5010386
KB5010456
-
Microsoft Windows Win32k Elevation of Privilege Vulnerability for February 2022
- Severity
- Critical 4
- Qualys ID
- 91861
- Vendor Reference
- KB5010386
- CVE Reference
- CVE-2022-21996
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft Windows Security Update - February 2022
The KB Articles associated with the update:
KB5010386
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB5010386 - 10.0.22000.493
- Consequence
-
Successful exploit could compromise Confidentiality, Integrity and Availability
- Solution
-
Please refer to theKB5010386
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5010386
-
Microsoft Teams Denial of Service (DoS) Vulnerability for February 2022
- Severity
- Critical 4
- Qualys ID
- 91863
- Vendor Reference
- CVE-2022-21965
- CVE Reference
- CVE-2022-21965
- CVSS Scores
- Base 5 / Temporal 3.7
- Description
-
Microsoft Teams is a proprietary business communication platform developed by Microsoft, as part of the Microsoft 365 family of products.
CVE-2022-21965: Microsoft Teams Denial of Service Vulnerability
Affected Software:
Microsoft Teams Versions prior to 1.0.94.20xxx
QID Detection Logic(Authenticated):
QID checks for the vulnerable version of Teams. - Consequence
- Successful exploitation allows an attacker to perform a denial of service attack on vulnerable machine.
- Solution
-
Customers are advised to refer to Microsoft Teams for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-21965 Windows
-
Microsoft Windows Codecs Library HEVC Video and VP9 Extensions Remote Code Execution (RCE) Vulnerability for February 2022
- Severity
- Critical 4
- Qualys ID
- 91866
- Vendor Reference
- CVE-2022-21844, CVE-2022-21926, CVE-2022-21927, CVE-2022-22709
- CVE Reference
- CVE-2022-21844, CVE-2022-21926, CVE-2022-21927, CVE-2022-22709
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory.
Affected Product:
"HEVC from Device Manufacturer" media codec before version 1.0.43421.0
"VP9 from Device Manufacturer" media codec before version 1.0.42791.0QID detection Logic:
The gets the version of HEVCVideoExtension and VP9VideoExtensions by querying wmi class Win32_InstalledStoreProgram. - Consequence
-
An attacker who successfully exploited this vulnerability can compromise confidentiality, integrity and availability of the system
- Solution
-
Users are advised to check CVE-2022-22709
CVE-2022-21927
CVE-2022-21926 and
CVE-2022-21844
for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2022-21844
CVE-2022-21926
CVE-2022-21927
CVE-2022-22709
These new vulnerability checks are included in Qualys vulnerability signature 2.5.397-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110400
- 110401
- 110402
- 376382
- 91857
- 91858
- 91859
- 91860
- 91861
- 91863
- 91866
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.