Microsoft customers received a significant number of patches and advisories in February, with a total of 72 patches and 21 advisories being released by the company for various product groups or tools. The majority of the CVEs addressed in this month’s Patch Tuesday release (43 out of 72) are related to Windows, with another 12 product groups or tools also being affected.
Of the CVEs addressed, five are considered Critical in severity by Microsoft, affecting Windows, Office, Exchange, and Dynamics 365. At the time of patch release, two of the issues are known to be under exploit in the wild, and none has been publicly disclosed. Additionally, eight of the addressed vulnerabilities in Windows, Office, and Exchange are deemed more likely to be exploited in the next 30 days, including a Critical-severity elevation-of-privilege issue with a noteworthy 9.8 CVSS base score.
The release also included information on six Chromium/Edge-related CVEs, one MITRE-issued CVE concerning a DNS issue that could lead to denial of service, one Github-issued CVE addressing the recent “Leaky Vessel” issue affecting Mariner, and 13 Adobe advisories related to Acrobat Reader. Notably, there were six issues addressed by Sophos protections, which are detailed in a table below.
In addition to the patches, several notable updates were released, including a series of Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerabilities, a Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability, a Microsoft Exchange Server Elevation of Privilege Vulnerability, a Microsoft Outlook Remote Code Execution Vulnerability, and a Microsoft Teams for Android Information Disclosure.
Overall, the frequency of patches and advisories released in February indicates a busy period for Microsoft customers, with a substantial number of vulnerabilities being addressed across various product groups and tools. The severity of some of the identified vulnerabilities underscores the importance of promptly applying the patches and advisories to prevent potential exploitation by threat actors.
As always, users have the option to manually download the updates from the Windows Update Catalog website if they do not want to wait for their system to pull down Microsoft’s updates itself. Additionally, the appendix provides detailed information on the impact and severity of the vulnerabilities addressed in the February patches, offering a comprehensive breakdown of the issues for users and administrators.
In conclusion, the February release of patches and advisories by Microsoft highlights the ongoing efforts to address security vulnerabilities and protect customers from potential threats. By staying informed about the latest updates and promptly applying them, users can bolster the security of their systems and minimize the risk of exploitation.