Tim Lovegrove
Security Analyst
Patch Roundup – February 2022
Welcome to the Patch Roundup blog for February 2022. It’s a relatively light month for updates so let’s get started.
Microsoft Patch Tuesday
Microsoft released a modest set of updates this month, with just 51 bugs fixed and only a couple of notable things to address, with remarkably no Critical releases.
DNS is the target of CVE-2022-21984, a remote code execution (RCE) bug affecting dynamic record updates. Any machine able to reach the DNS server could initiate a dynamic update, enabling them to take over the system. The loss of control over a DNS server can have wide-ranging implications in a network, with an attacker able to redirect endpoints to malicious hosts under their control. Dynamic updates are not enabled by default, providing some level of mitigation, but some analysts suggest that if Dynamic Updates are enabled this should be treated as a Critical update.
Similarly, CVE-2022-22005 is an RCE affecting all currently supported versions of SharePoint (2013-2019). Once again there’s a mitigating circumstance that prevents this being rated as Critical – the user must be authenticated and have permissions to create pages in order to exploit the vulnerability, and at present there’s no known exploit code available.
Finally, worth noting is that the US CISA agency have issued a directive to urge the installation of the fixes released last month for CVE-2022-21882. The win32k.sys driver is vulnerable to an Elevation of Privilege vulnerability which can be targeted by an authenticated local attacker to gain admin rights, and the addition of this vulnerability to the CISA Known Exploited Vulnerabilities list indicates known in-the-wild attacks are now targeting it.
Cisco
High on the list of Cisco releases is a long list of critical bugs in their Small Business RV series of routers. Most notable is CVE-2022-20699, a flaw in the SSL VPN module that would allow an unauthenticated remote attacker to execute arbitrary code on the device. Similarly, CVE-2022-20700 is a flaw in the management console that allows remote elevation to root on the device. Check the advisory for affected models and update as soon as possible.
Cisco is also still updating its Log4J (log4shell) response in the related advisory. New patches have been dropping frequently throughout December and January as they address the bug across their product range.