Tuesday, February 8, 2022

Microsoft Patch Tuesday for Feb. 2022 — Snort rules and prominent vulnerabilities



By Jon Munshaw and Chris Neal. 

Microsoft released its monthly security update Tuesday, disclosing 51 vulnerabilities across its large collection of hardware and software. 

None of the vulnerabilities disclosed this month are considered “critical,” an extreme rarity for the company’s Patch Tuesdays. Additionally, none of the issues Microsoft patched have been exploited in the wild to this point, nor have they been publicly disclosed.

There are still a few vulnerabilities of note, however, including CVE-2022-21997, CVE-2022-21999 and CVE-2022-22715, which are all privilege elevation vulnerabilities in the Microsoft print spooler service. In the event an exploit is developed, an adversary could use these vulnerabilities to execute code as a system user or higher-level privileges. 

There are four other similar vulnerabilities that could allow attackers to escalate their privileges: 

Though considered to be of “important” severity, CVE-2022-22005 is a remote code execution vulnerability in SharePoint that received a severity score of 8.8 out of 10. An adversary would need to be authenticated and possess correct permissions for page creation to exploit this vulnerability. 

A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page. 

In response to these vulnerability disclosures, Talos is releasing a new SNORTⓇ rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. 

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 58993, 58994, 58999 - 59002 and 59004 - 59009. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.