System administrators were blessed with a relatively quiet Patch Tuesday this week, after Microsoft released fixes for 48 CVEs, including one that had been publicly disclosed but not yet exploited.
CVE-2022-21989 is an elevation of privilege vulnerability in the Windows kernel that was previously disclosed. It impacts Windows 7-11 and Windows Server 2008-2022.
“While Microsoft has not observed exploitation of this vulnerability, they do assess the vulnerability as ‘Exploitation More Likely,’ meaning that exploitation of the vulnerability is highly probable and that it should be prioritized for patching,” argued Recorded Future’s senior security architect, Allan Liska.
He also urged admins to address CVE-2022-22005, a remote code execution vulnerability in Microsoft’s Sharepoint Server.
Although labeled “important,” it also has an exploitation assessment of “Exploitation More Likely.” It affects SharePoint Server versions 2013-2019 and the SharePoint Server Subscription Edition.
“The vulnerability does require an attacker to be authenticated in order to exploit it, which is likely why Microsoft only labeled it ‘important.’ However, given the number of stolen credentials readily available on underground markets, getting authenticated could be trivial,” argued Liska.
“Organizations that have public-facing SharePoint servers should prioritize implementing this patch.”
Elsewhere, Ivanti product management VP, Chris Goettl, pointed to four CVEs in Windows Print Spooler, allowing elevation of privileges: CVE-2022-21999, CVE-2022-21997, CVE-2022-22718, and CVE-2022-22717.
“Three of these vulnerabilities had acknowledgments to external researchers. This indicates two things. First that Print Spooler still has a bit of exposure being cleaned up post Print Nightmare and second that there are several external white hat researchers still digging in so you can bet threat actors are likely doing the same,” he explained.
“Also, there were several changes to Print Spooler, so test your printer functionality well this cycle.”
Unusually for Microsoft’s monthly security update round, none of the vulnerabilities addressed were rated critical. However, organizations should always prioritize CVEs for patching according to their own particular risk assessments.