Summary
Microsoft rolled out patches for Multiple Critical vulnerabilities discovered in multiple products. The most severe of theses vulnerabilities can lead to Remote Code Execution. Based on the privileges associated with the user, the attacker can perform tasks such as installing software, viewing data, modifying data or deleting data.
Affected Products:
- Azure Data Explorer
- Kestrel Web Server
- Microsoft Dynamics
- Microsoft Dynamics GP
- Microsoft Edge (Chromium-based)
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft Office Visio
- Microsoft OneDrive
- Microsoft Teams
- Microsoft Windows Codecs Library
- Power BI
- Roaming Security Rights Management Services
- Role: DNS Server
- Role: Windows Hyper-V
- SQL Server
- Visual Studio Code
- Windows Common Log File System Driver
- Windows DWM Core Library
- Windows Kernel
- Windows Kernel-Mode Drivers
- Windows Named Pipe File System
- Windows Print Spooler Components
- Windows Remote Access Connection Manager
- Windows Remote Procedure Call Runtime
- Windows User Account Profile
- Windows Win32K
Recommendations:
Install applicable patches and execute mitigations provided by Microsoft on vulnerable systems, please make sure to do testing before rolling out to production.
References:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Feb
