Alert GCSA-22016 - Microsoft Security Update Febbraio 2022
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-22016
Data: 09 Febbraio 2022
Titolo: Microsoft Security Update Febbraio 2022
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato il security update mensile per febbraio 2022,
questa versione risolve 51 vulnerabilita', tra cui un zero-day.
Nessuna delle vulnerabilita' e' stata classificata come critica.
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
Azure Data Explorer
Kestrel Web Server
Microsoft Dynamics
Microsoft Dynamics GP
Microsoft Edge (Chromium-based)
Microsoft Office
Microsoft Office Excel
Microsoft Office Outlook
Microsoft Office SharePoint
Microsoft Office Visio
Microsoft OneDrive
Microsoft Teams
Microsoft Windows Codecs Library
Power BI
Roaming Security Rights Management Services
Role: DNS Server
Role: Windows Hyper-V
SQL Server
Visual Studio Code
Windows Common Log File System Driver
Windows DWM Core Library
Windows Kernel
Windows Kernel-Mode Drivers
Windows Named Pipe File System
Windows Print Spooler Components
Windows Remote Access Connection Manager
Windows Remote Procedure Call Runtime
Windows User Account Profile
Windows Win32K
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
Provide Misleading Information (spoofing)
Information Disclosure (ID)
Bypass delle funzionalita' di sicurezza (SFB)
Manipolazione dei dati (DM)
:: Soluzioni
Per default l'installazione degli aggiornamenti
avviene in maniera automatica.
Per installare manualmente scegliere
Start > Impostazioni > Aggiornamento e Sicurezza > Windows Update
Verificare di aver installato la versione piu' recente del
Servicing Stack Updates
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
https://docs.microsoft.com/it-it/windows/deployment/update/servicing-stack-updates
Windows Update domande frequenti
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Gli aggiornamenti sono disponibili anche tramite il catalogo di Microsoft Update
https://www.catalog.update.microsoft.com/
Gli utenti che utilizzano ancora Windows 7, Windows Server 2008 o 2008 R2
devono acquistare l'Extended Security Update per continuare a ricevere gli aggiornamenti
https://support.microsoft.com/en-hk/help/4522133/procedure-to-continue-receiving-security-updates
:: Riferimenti
Microsoft Security Updates - Release Notes
https://msrc.microsoft.com/update-guide/releaseNote/2022-Feb
The Hacker News
https://thehackernews.com/2022/02/microsoft-and-other-major-software.html
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22004
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23280
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFiA3qlwZxMk2USYEIRArsAAJ458W4ncFQBzW8ksK/MNYyl9hheWwCfV4P8
plkiTw5OCs1c43H0SMumtV8=
=bDHs
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-22016
Data: 09 Febbraio 2022
Titolo: Microsoft Security Update Febbraio 2022
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato il security update mensile per febbraio 2022,
questa versione risolve 51 vulnerabilita', tra cui un zero-day.
Nessuna delle vulnerabilita' e' stata classificata come critica.
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
Azure Data Explorer
Kestrel Web Server
Microsoft Dynamics
Microsoft Dynamics GP
Microsoft Edge (Chromium-based)
Microsoft Office
Microsoft Office Excel
Microsoft Office Outlook
Microsoft Office SharePoint
Microsoft Office Visio
Microsoft OneDrive
Microsoft Teams
Microsoft Windows Codecs Library
Power BI
Roaming Security Rights Management Services
Role: DNS Server
Role: Windows Hyper-V
SQL Server
Visual Studio Code
Windows Common Log File System Driver
Windows DWM Core Library
Windows Kernel
Windows Kernel-Mode Drivers
Windows Named Pipe File System
Windows Print Spooler Components
Windows Remote Access Connection Manager
Windows Remote Procedure Call Runtime
Windows User Account Profile
Windows Win32K
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
Provide Misleading Information (spoofing)
Information Disclosure (ID)
Bypass delle funzionalita' di sicurezza (SFB)
Manipolazione dei dati (DM)
:: Soluzioni
Per default l'installazione degli aggiornamenti
avviene in maniera automatica.
Per installare manualmente scegliere
Start > Impostazioni > Aggiornamento e Sicurezza > Windows Update
Verificare di aver installato la versione piu' recente del
Servicing Stack Updates
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
https://docs.microsoft.com/it-it/windows/deployment/update/servicing-stack-updates
Windows Update domande frequenti
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Gli aggiornamenti sono disponibili anche tramite il catalogo di Microsoft Update
https://www.catalog.update.microsoft.com/
Gli utenti che utilizzano ancora Windows 7, Windows Server 2008 o 2008 R2
devono acquistare l'Extended Security Update per continuare a ricevere gli aggiornamenti
https://support.microsoft.com/en-hk/help/4522133/procedure-to-continue-receiving-security-updates
:: Riferimenti
Microsoft Security Updates - Release Notes
https://msrc.microsoft.com/update-guide/releaseNote/2022-Feb
The Hacker News
https://thehackernews.com/2022/02/microsoft-and-other-major-software.html
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22004
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23280
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFiA3qlwZxMk2USYEIRArsAAJ458W4ncFQBzW8ksK/MNYyl9hheWwCfV4P8
plkiTw5OCs1c43H0SMumtV8=
=bDHs
-----END PGP SIGNATURE-----