Overview
Unlike the last few months, last week's Microsoft 'Patch Tuesday' updates don't address any critical vulnerabilities, however, it does contain fixes for around four dozen vulnerabilities, some of which may soon be exploited.
Security updates for Apple's iOS 15.3.1, iPadOS 15.3.1, macOS Monterey 12.2.1 and the Safari web browser are also available.
Individuals and businesses should apply these security updates to protect against potential cyber threats.
If you receive a notification on your computer to install updates, please do so as soon as practicable. If a notification isn't displayed, you can manually check for updates by searching for 'updates' on your computer or device's search bar.
Detail
This month’s Microsoft ‘Patch Tuesday’ addresses several vulnerabilities, including various remote code execution (RCE) and privilege escalation flaws. These have not been rated as 'critical' by Microsoft however, if exploited, could result in unauthorised access and modification to systems and services.
One notable RCE vulnerability affects Microsoft SharePoint - a popular document management and data storage platform for businesses. This vulnerability could potentially be exploited by authenticated users. With remote access credentials increasingly being found in underground markets online, businesses should still endeavour to patch these kinds of vulnerabilities, even if authentication is required.
More information about the February 2022 Microsoft Security updates can be found here: https://msrc.microsoft.com/update-guide/releaseNote/2022-Feb
and here: https://msrc.microsoft.com/update-guide/en-us
Apple have released security updates for a number of their devices and systems. Of note, the Safari web browser has an update which fixes a 0-day vulnerability. Visit https://support.apple.com/en-us/HT201222 for more information.
Recommended Action
- Frequently monitor and review security updates for all of your systems and devices. Implement security patches as soon as practicable. Set your devices to update automatically wherever possible.
-
If using a Microsoft computer, it should display a notification to update but if it doesn't you can 'check for updates' in the search bar next to the start button. Your organisation may implement security updates automatically but you may be asked to restart your computer in order to complete the update(s).
-
It is good practise to back up your system and/or important files before installing any major updates.
- Take a look at the ‘5 Steps to Cyber Security’ guidance on our Advice & Guidance page for more guidance on how to better protect your organisation.
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.