The TOP 10 Windows versions with the most patches

February 10, 2022April 14, 2022

The TOP 10 Windows versions with the most patches and how to update them

It is already Microsoft 's tradition to release updates for different editions of the operating system every Tuesday. That's why it became known as Patch Tuesday. And this week, we find out which 10 versions of Windows need the most patches. Among the updates needed are glitches that are small but can greatly compromise workflow, as well as issues involving authentication and WiFi networks.

Top 10 Windows versions with the most patches

The chart below shows the main Windows versions covered by this Patch Tuesday, ordered in descending order according to the quantity of vulnerabilities present.

The chart below shows the top 10 vulnerabilities relative to their base score in the CVSS metric:

In the month of February, the threats with their most relevant scores were:

CVE-2022-21984 - Windows DNS Server Remote Code Execution Vulnerability.

CVE-2022-22005 - Microsoft SharePoint Server Remote Code Execution Vulnerability.

CVE-2022-23274 - Microsoft Dynamics GP Remote Code Execution Vulnerability.

CVE-2022-21987 - Microsoft SharePoint Server Spoofing Vulnerability.

CVE-2022-21991 - Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability.

CVE-2022-23256 - Azure Data Explorer Spoofing Vulnerability.

CVE-2022-23272 - Microsoft Dynamics GP Elevation Of Privilege Vulnerability.

CVE-2022-21995 - Windows Hyper-V Remote Code Execution Vulnerability.

CVE-2022-21996 - Windows Kernel Elevation of Privilege Vulnerability.

CVE-2022-22715 - Named Pipe File System Elevation of Privilege Vulnerability

Percentage based on the degree of criticality of the vulnerabilities

Of the 4324 vulnerabilities in the observed period, the table below lists in descending order the number of vulnerabilities and their criticality.

As reported update, five CVEs still do not have assignments in their severity statuses as important or critical. They are:

CVE-2022-21984, CVE-2022-22005, CVE-2022-23274, CVE-2022-21987, CVE2022-21991, CVE-2022-23256, CVE-2022-23272, CVE-2022-21995, CVE-2022-21996, and CVE-2022-2.

Threat Impact

The chart below shows the quantitative impact of threats:

The table below details this threat impact type(s) with their descriptions as they occur:

Each of the impacts mentioned above is detailed in the following glossary:

Elevation of Privilege

Privilege elevation results from granting an attacker permissions beyond those initially granted. For example, an attacker with a privilege set of "read-only" permissions somehow elevates the set to include "read and write".

Information Disclosure

Disclosing information allows an attacker to receive valuable information about a system. Therefore, always consider what information you are revealing and whether it can be used by a malicious user.

Remote Code Execution

Remote code execution (RCE), is the exploitation of a weakness in the application that allows the attacker to send malicious code to be executed. To do this, he uses the application language and the exploit executed on server-side. Basically, for any application, it is a most dangerous type of vulnerability that exists. Physical access to the PC by a hacker is not necessary. He can take control or steal data remotely, i.e. from
.

Denial of Service

Denial Of Service (DoS) attacks, also known as denial of service attacks, are attempts to overload a common server or computer so that system resources become unavailable to its users.

Spoofing

Spoofing refers to the act of assuming the identity of some trusted asset, email address, user, or information source. This vulnerability covers a variety of tactics, including impersonating a trusted email sender for phishing, assuming the identity of a recognized asset on the network by ARP spoofing, impersonating a trusted DNS server, and more.

Most Severe Vulnerabilities

It is true that all available patches need to be analyzed and interpreted according to each environment and the Microsoft services that your organization uses in its IT infrastructure. However, some stand out and we recommend immediate action:

CVE-2022-21989 | Windows Kernel Elevation of Privilege Vulnerability

It is an EoP vulnerability in the Windows Kernel and the only zero-day vulnerability addressed this month. According to Microsoft's Exploit Index rating, this vulnerability is most likely to be exploited. The release notes that an attacker needs to take additional actions prior to the exploitation of this vulnerability.

CVE-2022-22005 | Microsoft SharePoint Server Remote Code Execution Vulnerability

It is an RCE vulnerability in Microsoft SharePoint Server. Microsoft classifies this as a "most likely exploit", however, at the moment, no public proof of concept seems to exist. To exploit this vulnerability, an attacker needs to be authenticated and have the ability to create pages in SharePoint.

CVE-2022-21996 | Win32k Elevation of Privilege Vulnerability

It is an EoP vulnerability in Microsoft's Win32k, a kernel-side core driver used in Windows. This vulnerability is similar to another EoP flaw from the January Patch Tuesday release, CVE-2022-21882. CVE-2022-21882 has been actively exploited by threat actors and the Cybersecurity and Infrastructure Agency has added the vulnerability to its Catalog of Known Exploited Vulnerabilities, requiring federal agencies to patch the vulnerability by February 18.

CVE-2022-22715 | Named Pipe File System Elevation of Privilege Vulnerability

This is an EoP vulnerability in the Named Pipe File System. It is classified as Most Likely Exploit. To exploit this flaw, an attacker would need to have established a presence on the vulnerable system to run a specially crafted application. Successful exploitation would allow an attacker to run processes with elevated privileges.

Conclusion

The complete list of vulnerabilities from this Patch Tuesday, as well as the updates responsible for their mitigation and troubleshooting articles are available here.

All released patches are important, but if business challenges require that some updates be prioritized over others, we recommend focusing on those listed under the most serious vulnerabilities and those with the highest CVSS score.

Bibliography

https://msrc.microsoft.com/update-guide/vulnerability

https://msrc.microsoft.com/update-guide/releaseNote/2022-Feb

https://malwaretips.com/threads/microsoft-february-2022-patch-tuesday.112360/

https://twitter.com/msftsecresponse/status/149111048213223833

Tags: SECURE ENVIRONMENT, ATAKES, CIBER SECURITY, CULTURE CULTURE, CYBERSECURITY, SECURE COMPANY, CIBER SECURITY MARKET, MICROSOFT, TUESDAY PATCH, WINDOWS PATCHES, DIGITAL SECURITY, TOP 10 WINDOWS VERSIONS, MOST FIXED WINDOWS VERSIONS, VULNERABILITIES, WINDOWS