enardeitjaptrues

We soon close out the security year of 2022. Only time will tell what 2023 will bring, but for IT and security admins of Microsoft networks, 2022 has been the year of blended attacks, on-premises Exchange Server flaws, and vulnerabilities needing more than patching to mitigate. Here’s a month-by-month look at the past year.

January: A bad start for on-premises Microsoft Exchange Server vulnerabilities

It seems fitting that 2022 began with the release of the Microsoft Exchange Server remote code execution vulnerability (CVE-2022-21846). It raises the question for anyone still with an on-premises Exchange Server: Do you have the expertise to keep it safe especially if you are targeted? Exchange 2019 is the only version under mainstream support at this time. If you are still running Exchange Server 2013, it reaches end of support on April 11, 2023. Your window of opportunity to make an easy transition is closing. Migrate to Exchange online or on-premises Exchange 2019 or consider a different email platform completely.

February: SharePoint vulnerabilities make it a target

February’s Microsoft security updates included CVE-2022-22005, which fixed an issue in SharePoint Server. Throughout the year SharePoint servers have received security updates. Anyone in charge of patching and maintaining SharePoint should know that it, too, is in the crosshairs of targeted attacks. Shodan search tools can be used to easily find vulnerable implementations on the web, so be sure that they are patched and maintained.

March: You can’t always depend on Windows Update for patching

March’s security issues reminded us that not all code is serviced through Windows Update. HEVC Video Extensions Remote Code Execution Vulnerability (CVE-2022-22006) showcased that you also needed to pay attention to how you service apps on your Windows fleets. If you had disabled the Microsoft Store, you may need to take action to patch this vulnerability as well as other similar pieces of code.

April: Print spooler vulnerabilities again rear their ugly heads

April showcased that we were not done with print spooler bugs. PrintNightmare (CVE-2022-26796) was one of many print spooler vulnerabilities discovered in 2022. Microsoft and others released patches quickly, but they addressed only remote code execution exploits. Local privilege escalation exploits require a manual workaround, which Microsoft provided.

May: Windows NFS vulnerable to remote code execution exploit

Windows Network File System Remote Code Execution Vulnerability (CVE-2022-24491/24497) has been used in recent months by malware called Cuba Ransomware. The vulnerability is exploitable only in Windows Server implementations with NFS enabled. Review your network for assets that have been missed in patching that might expose your network to more risk.