• Rachel Hanlon

Microsoft released January 2022 Patch Tuesday for 97 Vulnerabilities including 6 zero-days

Description

Microsoft released the first Patch Tuesday of 2022 to fix 97 vulnerabilities which includes 9 Critical, 88 Important vulnerabilities. Successful exploitation of this vulnerabilities could result in Remote Code Execution (RCE), Denial of Service (DoS) and Privilege Escalation. Notable Vulnerabilities CVE-2021-22947 - Open Source Curl Remote Code Execution Vulnerability. CVE-2021-36976 - Libarchive Remote Code Execution Vulnerability. CVE-2022-21919 - Windows User Profile Service Elevation of Privilege Vulnerability. CVE-2022-21836 - Windows Certificate Spoofing Vulnerability. CVE-2022-21839 - Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability. CVE-2022-21874 - Windows Security Center API Remote Code Execution Vulnerability. Affected Products:

  • .NET Framework

  • Microsoft Dynamics

  • Microsoft Edge (Chromium-based)

  • Microsoft Exchange Server

  • Microsoft Graphics Component

  • Microsoft Office

  • Microsoft Office Excel

  • Microsoft Office SharePoint

  • Microsoft Office Word

  • Microsoft Windows Codecs Library

  • Open Source Software

  • Role: Windows Hyper-V

  • Tablet Windows User Interface

  • Windows Account Control

  • Windows Active Directory

  • Windows AppContracts API Server

  • Windows Application Model

  • Windows BackupKey Remote Protocol

  • Windows Bind Filter Driver

  • Windows Certificates

  • Windows Cleanup Manager

  • Windows Clipboard User Service

  • Windows Cluster Port Driver

  • Windows Common Log File System Driver

  • Windows Connected Devices Platform Service

  • Windows Cryptographic Services

  • Windows Defender

  • Windows Devices Human Interface

  • Windows Diagnostic Hub

  • Windows DirectX

  • Windows DWM Core Library

  • Windows Event Tracing

  • Windows Geolocation Service

  • Windows HTTP Protocol Stack

  • Windows IKE Extension

  • Windows Installer

  • Windows Kerberos

  • Windows Kernel

  • Windows Libarchive

  • Windows Local Security Authority

  • Windows Local Security Authority Subsystem Service

  • Windows Modern Execution Server

  • Windows Push Notifications

  • Windows RDP

  • Windows Remote Access Connection Manager

  • Windows Remote Desktop

  • Windows Remote Procedure Call Runtime

  • Windows Resilient File System (ReFS)

  • Windows Secure Boot

  • Windows Security Center

  • Windows StateRepository API

  • Windows Storage

  • Windows Storage Spaces Controller

  • Windows System Launcher

  • Windows Task Flow Data Engine

  • Windows Tile Data Repository

  • Windows UEFI

  • Windows UI Immersive Server

  • Windows User Profile Service Windows User-mode Driver Framework Windows Virtual Machine IDE Drive Windows Win32K Windows Workstation Service Remote Protocol

Recommendations Permanent Fix:

  • Keep applications and operating systems running at the current released patch level.

  • Run software with the least privileges.

Reference

  • https://msrc.microsoft.com/update-guide

  • https://www.windowscentral.com/january-2022-patch-tuesday-arrives-windows-11-and-10-security-updates-abound





1 view0 comments