Microsoft’s January 2022 Patch Tuesday security patch includesĀ a total of 97 vulnerabilities detected, including six zero-day with nine classified as Critical and then 88 as Important. Furthermore, the products covered in January’s security update include Microsoft Office, Microsoft Windows, Microsoft Office, Microsoft Edge, Microsoft Dynamics, Microsoft Exchange Server, Windows Defender, Windows RDP, Windows Direct X, etc. A patch management software can fix these vulnerabilities.
None of the Vulnerabilities are actively exploited. However, having a vulnerability management tool is essential.
Zero-day Vulnerabilities
- CVE-2021-22947 – Open Source Curl Remote Code Execution Vulnerability was found in the curl before 7.79.0. This flaw allows for Man-in-The-Middle (MITM) attacks. In addition, using this vulnerability, an attacker can inject fake response data over POP3 and IMAP.
- CVE-2021-36976 – Libarchive Remote Code Execution Vulnerability. Similarly, a use-after-free flaw found in libarchive in the copy_string function which leads to RCE.
- CVE-2022-21874 – Windows Security Center API Remote Code Execution Vulnerability. However, this flaw can be exploited remotely and doesn’t require any form of authentication.
- CVE-2022-21919 – Windows User Profile Service Elevation of Privilege Vulnerability. This flaw occurs due to an error when handling a maliciously crafted file. However, an attacker can exploit this vulnerability remotely and leverage their privileges on vulnerable systems.
- CVE-2022-21839 – Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability. The flaw exists due to insufficient validation of user-supplied input. Moreover, a local attacker can pass specially crafted input, leading to a DOS attack.
- CVE-2022-21836 – Windows Certificate Spoofing Vulnerability. The flaw exists due to incorrect processing of user-supplied data in the Windows Certificate. However, this flaw was publicly disclosed, and compromised certificates have been added to the Windows kernel driver block list.
Critical Vulnerabilities in Microsoft January 2022 Patch Tuesday
- CVE-2022-21846 – Microsoft Exchange Server Remote Code Execution Vulnerability. Furthermore, this flaw has been rated as CVSSv3 score of 9.0 out of 10. According to Microsoft, these vulnerabilities require adjacent attacks, meaning “it cannot simply be done across the internet, but instead needs something specifically tied to the target.”
- CVE-2022-21840 – Microsoft Office Remote Code Execution Vulnerability. However, for exploiting this vulnerability, an attacker needs some interaction with the victim as exploitation needs the victim to open a malicious file. Successful exploitation will lead to Remote Code Execution.
- CVE-2022-21917 – HEVC Video Extensions Remote Code Execution Vulnerability. Moreover, for exploitation, authentication and user interaction are required.
- CVE-2022-21857 – Active Directory Domain Services Elevation of Privilege Vulnerability. In addition, an attacker can exploit this vulnerability remotely and leverage their privileges on vulnerable systems.
- CVE-2022-21898, CVE-2022-21912– DirectX Graphics Kernel Remote Code Execution Vulnerability. The flaw exists due to improper input validation. In addition, an attacker can send a specially crafted request and then execute arbitrary code on the target system. Furthermore, successful exploitation will lead to complete system compromise.
- CVE-2022-21907 – HTTP Protocol Stack Remote Code Execution Vulnerability. Moreover, this flaw can be exploited remotely and doesn’t require any form of authentication.
- CVE-2022-21833 – Virtual Machine IDE Drive Elevation of Privilege Vulnerability. However, an attacker can exploit this vulnerability remotely and leverage their privileges on vulnerable systems.
Microsoft security bulletin summary for January 2022
- Windows Remote Desktop
- Windows Installer
- Windows Defender
- Microsoft Teams
- Microsoft Windows Codecs Library
- Microsoft Dynamics
- Microsoft Edge (Chromium-based)
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft Office Word
- Windows Storage
- Windows Storage Spaces Controller
- Windows System Launcher
- Windows Task Flow Data Engine
- Windows Tile Data Repository
- Windows UEFI
- .NET Framework
Product: Microsoft Windows
CVEs/Advisory: CVE-2021-22947, CVE-2021-36976, CVE-2022-21833, CVE-2022-21834, CVE-2022-21835, CVE-2022-21836, CVE-2022-21838, CVE-2022-21839, CVE-2022-21843, CVE-2022-21847, CVE-2022-21848, CVE-2022-21849, CVE-2022-21850, CVE-2022-21851, CVE-2022-21852, CVE-2022-21857, CVE-2022-21858, CVE-2022-21859, CVE-2022-21860, CVE-2022-21861, CVE-2022-21862, CVE-2022-21863, CVE-2022-21864, CVE-2022-21865, CVE-2022-21866, CVE-2022-21867, CVE-2022-21868, CVE-2022-21869, CVE-2022-21870, CVE-2022-21871, CVE-2022-21872, CVE-2022-21873, CVE-2022-21874, CVE-2022-21875, CVE-2022-21876, CVE-2022-21877, CVE-2022-21878, CVE-2022-21879, CVE-2022-21880, CVE-2022-21881, CVE-2022-21882, CVE-2022-21883, CVE-2022-21884, CVE-2022-21885, CVE-2022-21887, CVE-2022-21888, CVE-2022-21889, CVE-2022-21890, CVE-2022-21892, CVE-2022-21893, CVE-2022-21894, CVE-2022-21895, CVE-2022-21896, CVE-2022-21897, CVE-2022-21898, CVE-2022-21899, CVE-2022-21900, CVE-2022-21901, CVE-2022-21902, CVE-2022-21903, CVE-2022-21904, CVE-2022-21905, CVE-2022-21906, CVE-2022-21907, CVE-2022-21908, CVE-2022-21910, CVE-2022-21912, CVE-2022-21913, CVE-2022-21914, CVE-2022-21915, CVE-2022-21916, CVE-2022-21918, CVE-2022-21919, CVE-2022-21920, CVE-2022-21921, CVE-2022-21922, CVE-2022-21924, CVE-2022-21925, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass and then Spoofing
KBs: 5009543, 5009545, 5009546, 5009555, 5009557, 5009566, 5009585, 5009586, 5009595, 5009619, 5009624
Product: Microsoft Office
CVEs/Advisory: CVE-2022-21837, CVE-2022-21840, CVE-2022-21841, CVE-2022-21842
Impact: Remote Code Execution
KBs: 5001995, 5002052, 5002057, 5002060, 5002064, 5002102, 5002108, 5002109, 5002110, 5002111, 5002113, 5002114, 5002115, 5002116, 5002118, 5002119, 5002122, 5002124, 5002127, 5002128, 5002129
Product: Microsoft Exchange Server
CVEs/Advisory: CVE-2022-21846, CVE-2022-21855, CVE-2022-2196
Impact: Remote Code Execution
KBs: 5008631
Product: Microsoft Edge (Chromium-based)
CVEs/Advisory: CVE-2022-21970, CVE-2022-0120, CVE-2022-0118, CVE-2022-0117, CVE-2022-0116, CVE-2022-0115, CVE-2022-0114, CVE-2022-0113, CVE-2022-0112, CVE-2022-0111, CVE-2022-0110, CVE-2022-0109, CVE-2022-0108, CVE-2022-0107, CVE-2022-0106, CVE-2022-0105, CVE-2022-0104, CVE-2022-0103, CVE-2022-0102, CVE-2022-0101, CVE-2022-0100, CVE-2022-0099, CVE-2022-0098, CVE-2022-0097, CVE-2022-0096, CVE-2022-21954, CVE-2022-21931, CVE-2022-21930, CVE-2022-21929
Impact: Elevation of Privilege, Remote Code Execution
However, SanerNow VM and SanerNow PM detect these vulnerabilities and automatically fix them by applying security updates. Finally, use SanerNow and keep your systems updated and secure.