Description
Microsoft released the first Patch Tuesday of 2022 to fix 97 vulnerabilities which includes 9 Critical, 88 Important vulnerabilities. Successful exploitation of this vulnerabilities could result in Remote Code Execution (RCE), Denial of Service (DoS) and Privilege Escalation.
Notable Vulnerabilities
CVE-2021-22947 - Open Source Curl Remote Code Execution Vulnerability.
CVE-2021-36976 - Libarchive Remote Code Execution Vulnerability.
CVE-2022-21919 - Windows User Profile Service Elevation of Privilege Vulnerability.
CVE-2022-21836 - Windows Certificate Spoofing Vulnerability.
CVE-2022-21839 - Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability.
CVE-2022-21874 - Windows Security Center API Remote Code Execution Vulnerability.
Affected Products:
.NET Framework
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft Office
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Office Word
Microsoft Windows Codecs Library
Open Source Software
Role: Windows Hyper-V
Tablet Windows User Interface
Windows Account Control
Windows Active Directory
Windows AppContracts API Server
Windows Application Model
Windows BackupKey Remote Protocol
Windows Bind Filter Driver
Windows Certificates
Windows Cleanup Manager
Windows Clipboard User Service
Windows Cluster Port Driver
Windows Common Log File System Driver
Windows Connected Devices Platform Service
Windows Cryptographic Services
Windows Defender
Windows Devices Human Interface
Windows Diagnostic Hub
Windows DirectX
Windows DWM Core Library
Windows Event Tracing
Windows Geolocation Service
Windows HTTP Protocol Stack
Windows IKE Extension
Windows Installer
Windows Kerberos
Windows Kernel
Windows Libarchive
Windows Local Security Authority
Windows Local Security Authority Subsystem Service
Windows Modern Execution Server
Windows Push Notifications
Windows RDP
Windows Remote Access Connection Manager
Windows Remote Desktop
Windows Remote Procedure Call Runtime
Windows Resilient File System (ReFS)
Windows Secure Boot
Windows Security Center
Windows StateRepository API
Windows Storage
Windows Storage Spaces Controller
Windows System Launcher
Windows Task Flow Data Engine
Windows Tile Data Repository
Windows UEFI
Windows UI Immersive Server
Windows User Profile Service Windows User-mode Driver Framework Windows Virtual Machine IDE Drive Windows Win32K Windows Workstation Service Remote Protocol
Recommendations Permanent Fix:
Keep applications and operating systems running at the current released patch level.
Run software with the least privileges.
Reference
https://msrc.microsoft.com/update-guide
https://www.windowscentral.com/january-2022-patch-tuesday-arrives-windows-11-and-10-security-updates-abound
Comments