Microsoft Patch Tuesday January 2022 comes with 96 security updates

Microsoft released its Patch Tuesday updates on January 11th, with 96 security updates with a priority patch for a wormable vulnerability. Out of the 96 vulnerabilities, 89 important, 9 critical patches and 6 known zero day vulnerabilities in the Microsoft Patch Tuesday January 2022. These above breakdown includes 29 Microsoft Edge issues that were addressed and patched on Jan 06, 2022.

Microsoft Patch Tuesday January 2022 breakdown and updates

The patches released this time include Microsoft Windows and its components, MS Office, SharePoint Server, MS Dynamics, Open-Source Software, Microsoft RDP, .NET Framework, Windows HyperV and Exchange Server.  The primary concern is CVE-2022-21907 vulnerability with a CVSS score of 9.8, remote code execution flaw in HTTP Protocol.

Mikhail Medvedev, Russian Security  Researcher discovered the wormable vulnerability, stating the threat is self reliant and can be distributed irrespective of external trigger.  This vulnerability has been addressed by Microsoft by releasing a patch, but it could have been exploited by attackers to manipulate the functionalities for sinister act.

The zero-day vulnerabilities fixed by Microsoft Patch Tuesday January 2022

The below are the list of six zero day vulnerabilities that Microsoft has fixed in the Patch Tuesday Update.

• CVE-2022-21874 – Windows Security Center API Remote Code Execution Vulnerability
• CVE-2022-21836 – Windows Certificate Spoofing Vulnerability

• CVE-2022-21919 – Windows User Profile Service Elevation of Privilege Vulnerability
• CVE-2022-21839 – Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
• CVE-2021-36976 – Open-source libarchive Remote Code Execution Vulnerability
• CVE-2021-22947 – Open-Source curl Remote Code Execution Vulnerability

The CVE-2022-21849 with CVSS score 9.8 with Windows Internet Key Exchange which could be manipulated by threat actor to activate several exploits without proper authority. Another one, the CVE-2022-21840 of MS Office remote code execution flaws are also fixed in this release along with other remote code execution existing in RDP, SharePoint Server, ADDS, Cleanup manager and Windows Kerberos.

The CVE-2022-21969, CVE-2022-21855, CVE-2022-21846, with score of 9.0 is highly likely to be exploited so it is important to counter real world threats and the US NSA also flagged for CVE-2022-21846. The Patch Tuesday also comes during the catastrophic story of Log4Shell vulnerability which is till ongoing in different forms.

Security professionals should be deploying the Microsoft Patch Tuesday patches automatically to spare their time for unexpected and critical incidents.

List of Adobe patches and updates

Please also take a look at the list of Adobe’s Patches below that needs to be deployed to the earliest.

Furthermore, Microsoft has released a security guide update notification/alert mechanism that will facilitate IT teams to stay on top of the security loopholes and keep their network safe and secured.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.

You can reach out to us via Twitter or Facebook, for any advertising requests.