Patch Tuesday is once again upon us. The January 2022 edition of Patch Tuesday brings us 98 fixes, 9 of which are rated as critical. We’ve listed the most important changes below.
⚡ TL;DR | Go Straight to the January 2022 Patch Tuesday Audit Report
HTTP Protocol Stack RCE
The most severe vulnerability fixed this month is a remote code execution vulnerability in the HTTP protocol stack, CVE-2022-21907. By sending a specially crafted packet, an attacker can target a vulnerable server using the HTTP protocol stack (http.sys) to process packets which can allow for remote code execution on the targetted system. Patching is the best solution and with a CVSS base score of 9.8, it is best you patch this one as soon as possible. Microsoft also mentions that this vulnerability is wormable!
Windows Server 2019 and Windows 10 version 1809 aren’t vulnerable by default to this one, but if the HTTP Trailer Support feature has been enabled, even those versions are vulnerable. Microsoft recommends checking the following registry key if you want to double-check if your Server 2019 and Windows 10 version 1809 systems are affected:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesHTTPParameters
“EnableTrailerSupport”=dword:00000001
To perform this check across your entire IT environment you can also use the registry key audit. This will let you audit all of your computers at once and get an overview of machines where the registry key has been found.
Microsoft Exchange Server RCE
Microsoft Exchange keeps on giving, after the Y2K22 bug earlier this month, a new RCE has been fixed with a CVSS base score of 9, CVE-2022-21846. Luckily Microsoft lists that this vulnerability cannot be exploited via the internet. It can only be exploited on a logically adjacent topology. Microsoft provided some examples of what this could look like:
“Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.”
Microsoft Office RCE
The last of the big critical vulnerabilities is related to Microsoft Office. CVE-2022-21840 has a CVSS score of 8.8. Similar to previous vulnerabilities in Office, luckily the preview pane isn’t vulnerable, so at least there is some protection. The vulnerability requires users to either open a malicious file or click on a link that refers to a hosted file. Like many other vulnerabilities, ensuring your users have adequate training on safe web usage should prevent exploitation.
Run the Patch Tuesday January 2022 Audit Report
To help manage your update progress, we’ve created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
Patch Tuesday January 2022 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2022-21969 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2022-21964 | Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability |
| CVE-2022-21963 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21962 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21961 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21960 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21959 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21958 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21932 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability |
| CVE-2022-21928 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21925 | Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability |
| CVE-2022-21924 | Workstation Service Remote Protocol Security Feature Bypass Vulnerability |
| CVE-2022-21922 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2022-21921 | Windows Defender Credential Guard Security Feature Bypass Vulnerability |
| CVE-2022-21920 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2022-21919 | Windows User Profile Service Elevation of Privilege Vulnerability |
| CVE-2022-21918 | DirectX Graphics Kernel File Denial of Service Vulnerability |
| CVE-2022-21917 | HEVC Video Extensions Remote Code Execution Vulnerability |
| CVE-2022-21916 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-21915 | Windows GDI+ Information Disclosure Vulnerability |
| CVE-2022-21914 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2022-21913 | Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass |
| CVE-2022-21912 | DirectX Graphics Kernel Remote Code Execution Vulnerability |
| CVE-2022-21911 | .NET Framework Denial of Service Vulnerability |
| CVE-2022-21910 | Microsoft Cluster Port Driver Elevation of Privilege Vulnerability |
| CVE-2022-21908 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2022-21907 | HTTP Protocol Stack Remote Code Execution Vulnerability |
| CVE-2022-21906 | Windows Defender Application Control Security Feature Bypass Vulnerability |
| CVE-2022-21905 | Windows Hyper-V Security Feature Bypass Vulnerability |
| CVE-2022-21904 | Windows GDI Information Disclosure Vulnerability |
| CVE-2022-21903 | Windows GDI Elevation of Privilege Vulnerability |
| CVE-2022-21902 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2022-21901 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2022-21900 | Windows Hyper-V Security Feature Bypass Vulnerability |
| CVE-2022-21899 | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability |
| CVE-2022-21898 | DirectX Graphics Kernel Remote Code Execution Vulnerability |
| CVE-2022-21897 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-21896 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2022-21895 | Windows User Profile Service Elevation of Privilege Vulnerability |
| CVE-2022-21894 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2022-21893 | Remote Desktop Protocol Remote Code Execution Vulnerability |
| CVE-2022-21892 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2022-21891 | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability |
| CVE-2022-21890 | Windows IKE Extension Denial of Service Vulnerability |
| CVE-2022-21889 | Windows IKE Extension Denial of Service Vulnerability |
| CVE-2022-21888 | Windows Modern Execution Server Remote Code Execution Vulnerability |
| CVE-2022-21887 | Win32k Elevation of Privilege Vulnerability |
| CVE-2022-21885 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2022-21884 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability |
| CVE-2022-21883 | Windows IKE Extension Denial of Service Vulnerability |
| CVE-2022-21882 | Win32k Elevation of Privilege Vulnerability |
| CVE-2022-21881 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-21880 | Windows GDI+ Information Disclosure Vulnerability |
| CVE-2022-21879 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-21878 | Windows Geolocation Service Remote Code Execution Vulnerability |
| CVE-2022-21877 | Storage Spaces Controller Information Disclosure Vulnerability |
| CVE-2022-21876 | Win32k Information Disclosure Vulnerability |
| CVE-2022-21875 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2022-21874 | Windows Security Center API Remote Code Execution Vulnerability |
| CVE-2022-21873 | Tile Data Repository Elevation of Privilege Vulnerability |
| CVE-2022-21872 | Windows Event Tracing Elevation of Privilege Vulnerability |
| CVE-2022-21871 | Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability |
| CVE-2022-21870 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability |
| CVE-2022-21869 | Clipboard User Service Elevation of Privilege Vulnerability |
| CVE-2022-21868 | Windows Devices Human Interface Elevation of Privilege Vulnerability |
| CVE-2022-21867 | Windows Push Notifications Apps Elevation Of Privilege Vulnerability |
| CVE-2022-21866 | Windows System Launcher Elevation of Privilege Vulnerability |
| CVE-2022-21865 | Connected Devices Platform Service Elevation of Privilege Vulnerability |
| CVE-2022-21864 | Windows UI Immersive Server API Elevation of Privilege Vulnerability |
| CVE-2022-21863 | Windows StateRepository API Server file Elevation of Privilege Vulnerability |
| CVE-2022-21862 | Windows Application Model Core API Elevation of Privilege Vulnerability |
| CVE-2022-21861 | Task Flow Data Engine Elevation of Privilege Vulnerability |
| CVE-2022-21860 | Windows AppContracts API Server Elevation of Privilege Vulnerability |
| CVE-2022-21859 | Windows Accounts Control Elevation of Privilege Vulnerability |
| CVE-2022-21858 | Windows Bind Filter Driver Elevation of Privilege Vulnerability |
| CVE-2022-21857 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2022-21855 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2022-21852 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2022-21851 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2022-21850 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2022-21849 | Windows IKE Extension Remote Code Execution Vulnerability |
| CVE-2022-21848 | Windows IKE Extension Denial of Service Vulnerability |
| CVE-2022-21847 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2022-21846 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2022-21843 | Windows IKE Extension Denial of Service Vulnerability |
| CVE-2022-21842 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2022-21841 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2022-21840 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2022-21839 | Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability |
| CVE-2022-21838 | Windows Cleanup Manager Elevation of Privilege Vulnerability |
| CVE-2022-21837 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2022-21836 | Windows Certificate Spoofing Vulnerability |
| CVE-2022-21835 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
| CVE-2022-21834 | Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability |
| CVE-2022-21833 | Virtual Machine IDE Drive Elevation of Privilege Vulnerability |
| CVE-2021-36976 | Libarchive Remote Code Execution Vulnerability |
| CVE-2021-22947 | Open Source Curl Remote Code Execution Vulnerability |
Receive the Latest Patch Tuesday Report for FREE Every Month
"*" indicates required fields
