January Patch Tuesday 2022 Fixes 96 Critical Issues
With 96 new bugs, Microsoft is kicking off the first Patch Tuesday of 2022 with a bang. There are 8 Critical and 88 Important fixes.
Microsoft Patch Tuesday Released with 96 Fixes
There are 8 Critical (one more than last month) and 88 Important fixes in this release. Updates were included for Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop.Â
Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month. Next month you need to renew for a third ESU if you are still using Windows 7 or 2008 R2.
The first Patch Tuesday of the year has arrived with a bang, and just in time for many of our customers who are ending their change freeze following the New Year holidays. We do not have any confirmed Weaponized threats to deal with this month so far, however we do have 6 confirmed Public Aware threats which could be weaponized at any minute.”
Syxsense Recommendations
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as possible.
Top January 2022 Patches and Vulnerabilities
1. CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability
The vulnerability exists due to a boundary error within the HTTP Trailer Support feature in HTTP Protocol Stack (http.sys). A remote attacker can send a specially crafted HTTP request to the web server, trigger a buffer overflow and execute arbitrary code on the system. Microsoft recommends prioritizing the patching of affected devices because it is suspected to be wormable.
Syxscore
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponized: No
- Public Aware: Yes
- Countermeasure: Yes
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): No
2. CVE-2022-21849: Windows IKE Extension Remote Code Execution Vulnerability
The vulnerability exists due to insufficient validation of user-supplied input Windows IKE Extension. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack. In an environment where Internet Key Exchange (IKE) version 2 is enabled, a remote attacker could trigger multiple vulnerabilities without being authenticated.
Syxscore
- Vendor Severity: Important
- CVSS: 9.8
- Weaponized: No
- Public Aware: No
- Countermeasure: Yes
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): No
3. CVE-2022-21912: DirectX Graphics Kernel Remote Code Execution Vulnerability
The vulnerability allows a local user to execute arbitrary code on the target system, and successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The authenticated attacker could take advantage of a vulnerability in dxgkrnl.sys to execute an arbitrary pointer dereference in kernel mode. What makes this even worse is an attacker with non-admin credentials can potentially carry out an exploit using this vulnerability.
Syxscore
- Vendor Severity: Critical
- CVSS: 7.8
- Weaponized: No
- Public Aware: No
- Countermeasure: Yes
Syxscore Risk
- Attack Vector: Local
- Attack Complexity: High
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Yes
Syxsense Recommendations
Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month; please pay close attention to any of these which are Publicly Aware and / or Weaponized.
| CVE Reference | Description | Vendor Severity | CVSS Score | Weaponised | Publicly Aware | Countermeasure | Highest Priority |
| CVE-2022-21907 | HTTP Protocol Stack Remote Code Execution Vulnerability | Critical | 9.8 | No | No | Yes | Yes |
| CVE-2022-21849 | Windows IKE Extension Remote Code Execution Vulnerability | Important | 9.8 | No | No | No | Yes |
| CVE-2022-21846 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical | 9 | No | No | No | Yes |
| CVE-2022-21855 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important | 9 | No | No | No | Yes |
| CVE-2022-21969 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important | 9 | No | No | No | Yes |
| CVE-2022-21901 | Windows Hyper-V Elevation of Privilege Vulnerability | Important | 9 | No | No | No | Yes |
| CVE-2022-21857 | Active Directory Domain Services Elevation of Privilege Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2022-21840 | Microsoft Office Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2022-21850 | Remote Desktop Client Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2022-21851 | Remote Desktop Client Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2022-21893 | Remote Desktop Protocol Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2022-21922 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2022-21920 | Windows Kerberos Elevation of Privilege Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2022-21837 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.3 | No | No | No | Yes |
| CVE-2022-21912 | DirectX Graphics Kernel Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2022-21898 | DirectX Graphics Kernel Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2022-21917 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2022-21833 | Virtual Machine IDE Drive Elevation of Privilege Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2022-21836 | Windows Certificate Spoofing Vulnerability | Important | 7.8 | No | Yes | No | Yes |
| CVE-2022-21874 | Windows Security Center API Remote Code Execution Vulnerability | Important | 7.8 | No | Yes | No | Yes |
| CVE-2022-21919 | Windows User Profile Service Elevation of Privilege Vulnerability | Important | 7 | No | Yes | No | Yes |
| CVE-2022-21884 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21910 | Microsoft Cluster Port Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21835 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21841 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21842 | Microsoft Word Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21858 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21916 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21897 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21852 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21902 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21878 | Windows Geolocation Service Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21908 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21888 | Windows Modern Execution Server Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21885 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21914 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21895 | Windows User Profile Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2022-21891 | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | Important | 7.6 | No | No | No | |
| CVE-2022-21932 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | Important | 7.6 | No | No | No | |
| CVE-2022-21911 | .NET Framework Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-21904 | Windows GDI Information Disclosure Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-21880 | Windows GDI+ Information Disclosure Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-21843 | Windows IKE Extension Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-21883 | Windows IKE Extension Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-21848 | Windows IKE Extension Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-21889 | Windows IKE Extension Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-21890 | Windows IKE Extension Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2022-21839 | Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability | Important | 6.1 | No | Yes | No | |
| CVE-2022-21869 | Clipboard User Service Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21865 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21871 | Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21870 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21861 | Task Flow Data Engine Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21873 | Tile Data Repository Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21882 | Win32k Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21887 | Win32k Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21859 | Windows Accounts Control Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21860 | Windows App Contracts API Server Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21862 | Windows Application Model Core API Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21868 | Windows Devices Human Interface Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21896 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21872 | Windows Event Tracing Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21903 | Windows GDI Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21881 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21867 | Windows Push Notifications Apps Elevation Of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21863 | Windows State Repository API Server file Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21875 | Windows Storage Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21866 | Windows System Launcher Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21864 | Windows UI Immersive Server API Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21834 | Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability | Important | 7 | No | No | ||
| CVE-2022-21892 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important | 6.8 | No | No | ||
| CVE-2022-21958 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important | 6.8 | No | No | ||
| CVE-2022-21959 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important | 6.8 | No | No | ||
| CVE-2022-21960 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important | 6.8 | No | No | ||
| CVE-2022-21961 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important | 6.8 | No | No | ||
| CVE-2022-21962 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important | 6.8 | No | No | ||
| CVE-2022-21918 | DirectX Graphics Kernel File Denial of Service Vulnerability | Important | 6.5 | No | No | ||
| CVE-2022-21915 | Windows GDI+ Information Disclosure Vulnerability | Important | 6.5 | No | No | ||
| CVE-2022-21847 | Windows Hyper-V Denial of Service Vulnerability | Important | 6.5 | No | No | ||
| CVE-2022-21963 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important | 6.4 | No | No | ||
| CVE-2022-21928 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Important | 6.3 | No | No | ||
| CVE-2022-21970 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 6.1 | No | No | ||
| CVE-2022-21964 | Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability | Important | 5.5 | No | No | ||
| CVE-2022-21877 | Storage Spaces Controller Information Disclosure Vulnerability | Important | 5.5 | No | No | ||
| CVE-2022-21876 | Win32k Information Disclosure Vulnerability | Important | 5.5 | No | No | ||
| CVE-2022-21838 | Windows Clean up Manager Elevation of Privilege Vulnerability | Important | 5.5 | No | No | ||
| CVE-2022-21906 | Windows Defender Application Control Security Feature Bypass Vulnerability | Important | 5.5 | No | No | ||
| CVE-2022-21899 | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | Important | 5.5 | No | No | ||
| CVE-2022-21879 | Windows Kernel Elevation of Privilege Vulnerability | Important | 5.5 | No | No | ||
| CVE-2022-21913 | Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass | Important | 5.3 | No | No | ||
| CVE-2022-21925 | Windows Backup Key Remote Protocol Security Feature Bypass Vulnerability | Important | 5.3 | No | No | ||
| CVE-2022-21924 | Workstation Service Remote Protocol Security Feature Bypass Vulnerability | Important | 5.3 | No | No | ||
| CVE-2022-21900 | Windows Hyper-V Security Feature Bypass Vulnerability | Important | 4.6 | No | No | ||
| CVE-2022-21905 | Windows Hyper-V Security Feature Bypass Vulnerability | Important | 4.6 | No | No | ||
| CVE-2022-21894 | Secure Boot Security Feature Bypass Vulnerability | Important | 4.4 | No | No | ||
| CVE-2022-21921 | Windows Defender Credential Guard Security Feature Bypass Vulnerability | Important | 4.4 | No | No |
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
