January 2022 Patch Tuesday BLUF

BLUF == Bottom Line up Front.

This is my first Patch Tuesday article, so I want to introduce myself. I am a Senior Security Engineer that focuses in Vulnerability Management and Threat Intelligence. I have a Youtube channel regarding OSINT and Security (https://youtube.com/c/0x4rko).

Is there anything of concern in this Patch Tuesday?

EDIT: CVE-2022–21907 has the potential to become weaponized. Please monitor and patch.
̶N̶o̶,̶ ̶a̶s̶ ̶o̶f̶ ̶n̶o̶w̶.̶ ̶

Are there any CVSS 9.5+ Vulnerabilities?

CVE-2022–21849 and CVE-2022–21907

Any Actively Exploited Vulnerabilities?

No.

Any Vulnerabilities to watch for?

CVE-2022–21846
CVE-2022–21907

In total:
41 Elevation of Privilege Vulnerabilities

9 Security Feature Bypass Vulnerabilities

29 RCE Vulnerabilities

6 Information Disclosure

9 DoS Vulnerabilities

3 Spoofing Vulnerabilities

Any other newsworthy items?

Coming Soon: New Security Update Guide Notification System

This will allow users to subscribe to security alerts using any email address (does not have to be live.com). This is great for service accounts and automation. Read more here.

Links:

https://rawcdn.githack.com/campuscodi/Microsoft-Patch-Tuesday-Security-Reports/564ec5b77765daa93dfc6dd567300a52552799e3/Reports/MSRC_CVEs2022-Jan.html

https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2022-patch-tuesday-fixes-6-zero-days-97-flaws/

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
0x4rk0

0x4rk0

Senior Vulnerability Management Engineer