January 2022 Patch Tuesday BLUF
BLUF == Bottom Line up Front.
This is my first Patch Tuesday article, so I want to introduce myself. I am a Senior Security Engineer that focuses in Vulnerability Management and Threat Intelligence. I have a Youtube channel regarding OSINT and Security (https://youtube.com/c/0x4rko).
Is there anything of concern in this Patch Tuesday?
EDIT: CVE-2022–21907 has the potential to become weaponized. Please monitor and patch.
̶N̶o̶,̶ ̶a̶s̶ ̶o̶f̶ ̶n̶o̶w̶.̶ ̶
Are there any CVSS 9.5+ Vulnerabilities?
Any Actively Exploited Vulnerabilities?
Any Vulnerabilities to watch for?
41 Elevation of Privilege Vulnerabilities
9 Security Feature Bypass Vulnerabilities
29 RCE Vulnerabilities
6 Information Disclosure
9 DoS Vulnerabilities
3 Spoofing Vulnerabilities
Any other newsworthy items?
Coming Soon: New Security Update Guide Notification System
This will allow users to subscribe to security alerts using any email address (does not have to be live.com). This is great for service accounts and automation. Read more here.