January 2022 Patch Tuesday BLUF

1 min readJan 11, 2022


BLUF == Bottom Line up Front.

This is my first Patch Tuesday article, so I want to introduce myself. I am a Senior Security Engineer that focuses in Vulnerability Management and Threat Intelligence. I have a Youtube channel regarding OSINT and Security (https://youtube.com/c/0x4rko).

Is there anything of concern in this Patch Tuesday?

EDIT: CVE-2022–21907 has the potential to become weaponized. Please monitor and patch.
̶N̶o̶,̶ ̶a̶s̶ ̶o̶f̶ ̶n̶o̶w̶.̶ ̶

Are there any CVSS 9.5+ Vulnerabilities?

CVE-2022–21849 and CVE-2022–21907

Any Actively Exploited Vulnerabilities?


Any Vulnerabilities to watch for?


In total:
41 Elevation of Privilege Vulnerabilities

9 Security Feature Bypass Vulnerabilities

29 RCE Vulnerabilities

6 Information Disclosure

9 DoS Vulnerabilities

3 Spoofing Vulnerabilities

Any other newsworthy items?

Coming Soon: New Security Update Guide Notification System

This will allow users to subscribe to security alerts using any email address (does not have to be live.com). This is great for service accounts and automation. Read more here.