January 2022 Patch Tuesday BLUF

BLUF == Bottom Line up Front.

This is my first Patch Tuesday article, so I want to introduce myself. I am a Senior Security Engineer that focuses in Vulnerability Management and Threat Intelligence. I have a Youtube channel regarding OSINT and Security (https://youtube.com/c/0x4rko).

Is there anything of concern in this Patch Tuesday?

EDIT: CVE-2022–21907 has the potential to become weaponized. Please monitor and patch.
̶N̶o̶,̶ ̶a̶s̶ ̶o̶f̶ ̶n̶o̶w̶.̶ ̶

Are there any CVSS 9.5+ Vulnerabilities?

CVE-2022–21849 and CVE-2022–21907

Any Actively Exploited Vulnerabilities?

No.

Any Vulnerabilities to watch for?

CVE-2022–21846
CVE-2022–21907

In total:
41 Elevation of Privilege Vulnerabilities

9 Security Feature Bypass Vulnerabilities

29 RCE Vulnerabilities

6 Information Disclosure

9 DoS Vulnerabilities

3 Spoofing Vulnerabilities

Any other newsworthy items?

Coming Soon: New Security Update Guide Notification System

This will allow users to subscribe to security alerts using any email address (does not have to be live.com). This is great for service accounts and automation. Read more here.

Links:

https://rawcdn.githack.com/campuscodi/Microsoft-Patch-Tuesday-Security-Reports/564ec5b77765daa93dfc6dd567300a52552799e3/Reports/MSRC_CVEs2022-Jan.html

https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2022-patch-tuesday-fixes-6-zero-days-97-flaws/

--

--

--

Senior Vulnerability Management Engineer

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

11 cool things to do with a VPN

BMI Pre-TGE Announcement

Why you should NOT know what a MAC address is

Remote code execution (RCE)

{UPDATE} 爱来麻将 Hack Free Resources Generator

COVID-19 Edition: What is the Cyber Kill Chain?

{UPDATE} Vineyard Valley: Design Game Hack Free Resources Generator

CafeBazaar and Subdomain Takeover

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
0x4rk0

0x4rk0

Senior Vulnerability Management Engineer

More from Medium

YouTube Dislike Button and How to Bring It Back

Rest & restrictions

What is an ISIC Card?

Click Interview’ with Dead Man’s Hill: ‘I Never Considered My Musical Path As Evolutionary’

Click Interview’ with Dead Man’s Hill: ‘I Never Considered My Musical Path As Evolutionary’