Microsoft Patches 6 Zero-Days & 29 RCEs, 97 Vulnerabilities Overall

January 12, 2022

As part of January’s monthly rollup updates, Microsoft has patched 6 Zero-Days and a total of 29 Remote Code Execution vulnerabilities.

Overall, Microsoft has patched 97 vulnerabilities across Windows, Hyper-V, and Office.

The Zero-Day Vulnerabilities

  • CVE-2022-21919 (CVSS 3.1: 7.0, High Severity) – Windows User Profile Service Elevation of Privilege Vulnerability.
  • CVE-2022-21874 (CVSS 3.1: 7.8, High Severity) – Windows Security Center API Remote Code Execution Vulnerability.
  • CVE-2022-21839 (CVSS 3.1: 6.1, Medium Severity) – Windows Event Tracing Discretionary ACL List Denial of Service Vulnerability.
  • CVE-2021-36976 (CVSS 3.1: Not Rated Yet) – Libarchive Remote Code Execution Vulnerability.
  • CVE-2021-22947 (CVSS 3.1: Not Rated Yet) – Open Source Curl Remote Code Execution Vulnerability.
  • CVE-2022-21836 (CVSS 3.1: 7.8, High Severity) – Windows Certificate Spoofing Vulnerability.

For the full patched vulnerabilities list, including the 29 RCEs, visit Microsoft January 2022 Security Updates.


CYREBRO recommends implementing the latest available Microsoft security/monthly rollup updates in all relevant systems as soon as possible.

Sign Up for Updates