January 12, 2022
As part of January’s monthly rollup updates, Microsoft has patched 6 Zero-Days and a total of 29 Remote Code Execution vulnerabilities.
Overall, Microsoft has patched 97 vulnerabilities across Windows, Hyper-V, and Office.
The Zero-Day Vulnerabilities
- CVE-2022-21919 (CVSS 3.1: 7.0, High Severity) – Windows User Profile Service Elevation of Privilege Vulnerability.
- CVE-2022-21874 (CVSS 3.1: 7.8, High Severity) – Windows Security Center API Remote Code Execution Vulnerability.
- CVE-2022-21839 (CVSS 3.1: 6.1, Medium Severity) – Windows Event Tracing Discretionary ACL List Denial of Service Vulnerability.
- CVE-2021-36976 (CVSS 3.1: Not Rated Yet) – Libarchive Remote Code Execution Vulnerability.
- CVE-2021-22947 (CVSS 3.1: Not Rated Yet) – Open Source Curl Remote Code Execution Vulnerability.
- CVE-2022-21836 (CVSS 3.1: 7.8, High Severity) – Windows Certificate Spoofing Vulnerability.
For the full patched vulnerabilities list, including the 29 RCEs, visit Microsoft January 2022 Security Updates.
CYREBRO recommends implementing the latest available Microsoft security/monthly rollup updates in all relevant systems as soon as possible.