January’s Patch Tuesday saw the release of patches for 125 vulnerabilities. A significant rise in the number of vulnerabilities to celebrate the new year, it seems! Luckily the number didn’t include a single zero-day vulnerability.

Products, components, and roles with vulnerabilities

  • .NET Framework
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft Windows Codecs Library
  • Open Source Software
  • Role: Windows Hyper-V
  • Tablet Windows User Interface
  • Windows Account Control
  • Windows Active Directory
  • Windows AppContracts API Server
  • Windows Application Model
  • Windows BackupKey Remote Protocol
  • Windows Bind Filter Driver
  • Windows Certificates
  • Windows Cleanup Manager
  • Windows Clipboard User Service
  • Windows Cluster Port Driver
  • Windows Common Log File System Driver
  • Windows Connected Devices Platform Service
  • Windows Cryptographic Services
  • Windows Defender
  • Windows Devices Human Interface
  • Windows Diagnostic Hub
  • Windows DirectX
  • Windows DWM Core Library
  • Windows Event Tracing
  • Windows Geolocation Service
  • Windows HTTP Protocol Stack
  • Windows IKE Extension
  • Windows Installer
  • Windows Kerberos
  • Windows Kernel
  • Windows Libarchive
  • Windows Local Security Authority
  • Windows Local Security Authority Subsystem Service
  • Windows Modern Execution Server
  • Windows Push Notifications
  • Windows RDP
  • Windows Remote Access Connection Manager
  • Windows Remote Desktop
  • Windows Remote Procedure Call Runtime
  • Windows Resilient File System (ReFS)
  • Windows Secure Boot
  • Windows Security Center
  • Windows StateRepository API
  • Windows Storage
  • Windows Storage Spaces Controller
  • Windows System Launcher
  • Windows Task Flow Data Engine
  • Windows Tile Data Repository
  • Windows UEFI
  • Windows UI Immersive Server
  • Windows User Profile Service
  • Windows User-mode Driver Framework
  • Windows Virtual Machine IDE Drive
  • Windows Win32K
  • Windows Workstation Service Remote Protocol

 

Key points

As mentioned, this month went without a single zero-day vulnerability. However, there were altogether six publicly disclosed vulnerabilities: CVE-2022-21874, CVE-2021-36976, CVE-2022-21836, CVE-2022-21839, CVE-2021-22947, and CVE-2022-21919. In addition, two vulnerabilities had a critical level CVSS score of 9.8: CVE-2022-21849 and CVE-2022-21907.

Prioritize these patches if possible:

  • CVE-2022-21874 (publicly disclosed) is a Windows Security Center API vulnerability.
  • CVE-2021-36976 (publicly disclosed) is a Libarchive vulnerability. The Windows operating system uses this open-source library. The library’s latest version includes a patch for this vulnerability, and this latest library is included in January’s security patches.
  • CVE-2022-21836 (CVSS 7.8, publicly disclosed) is a vulnerability that targets the Windows certificates. In addition to the fix in January’s patches, Microsoft recommends using the Windows Defender Application Control (WDAC) solution to mitigate this type of vulnerabilities.
  • CVE-2022-21839 (CVSS 6.1, publicly disclosed) is a Windows Event Tracing Discretionary ACL (Access Control List) vulnerability.
  • CVE-2021-22947 (publicly disclosed) is a vulnerability in Open Source Curl. This Curl library is used in Windows operating systems. January’s security patch includes a new version, and new security, for this library. You can find additional information from Curl’s own site.
  • CVE-2022-21919 (CVSS 7.0, publicly disclosed) is a vulnerability in Windows User Profile service.
  • CVE-2022-21849 (CVSS 9.8) is a vulnerability in Windows IKE Extension. If you are using IPSec, this vulnerability can be exploited.
  • CVE-2022-21907 (CVSS 9.8) is a HTTP Protocol Stack vulnerability. Microsoft has introduced also an alternative method for mitigating the effects of this vulnerability. From the previous vulnerability article.

 

Active and known issues in Windows operating systems

Operating System Active known issues (previous month)
Windows 11, version 21H2 1 (0)
Windows 10, version 21H1 and Windows Server, version 21H1 3 (2)
Windows 10, version 20H2 and Windows Server, version 20H2 3 (2)
Windows 10, version 2004 and Windows Server, version 2004 3 (2)
Windows 10, versions 1909** and 1903** and Windows Server, version 1903** 0 (0) Support has partially ended for Windows 10 versions 1903 and 1909.
Windows 10, version 1809** and Windows Server 2019 3 (3) Support has ended for Windows 10 version 1803.
Windows 10, version 1803** Support has ended.
Windows 10, version 1709*** and Windows Server, version 1709 Support has ended.
Windows 10, version 1703*** Support has ended.
Windows 10, version 1607 LTSC*** and Windows Server 20162 1 (1)
Windows 8.1**** and Windows Server 2012 R2 2 (1)
Windows Server 2012 2 (1)
Windows 7**** and Windows Server 2008 R2 SP1 2 (2)
  • * 1909 has the same operating system core and identical system files as its predecessor, 1903.
  • ** The support for Windows 10’s build in question has ended for versions Home, Pro, and Enterprise.
  • *** The support for Windows 10’s build in question has ended for all versions.
  • **** The Mainstream support period for the Windows version has ended. Extended support periods end: For Windows 8.1, on Jan 10th 2023, and for Windows 7, on Jan 14th 2020.

 

Recommended actions

The critical, zero-day, and publicly disclosed vulnerabilities mentioned in the beginning should be patched as soon as possible. However, Centero recommends testing the updates carefully before migrating them into production. In addition, you should go through any known issues before deploying the updates.

Organizations should make sure their devices have one of the three most recent Windows 10 property versions (21H1, 20H2, or 2004), making sure the devices are still getting their monthly security patches. In the future, it’s important to also make sure the Windows 11 feature updates are among the supported updates.

 

Microsoft’s documentation on the subject

 

Microsoft maintains a list of Windows updates and their known issues on the following pages. You can find additional information on Windows-versions’ lifecycle behind the last link.

 

 

Read more on this topic:

CSM for SCCM webinar recording now available

Centero introduced CSM for SCCM in a webinar on Thursday, April 2nd. The webinar recording is now available!

Trend with high amount of vulnerabilities continues on patch tuesday of May

There are 103 published vulnerabilities for the following products this month: Windows OS, browsers and Microsoft Office. It seems that the monthly trend keeps up with high amount of vulnerabilities. Luckily, the criticality of the vulnerabilities do not reach the highest level this patch Tuesday. The highest CVSS scoring is 8.8 includes two vulnerabilities: CVE-2020-1117 […]