It is time for the first Patch Tuesday event of 2022. For January 2022 Patch Tuesday, Microsoft is shoring up 97 security vulnerabilities. Nine of them the company rates as critical, while six of them are zero-days. One of those the critical vulnerabilities is a remote execution exploit (RCE) affecting Windows and Windows Server.
Before getting into the wider details of January 2022 Patch Tuesday, we will look at that RCE bug. Microsoft is tracking the issue as CVE-2022-21907. According to the company, it impacts Windows at a protocol level, including Windows 11 and Windows Server 2022.
The company describes the vulnerability as an RCE in HTTP Protocol Stack (HTTP.sys). A threat actor could exploit it by simply sending a packet to a target server using HTTP Protocol Stack. This would not even require the attacker to be authenticated.
Microsoft considers this a critical flaw because a successful attack could infiltrate a whole intranet. However, the company points out no known exploit is active for the vulnerability. There is also a way to mitigate the issue.
Specifically, the HTTP Trailer Support where the flaw is found is not enabled by default. That means a user would need to enter a register key to activate the parameters for the vulnerability. Either way, Microsoft has issued a patch for the vulnerability.
Patch Tuesday
Elsewhere in January 2022 Patch Tuesday, Microsoft is once again fixing issues across its massive range of products. In this package are patches for Windows, Microsoft Edge, Windows Components, Microsoft Office, .NET Framework, Exchange Server, Hyper-V, Microsoft Dynamics, Windows Defender, Open-Source Software, Windows Defender, and more.
Microsoft says none of the six zero-days that it is patching this month are being actively exploited. Below are the vulnerabilities:
- CVE-2021-22947: HackerOne-assigned CVE in open-source Curl library (RCE)
- CVE-2021-36976: MITRE-assigned CVE in open-source Libarchive (RCE)
- CVE-2022-21874: Local Windows Security Center API (RCE, CVSS score of 7.8)
- CVE-2022-21919: Windows User Profile Service (privilege escalation, CVSS 7.0)
- CVE-2022-21839: Windows Event Tracing Discretionary Access Control List (denial-of-service, CVSS 6.1).
- CVE-2022-21836: Windows Certificate (spoofing, CVSS 7.8).
Tip of the day: Did you know that Task Manager lets you set CPU affinity to claw back some resources from running apps and give selected apps higher priority. Our tutorial shows how you can use this helpful feature.
Last Updated on February 14, 2022 8:17 pm CET by Markus Kasanmascheff
