Microsoft January Patch Tuesday Addresses 96 Vulnerabilities

January 18, 2022 By

Microsoft January Patch Tuesday update bundle has arrived with significant security fixes. Specifically, it includes a whopping 96 different bug fixes that address some zero-days. Moreover, it also includes some third-party patches for other known bugs.

Microsoft January Patch Tuesday Overview

The most notable fixes included in January Patch Tuesday bundle address four different zero-day vulnerabilities in Microsoft products. These include a certificate spoofing bug (CVE-2022-21836), a DoS affecting the Event Tracing Discretionary Access Control List (CVE-2022-21839), an RCE flaw in Windows Security Center API (CVE-2022-21874), and a privilege escalation bug in the User Profile Service (CVE-2022-21919).

While Microsoft has rated all four as important severity bugs, they became publicly known before the tech giant could fix them. Hence, the updates addressing these bugs demand attention from the users to prevent potential exploitation. Although, Microsoft has confirmed to have detected no active exploitation of any of them yet.

In addition, the other noteworthy fixes address 8 critical severity vulnerabilities that fortunately remained undisclosed and unexploited until the updates. These include 6 remote code execution flaws affecting the DirectX Graphics Kernel (CVE-2022-21912 and CVE-2022-21898), HEVC Video Extensions (CVE-2022-21917), HTTP Protocol Stack (CVE-2022-21907), Microsoft Office (CVE-2022-21840), and Exchange Server (CVE-2022-21846).

The HTTP Protocol Stack vulnerability was the most severe as it achieved a CVSS score of 9.8. Microsoft has called it a “wormable” bug that an unauthenticated adversary can exploit by sending maliciously crafted packets to the target server via the vulnerable protocol. Consequently, the tech giant urges users to update immediately.

The other two critical vulnerabilities include privilege escalation bugs affecting the Active Directory Domain Services (CVE-2022-21857) and Virtual Machine IDE Drive (CVE-2022-21833).

Besides these significant vulnerabilities, the remaining 84 bugs updated this month have achieved important severity ratings. These bugs affect numerous Windows components, hence demanding immediate attention.

Update Your Systems Asap!

Since the update bundle is already out, all users should ensure installing them at the earliest to stay secure.

Windows 10 users who haven’t received the updates yet should manually check by following this path: All Settings > Update & Security > Windows Update.

Let us know your thoughts in the comments.