Back to Blog
Exposure Management

Patch Tuesday - January 2022

Greg Wiseman
Greg Wiseman
|Last updated on Jan 11, 2022|1 min read
LinkedInFacebookX
Patch Tuesday - January 2022

The first Patch Tuesday of 2022 sees Microsoft publishing fixes for over 120 CVEs across the bulk of their product line, including 29 previously patched CVEs affecting their Edge browser via Chromium. None of these have yet been seen exploited in the wild, though six were publicly disclosed prior to today. This includes two Remote Code Execution (RCE) vulnerabilities in open source libraries that are bundled with more recent versions of Windows: CVE-2021-22947, which affects the curl library, and CVE-2021-36976 which affects libarchive.

The majority of this month’s patched vulnerabilities, such as CVE-2022-21857 (affecting Active Directory Domain Services), allow attackers to elevate their privileges on systems or networks they already have a foothold in.

Critical RCEs

Besides CVE-2021-22947 (libcurl), several other Critical RCE vulnerabilities were also fixed. Most of these have caveats that reduce their scariness to some degree. The worst of these is CVE-2021-21907, affecting the Windows HTTP protocol stack. Although it carries a CVSSv3 base score of 9.8 and is considered potentially “wormable” by Microsoft, similar vulnerabilities have not proven to be rampantly exploited (see the AttackerKB analysis for CVE-2021-31166).

Not quite as bad is CVE-2022-21840, which affects all supported versions of Office, as well as Sharepoint Server. Exploitation would require social engineering to entice a victim to open an attachment or visit a malicious website – thankfully the Windows preview pane is not a vector for this attack.

CVE-2022-21846 affects Exchange Server, but cannot be exploited directly over the public internet (attackers need to be “adjacent” to the target system in terms of network topology). This restriction also applies to CVE-2022-21855 and CVE-2022-21969, two less severe RCEs in Exchange this month.

CVE-2022-21912 and CVE-2022-21898 both affect DirectX Graphics and require local access. CVE-2022-21917 is a vulnerability in the Windows Codecs library. In most cases, systems should automatically get patched; however, some organizations may have the vulnerable codec preinstalled on their gold images and disable Windows Store updates.

Defenders should prioritize patching servers (Exchange, Sharepoint, Hyper-V, and IIS) followed by web browsers and other client software.

Summary charts

image-3.pngimage.pngimage-2.pngimage-1.png

Summary tables

Browser vulnerabilities

CVETitleExploitedPublicly disclosedCVSSv3 baseAdditional FAQ
CVE-2022-21930Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityNoNo4.2Yes
CVE-2022-21931Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityNoNo4.2Yes
CVE-2022-21929Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityNoNo2.5Yes
CVE-2022-21954Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityNoNo6.1Yes
CVE-2022-21970Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityNoNo6.1Yes
CVE-2022-0120Chromium: CVE-2022-0120 Inappropriate implementation in PasswordsNoNonanYes
CVE-2022-0118Chromium: CVE-2022-0118 Inappropriate implementation in WebShareNoNonanYes
CVE-2022-0117Chromium: CVE-2022-0117 Policy bypass in Service WorkersNoNonanYes
CVE-2022-0116Chromium: CVE-2022-0116 Inappropriate implementation in CompositingNoNonanYes
CVE-2022-0115Chromium: CVE-2022-0115 Uninitialized Use in File APINoNonanYes
CVE-2022-0114Chromium: CVE-2022-0114 Out of bounds memory access in Web SerialNoNonanYes
CVE-2022-0113Chromium: CVE-2022-0113 Inappropriate implementation in BlinkNoNonanYes
CVE-2022-0112Chromium: CVE-2022-0112 Incorrect security UI in Browser UINoNonanYes
CVE-2022-0111Chromium: CVE-2022-0111 Inappropriate implementation in NavigationNoNonanYes
CVE-2022-0110Chromium: CVE-2022-0110 Incorrect security UI in AutofillNoNonanYes
CVE-2022-0109Chromium: CVE-2022-0109 Inappropriate implementation in AutofillNoNonanYes
CVE-2022-0108Chromium: CVE-2022-0108 Inappropriate implementation in NavigationNoNonanYes
CVE-2022-0107Chromium: CVE-2022-0107 Use after free in File Manager APINoNonanYes
CVE-2022-0106Chromium: CVE-2022-0106 Use after free in AutofillNoNonanYes
CVE-2022-0105Chromium: CVE-2022-0105 Use after free in PDFNoNonanYes
CVE-2022-0104Chromium: CVE-2022-0104 Heap buffer overflow in ANGLENoNonanYes
CVE-2022-0103Chromium: CVE-2022-0103 Use after free in SwiftShaderNoNonanYes
CVE-2022-0102Chromium: CVE-2022-0102 Type Confusion in V8NoNonanYes
CVE-2022-0101Chromium: CVE-2022-0101 Heap buffer overflow in BookmarksNoNonanYes
CVE-2022-0100Chromium: CVE-2022-0100 Heap buffer overflow in Media streams APINoNonanYes
CVE-2022-0099Chromium: CVE-2022-0099 Use after free in Sign-inNoNonanYes
CVE-2022-0098Chromium: CVE-2022-0098 Use after free in Screen CaptureNoNonanYes
CVE-2022-0097Chromium: CVE-2022-0097 Inappropriate implementation in DevToolsNoNonanYes
CVE-2022-0096Chromium: CVE-2022-0096 Use after free in StorageNoNonanYes

Developer Tools vulnerabilities

CVETitleExploitedPublicly disclosedCVSSv3 baseAdditional FAQ
CVE-2022-21911.NET Framework Denial of Service VulnerabilityNoNo7.5No

ESU Windows vulnerabilities

CVETitleExploitedPublicly disclosedCVSSv3 baseAdditional FAQ
CVE-2022-21924Workstation Service Remote Protocol Security Feature Bypass VulnerabilityNoNo5.3No
CVE-2022-21834Windows User-mode Driver Framework Reflector Driver Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21919Windows User Profile Service Elevation of Privilege VulnerabilityNoYes7No
CVE-2022-21885Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-21914Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityNoNo7.8Yes
CVE-2022-21920Windows Kerberos Elevation of Privilege VulnerabilityNoNo8.8Yes
CVE-2022-21908Windows Installer Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-21843Windows IKE Extension Denial of Service VulnerabilityNoNo7.5Yes
CVE-2022-21883Windows IKE Extension Denial of Service VulnerabilityNoNo7.5Yes
CVE-2022-21848Windows IKE Extension Denial of Service VulnerabilityNoNo7.5Yes
CVE-2022-21889Windows IKE Extension Denial of Service VulnerabilityNoNo7.5Yes
CVE-2022-21890Windows IKE Extension Denial of Service VulnerabilityNoNo7.5Yes
CVE-2022-21900Windows Hyper-V Security Feature Bypass VulnerabilityNoNo4.6Yes
CVE-2022-21905Windows Hyper-V Security Feature Bypass VulnerabilityNoNo4.6Yes
CVE-2022-21880Windows GDI+ Information Disclosure VulnerabilityNoNo7.5Yes
CVE-2022-21915Windows GDI+ Information Disclosure VulnerabilityNoNo6.5Yes
CVE-2022-21904Windows GDI Information Disclosure VulnerabilityNoNo7.5Yes
CVE-2022-21903Windows GDI Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21899Windows Extensible Firmware Interface Security Feature Bypass VulnerabilityNoNo5.5No
CVE-2022-21916Windows Common Log File System Driver Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-21897Windows Common Log File System Driver Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-21838Windows Cleanup Manager Elevation of Privilege VulnerabilityNoNo5.5Yes
CVE-2022-21836Windows Certificate Spoofing VulnerabilityNoYes7.8Yes
CVE-2022-21925Windows BackupKey Remote Protocol Security Feature Bypass VulnerabilityNoNo5.3No
CVE-2022-21862Windows Application Model Core API Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21859Windows Accounts Control Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21833Virtual Machine IDE Drive Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-21922Remote Procedure Call Runtime Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-21893Remote Desktop Protocol Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-21850Remote Desktop Client Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-21851Remote Desktop Client Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-21835Microsoft Cryptographic Services Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-21884Local Security Authority Subsystem Service Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-21913Local Security Authority (Domain Policy) Remote Protocol Security Feature BypassNoNo5.3No
CVE-2022-21857Active Directory Domain Services Elevation of Privilege VulnerabilityNoNo8.8Yes

Exchange Server vulnerabilities

CVETitleExploitedPublicly disclosedCVSSv3 baseAdditional FAQ
CVE-2022-21846Microsoft Exchange Server Remote Code Execution VulnerabilityNoNo9Yes
CVE-2022-21855Microsoft Exchange Server Remote Code Execution VulnerabilityNoNo9Yes
CVE-2022-21969Microsoft Exchange Server Remote Code Execution VulnerabilityNoNo9Yes

Microsoft Dynamics vulnerabilities

CVETitleExploitedPublicly disclosedCVSSv3 baseAdditional FAQ
CVE-2022-21932Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting VulnerabilityNoNo7.6No
CVE-2022-21891Microsoft Dynamics 365 (on-premises) Spoofing VulnerabilityNoNo7.6No

Microsoft Office vulnerabilities

CVETitleExploitedPublicly disclosedCVSSv3 baseAdditional FAQ
CVE-2022-21842Microsoft Word Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-21837Microsoft SharePoint Server Remote Code Execution VulnerabilityNoNo8.3Yes
CVE-2022-21840Microsoft Office Remote Code Execution VulnerabilityNoNo8.8Yes
CVE-2022-21841Microsoft Excel Remote Code Execution VulnerabilityNoNo7.8Yes

Windows vulnerabilities

CVETitleExploitedPublicly disclosedCVSSv3 baseAdditional FAQ
CVE-2022-21895Windows User Profile Service Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-21864Windows UI Immersive Server API Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21866Windows System Launcher Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21875Windows Storage Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21863Windows StateRepository API Server file Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21874Windows Security Center API Remote Code Execution VulnerabilityNoYes7.8No
CVE-2022-21892Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityNoNo6.8Yes
CVE-2022-21958Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityNoNo6.8Yes
CVE-2022-21959Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityNoNo6.8Yes
CVE-2022-21960Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityNoNo6.8Yes
CVE-2022-21961Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityNoNo6.8Yes
CVE-2022-21962Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityNoNo6.8Yes
CVE-2022-21963Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityNoNo6.4Yes
CVE-2022-21928Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityNoNo6.3Yes
CVE-2022-21867Windows Push Notifications Apps Elevation Of Privilege VulnerabilityNoNo7No
CVE-2022-21888Windows Modern Execution Server Remote Code Execution VulnerabilityNoNo7.8No
CVE-2022-21881Windows Kernel Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21879Windows Kernel Elevation of Privilege VulnerabilityNoNo5.5No
CVE-2022-21849Windows IKE Extension Remote Code Execution VulnerabilityNoNo9.8Yes
CVE-2022-21901Windows Hyper-V Elevation of Privilege VulnerabilityNoNo9Yes
CVE-2022-21847Windows Hyper-V Denial of Service VulnerabilityNoNo6.5No
CVE-2022-21878Windows Geolocation Service Remote Code Execution VulnerabilityNoNo7.8No
CVE-2022-21872Windows Event Tracing Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21839Windows Event Tracing Discretionary Access Control List Denial of Service VulnerabilityNoYes6.1No
CVE-2022-21868Windows Devices Human Interface Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21921Windows Defender Credential Guard Security Feature Bypass VulnerabilityNoNo4.4No
CVE-2022-21906Windows Defender Application Control Security Feature Bypass VulnerabilityNoNo5.5No
CVE-2022-21852Windows DWM Core Library Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-21902Windows DWM Core Library Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-21896Windows DWM Core Library Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21858Windows Bind Filter Driver Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2022-21860Windows AppContracts API Server Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21876Win32k Information Disclosure VulnerabilityNoNo5.5Yes
CVE-2022-21882Win32k Elevation of Privilege VulnerabilityNoNo7Yes
CVE-2022-21887Win32k Elevation of Privilege VulnerabilityNoNo7Yes
CVE-2022-21873Tile Data Repository Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21861Task Flow Data Engine Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21870Tablet Windows User Interface Application Core Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21877Storage Spaces Controller Information Disclosure VulnerabilityNoNo5.5Yes
CVE-2022-21894Secure Boot Security Feature Bypass VulnerabilityNoNo4.4No
CVE-2022-21964Remote Desktop Licensing Diagnoser Information Disclosure VulnerabilityNoNo5.5Yes
CVE-2021-22947Open Source Curl Remote Code Execution VulnerabilityNoYesnanYes
CVE-2022-21871Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21910Microsoft Cluster Port Driver Elevation of Privilege VulnerabilityNoNo7.8No
CVE-2021-36976Libarchive Remote Code Execution VulnerabilityNoYesnanYes
CVE-2022-21907HTTP Protocol Stack Remote Code Execution VulnerabilityNoNo9.8Yes
CVE-2022-21917HEVC Video Extensions Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-21912DirectX Graphics Kernel Remote Code Execution VulnerabilityNoNo7.8Yes
CVE-2022-21898DirectX Graphics Kernel Remote Code Execution VulnerabilityNoNo7.8No
CVE-2022-21918DirectX Graphics Kernel File Denial of Service VulnerabilityNoNo6.5No
CVE-2022-21865Connected Devices Platform Service Elevation of Privilege VulnerabilityNoNo7No
CVE-2022-21869Clipboard User Service Elevation of Privilege VulnerabilityNoNo7No

Article Tags

Author

Greg Wiseman
Greg Wiseman
Authors's Posts

Related blog posts