Microsoft Patch Tuesday – January 2022

Patch Tuesday is once again upon us. The January 2022 edition of Patch Tuesday brings us 98 fixes, 9 of which are rated as critical. We've listed the most important changes below.

⚡ TL;DR | Go Straight to the January 2022 Patch Tuesday Audit Report

HTTP Protocol Stack RCE

The most severe vulnerability fixed this month is a remote code execution vulnerability in the HTTP protocol stack, CVE-2022-21907. By sending a specially crafted packet, an attacker can target a vulnerable server using the HTTP protocol stack (http.sys) to process packets which can allow for remote code execution on the targetted system. Patching is the best solution and with a CVSS base score of 9.8, it is best you patch this one as soon as possible. Microsoft also mentions that this vulnerability is wormable!

Windows Server 2019 and Windows 10 version 1809 aren't vulnerable by default to this one, but if the HTTP Trailer Support feature has been enabled, even those versions are vulnerable. Microsoft recommends checking the following registry key if you want to double-check if your Server 2019 and Windows 10 version 1809 systems are affected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\
"EnableTrailerSupport"=dword:00000001

To perform this check across your entire IT environment you can also use the registry key audit. This will let you audit all of your computers at once and get an overview of machines where the registry key has been found.

Microsoft Exchange Server RCE

Microsoft Exchange keeps on giving, after the Y2K22 bug earlier this month, a new RCE has been fixed with a CVSS base score of 9, CVE-2022-21846. Luckily Microsoft lists that this vulnerability cannot be exploited via the internet. It can only be exploited on a logically adjacent topology. Microsoft provided some examples of what this could look like:

"Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment."

Microsoft Office RCE

The last of the big critical vulnerabilities is related to Microsoft Office. CVE-2022-21840 has a CVSS score of 8.8. Similar to previous vulnerabilities in Office, luckily the preview pane isn't vulnerable, so at least there is some protection. The vulnerability requires users to either open a malicious file or click on a link that refers to a hosted file. Like many other vulnerabilities, ensuring your users have adequate training on safe web usage should prevent exploitation.

Run the Patch Tuesday January 2022 Audit Report

To help manage your update progress, we've created the Patch Tuesday Audit Report that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see at a glance which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

Patch Tuesday January 2022 CVE Codes & Titles

CVE NumberCVE Title
CVE-2022-21969Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-21964Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
CVE-2022-21963Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVE-2022-21962Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVE-2022-21961Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVE-2022-21960Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVE-2022-21959Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVE-2022-21958Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVE-2022-21932Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVE-2022-21928Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVE-2022-21925Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability
CVE-2022-21924Workstation Service Remote Protocol Security Feature Bypass Vulnerability
CVE-2022-21922Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2022-21921Windows Defender Credential Guard Security Feature Bypass Vulnerability
CVE-2022-21920Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-21919Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2022-21918DirectX Graphics Kernel File Denial of Service Vulnerability
CVE-2022-21917HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2022-21916Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-21915Windows GDI+ Information Disclosure Vulnerability
CVE-2022-21914Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2022-21913Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass
CVE-2022-21912DirectX Graphics Kernel Remote Code Execution Vulnerability
CVE-2022-21911.NET Framework Denial of Service Vulnerability
CVE-2022-21910Microsoft Cluster Port Driver Elevation of Privilege Vulnerability
CVE-2022-21908Windows Installer Elevation of Privilege Vulnerability
CVE-2022-21907HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2022-21906Windows Defender Application Control Security Feature Bypass Vulnerability
CVE-2022-21905Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2022-21904Windows GDI Information Disclosure Vulnerability
CVE-2022-21903Windows GDI Elevation of Privilege Vulnerability
CVE-2022-21902Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-21901Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2022-21900Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2022-21899Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
CVE-2022-21898DirectX Graphics Kernel Remote Code Execution Vulnerability
CVE-2022-21897Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-21896Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-21895Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2022-21894Secure Boot Security Feature Bypass Vulnerability
CVE-2022-21893Remote Desktop Protocol Remote Code Execution Vulnerability
CVE-2022-21892Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVE-2022-21891Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
CVE-2022-21890Windows IKE Extension Denial of Service Vulnerability
CVE-2022-21889Windows IKE Extension Denial of Service Vulnerability
CVE-2022-21888Windows Modern Execution Server Remote Code Execution Vulnerability
CVE-2022-21887Win32k Elevation of Privilege Vulnerability
CVE-2022-21885Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2022-21884Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2022-21883Windows IKE Extension Denial of Service Vulnerability
CVE-2022-21882Win32k Elevation of Privilege Vulnerability
CVE-2022-21881Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-21880Windows GDI+ Information Disclosure Vulnerability
CVE-2022-21879Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-21878Windows Geolocation Service Remote Code Execution Vulnerability
CVE-2022-21877Storage Spaces Controller Information Disclosure Vulnerability
CVE-2022-21876Win32k Information Disclosure Vulnerability
CVE-2022-21875Windows Storage Elevation of Privilege Vulnerability
CVE-2022-21874Windows Security Center API Remote Code Execution Vulnerability
CVE-2022-21873Tile Data Repository Elevation of Privilege Vulnerability
CVE-2022-21872Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2022-21871Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability
CVE-2022-21870Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
CVE-2022-21869Clipboard User Service Elevation of Privilege Vulnerability
CVE-2022-21868Windows Devices Human Interface Elevation of Privilege Vulnerability
CVE-2022-21867Windows Push Notifications Apps Elevation Of Privilege Vulnerability
CVE-2022-21866Windows System Launcher Elevation of Privilege Vulnerability
CVE-2022-21865Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2022-21864Windows UI Immersive Server API Elevation of Privilege Vulnerability
CVE-2022-21863Windows StateRepository API Server file Elevation of Privilege Vulnerability
CVE-2022-21862Windows Application Model Core API Elevation of Privilege Vulnerability
CVE-2022-21861Task Flow Data Engine Elevation of Privilege Vulnerability
CVE-2022-21860Windows AppContracts API Server Elevation of Privilege Vulnerability
CVE-2022-21859Windows Accounts Control Elevation of Privilege Vulnerability
CVE-2022-21858Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVE-2022-21857Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2022-21855Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-21852Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-21851Remote Desktop Client Remote Code Execution Vulnerability
CVE-2022-21850Remote Desktop Client Remote Code Execution Vulnerability
CVE-2022-21849Windows IKE Extension Remote Code Execution Vulnerability
CVE-2022-21848Windows IKE Extension Denial of Service Vulnerability
CVE-2022-21847Windows Hyper-V Denial of Service Vulnerability
CVE-2022-21846Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-21843Windows IKE Extension Denial of Service Vulnerability
CVE-2022-21842Microsoft Word Remote Code Execution Vulnerability
CVE-2022-21841Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-21840Microsoft Office Remote Code Execution Vulnerability
CVE-2022-21839Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
CVE-2022-21838Windows Cleanup Manager Elevation of Privilege Vulnerability
CVE-2022-21837Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-21836Windows Certificate Spoofing Vulnerability
CVE-2022-21835Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVE-2022-21834Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability
CVE-2022-21833Virtual Machine IDE Drive Elevation of Privilege Vulnerability
CVE-2021-36976Libarchive Remote Code Execution Vulnerability
CVE-2021-22947Open Source Curl Remote Code Execution Vulnerability

Receive the Latest Patch Tuesday Report for FREE Every Month

  • Hidden
  • This field is for validation purposes and should be left unchanged.
Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​