Microsoft Patch Tuesday - January 2022
Microsoft fixed 126 different CVEs with this month's update (this includes the Chromium issues patched in Edge). Six of the issues were publicly disclosed, and nine are rated critical.
Noteworthy updates:
CVE-2022-21907: This is a remote code execution vulnerability in http.sys. http.sys is part of anything in windows processing HTTP requests (e.g. IIS!). The vulnerability is exposed if the "Trailer" feature is enabled. HTTP trailers are used to delay sending headers until the end of the request (or response). They are typically used as part of chunked messages when the entire message is not known until the message has been sent. A "TE: trailers" header needs to be sent, and a "Trailer" header listing the delayed header names. This is potentially a wormable vulnerability, and Microsoft recommends prioritizing this patch. (this does not just affect IIS!). It appears that the Trailer feature is frequently enabled by default which makes this a BIG DEAL [!!! I initially assessed this as less of a risk. But a reader corrected me that the feature is enabled in server 2022, 20H2 core, and various Windows 10 and 11 versions. I misread the Microsoft announcement. This is not enabled by default in Windows Server 2019 and Windows 10 version 1809).
CVE-2022-21846: Another critical remote code execution vulnerability in Exchange. But this vulnerability is not exploitable across the internet and requires the victim and the attacker to share the same network.
CVE-2021-22947: This vulnerability in curl was originally disclosed in September, which is why it is noted as "Publicly Disclosed". This update fixes several vulnerabilities, not just the listed CVE.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com.
January 2022 Security Updates
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
.NET Framework Denial of Service Vulnerability | |||||||
CVE-2022-21911 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Active Directory Domain Services Elevation of Privilege Vulnerability | |||||||
CVE-2022-21857 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
Chromium: CVE-2022-0096 Use after free in Storage | |||||||
CVE-2022-0096 | No | No | - | - | - | ||
Chromium: CVE-2022-0097 Inappropriate implementation in DevTools | |||||||
CVE-2022-0097 | No | No | - | - | - | ||
Chromium: CVE-2022-0098 Use after free in Screen Capture | |||||||
CVE-2022-0098 | No | No | - | - | - | ||
Chromium: CVE-2022-0099 Use after free in Sign-in | |||||||
CVE-2022-0099 | No | No | - | - | - | ||
Chromium: CVE-2022-0100 Heap buffer overflow in Media streams API | |||||||
CVE-2022-0100 | No | No | - | - | - | ||
Chromium: CVE-2022-0101 Heap buffer overflow in Bookmarks | |||||||
CVE-2022-0101 | No | No | - | - | - | ||
Chromium: CVE-2022-0102 Type Confusion in V8 | |||||||
CVE-2022-0102 | No | No | - | - | - | ||
Chromium: CVE-2022-0103 Use after free in SwiftShader | |||||||
CVE-2022-0103 | No | No | - | - | - | ||
Chromium: CVE-2022-0104 Heap buffer overflow in ANGLE | |||||||
CVE-2022-0104 | No | No | - | - | - | ||
Chromium: CVE-2022-0105 Use after free in PDF | |||||||
CVE-2022-0105 | No | No | - | - | - | ||
Chromium: CVE-2022-0106 Use after free in Autofill | |||||||
CVE-2022-0106 | No | No | - | - | - | ||
Chromium: CVE-2022-0107 Use after free in File Manager API | |||||||
CVE-2022-0107 | No | No | - | - | - | ||
Chromium: CVE-2022-0108 Inappropriate implementation in Navigation | |||||||
CVE-2022-0108 | No | No | - | - | - | ||
Chromium: CVE-2022-0109 Inappropriate implementation in Autofill | |||||||
CVE-2022-0109 | No | No | - | - | - | ||
Chromium: CVE-2022-0110 Incorrect security UI in Autofill | |||||||
CVE-2022-0110 | No | No | - | - | - | ||
Chromium: CVE-2022-0111 Inappropriate implementation in Navigation | |||||||
CVE-2022-0111 | No | No | - | - | - | ||
Chromium: CVE-2022-0112 Incorrect security UI in Browser UI | |||||||
CVE-2022-0112 | No | No | - | - | - | ||
Chromium: CVE-2022-0113 Inappropriate implementation in Blink | |||||||
CVE-2022-0113 | No | No | - | - | - | ||
Chromium: CVE-2022-0114 Out of bounds memory access in Web Serial | |||||||
CVE-2022-0114 | No | No | - | - | - | ||
Chromium: CVE-2022-0115 Uninitialized Use in File API | |||||||
CVE-2022-0115 | No | No | - | - | - | ||
Chromium: CVE-2022-0116 Inappropriate implementation in Compositing | |||||||
CVE-2022-0116 | No | No | - | - | - | ||
Chromium: CVE-2022-0117 Policy bypass in Service Workers | |||||||
CVE-2022-0117 | No | No | - | - | - | ||
Chromium: CVE-2022-0118 Inappropriate implementation in WebShare | |||||||
CVE-2022-0118 | No | No | - | - | - | ||
Chromium: CVE-2022-0120 Inappropriate implementation in Passwords | |||||||
CVE-2022-0120 | No | No | - | - | - | ||
Clipboard User Service Elevation of Privilege Vulnerability | |||||||
CVE-2022-21869 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Connected Devices Platform Service Elevation of Privilege Vulnerability | |||||||
CVE-2022-21865 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
DirectX Graphics Kernel File Denial of Service Vulnerability | |||||||
CVE-2022-21918 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
DirectX Graphics Kernel Remote Code Execution Vulnerability | |||||||
CVE-2022-21912 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
CVE-2022-21898 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
HEVC Video Extensions Remote Code Execution Vulnerability | |||||||
CVE-2022-21917 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
HTTP Protocol Stack Remote Code Execution Vulnerability | |||||||
CVE-2022-21907 | No | No | More Likely | More Likely | Critical | 9.8 | 8.5 |
Libarchive Remote Code Execution Vulnerability | |||||||
CVE-2021-36976 | Yes | No | Less Likely | Less Likely | Important | ||
Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass | |||||||
CVE-2022-21913 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | |||||||
CVE-2022-21884 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Cluster Port Driver Elevation of Privilege Vulnerability | |||||||
CVE-2022-21910 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Cryptographic Services Elevation of Privilege Vulnerability | |||||||
CVE-2022-21835 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability | |||||||
CVE-2022-21871 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | |||||||
CVE-2022-21891 | No | No | Less Likely | Less Likely | Important | 7.6 | 6.6 |
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | |||||||
CVE-2022-21932 | No | No | Less Likely | Less Likely | Important | 7.6 | 6.6 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||||
CVE-2022-21954 | No | No | Less Likely | Less Likely | Important | 6.1 | 5.3 |
CVE-2022-21970 | No | No | Less Likely | Less Likely | Important | 6.1 | 5.3 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||||
CVE-2022-21929 | No | No | Less Likely | Less Likely | Moderate | 2.5 | 2.3 |
CVE-2022-21930 | No | No | Less Likely | Less Likely | Important | 4.2 | 3.8 |
CVE-2022-21931 | No | No | Less Likely | Less Likely | Important | 4.2 | 3.8 |
Microsoft Excel Remote Code Execution Vulnerability | |||||||
CVE-2022-21841 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Exchange Server Remote Code Execution Vulnerability | |||||||
CVE-2022-21846 | No | No | More Likely | More Likely | Critical | 9.0 | 7.8 |
CVE-2022-21855 | No | No | More Likely | More Likely | Important | 9.0 | 7.8 |
CVE-2022-21969 | No | No | More Likely | More Likely | Important | 9.0 | 7.8 |
Microsoft Office Remote Code Execution Vulnerability | |||||||
CVE-2022-21840 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
CVE-2022-21837 | No | No | Less Likely | Less Likely | Important | 8.3 | 7.2 |
Microsoft Word Remote Code Execution Vulnerability | |||||||
CVE-2022-21842 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Open Source Curl Remote Code Execution Vulnerability | |||||||
CVE-2021-22947 | Yes | No | Less Likely | Less Likely | Critical | ||
Remote Desktop Client Remote Code Execution Vulnerability | |||||||
CVE-2022-21850 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
CVE-2022-21851 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability | |||||||
CVE-2022-21964 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Remote Desktop Protocol Remote Code Execution Vulnerability | |||||||
CVE-2022-21893 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||||
CVE-2022-21922 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
Secure Boot Security Feature Bypass Vulnerability | |||||||
CVE-2022-21894 | No | No | Less Likely | Less Likely | Important | 4.4 | 3.9 |
Storage Spaces Controller Information Disclosure Vulnerability | |||||||
CVE-2022-21877 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | |||||||
CVE-2022-21870 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Task Flow Data Engine Elevation of Privilege Vulnerability | |||||||
CVE-2022-21861 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Tile Data Repository Elevation of Privilege Vulnerability | |||||||
CVE-2022-21873 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Virtual Machine IDE Drive Elevation of Privilege Vulnerability | |||||||
CVE-2022-21833 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2022-21882 | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
CVE-2022-21887 | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
Win32k Information Disclosure Vulnerability | |||||||
CVE-2022-21876 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Accounts Control Elevation of Privilege Vulnerability | |||||||
CVE-2022-21859 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows AppContracts API Server Elevation of Privilege Vulnerability | |||||||
CVE-2022-21860 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows Application Model Core API Elevation of Privilege Vulnerability | |||||||
CVE-2022-21862 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability | |||||||
CVE-2022-21925 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
Windows Bind Filter Driver Elevation of Privilege Vulnerability | |||||||
CVE-2022-21858 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Certificate Spoofing Vulnerability | |||||||
CVE-2022-21836 | Yes | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Cleanup Manager Elevation of Privilege Vulnerability | |||||||
CVE-2022-21838 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
CVE-2022-21916 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
CVE-2022-21897 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
Windows DWM Core Library Elevation of Privilege Vulnerability | |||||||
CVE-2022-21852 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2022-21902 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2022-21896 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows Defender Application Control Security Feature Bypass Vulnerability | |||||||
CVE-2022-21906 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Defender Credential Guard Security Feature Bypass Vulnerability | |||||||
CVE-2022-21921 | No | No | Less Likely | Less Likely | Important | 4.4 | 3.9 |
Windows Devices Human Interface Elevation of Privilege Vulnerability | |||||||
CVE-2022-21868 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability | |||||||
CVE-2022-21839 | Yes | No | Less Likely | Less Likely | Important | 6.1 | 5.5 |
Windows Event Tracing Elevation of Privilege Vulnerability | |||||||
CVE-2022-21872 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | |||||||
CVE-2022-21899 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows GDI Elevation of Privilege Vulnerability | |||||||
CVE-2022-21903 | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
Windows GDI Information Disclosure Vulnerability | |||||||
CVE-2022-21904 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Windows GDI+ Information Disclosure Vulnerability | |||||||
CVE-2022-21915 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
CVE-2022-21880 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Windows Geolocation Service Remote Code Execution Vulnerability | |||||||
CVE-2022-21878 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Hyper-V Denial of Service Vulnerability | |||||||
CVE-2022-21847 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
Windows Hyper-V Elevation of Privilege Vulnerability | |||||||
CVE-2022-21901 | No | No | Less Likely | Less Likely | Important | 9.0 | 7.8 |
Windows Hyper-V Security Feature Bypass Vulnerability | |||||||
CVE-2022-21900 | No | No | Less Likely | Less Likely | Important | 4.6 | 4.0 |
CVE-2022-21905 | No | No | Less Likely | Less Likely | Important | 4.6 | 4.0 |
Windows IKE Extension Denial of Service Vulnerability | |||||||
CVE-2022-21843 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
CVE-2022-21883 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
CVE-2022-21848 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
CVE-2022-21889 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
CVE-2022-21890 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
Windows IKE Extension Remote Code Execution Vulnerability | |||||||
CVE-2022-21849 | No | No | Less Likely | Less Likely | Important | 9.8 | 8.5 |
Windows Installer Elevation of Privilege Vulnerability | |||||||
CVE-2022-21908 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
Windows Kerberos Elevation of Privilege Vulnerability | |||||||
CVE-2022-21920 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2022-21879 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
CVE-2022-21881 | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
Windows Modern Execution Server Remote Code Execution Vulnerability | |||||||
CVE-2022-21888 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Push Notifications Apps Elevation Of Privilege Vulnerability | |||||||
CVE-2022-21867 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||||
CVE-2022-21885 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
CVE-2022-21914 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | |||||||
CVE-2022-21892 | No | No | Less Likely | Less Likely | Important | 6.8 | 6.1 |
CVE-2022-21958 | No | No | Less Likely | Less Likely | Important | 6.8 | 6.1 |
CVE-2022-21959 | No | No | Less Likely | Less Likely | Important | 6.8 | 6.1 |
CVE-2022-21960 | No | No | Less Likely | Less Likely | Important | 6.8 | 6.1 |
CVE-2022-21961 | No | No | Less Likely | Less Likely | Important | 6.8 | 6.1 |
CVE-2022-21962 | No | No | Less Likely | Less Likely | Important | 6.8 | 6.1 |
CVE-2022-21963 | No | No | Less Likely | Less Likely | Important | 6.4 | 5.6 |
CVE-2022-21928 | No | No | Less Likely | Less Likely | Important | 6.3 | 5.7 |
Windows Security Center API Remote Code Execution Vulnerability | |||||||
CVE-2022-21874 | Yes | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows StateRepository API Server file Elevation of Privilege Vulnerability | |||||||
CVE-2022-21863 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows Storage Elevation of Privilege Vulnerability | |||||||
CVE-2022-21875 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows System Launcher Elevation of Privilege Vulnerability | |||||||
CVE-2022-21866 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows UI Immersive Server API Elevation of Privilege Vulnerability | |||||||
CVE-2022-21864 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows User Profile Service Elevation of Privilege Vulnerability | |||||||
CVE-2022-21919 | Yes | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2022-21895 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability | |||||||
CVE-2022-21834 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Workstation Service Remote Protocol Security Feature Bypass Vulnerability | |||||||
CVE-2022-21924 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
Comments
Anonymous
Jan 11th 2022
2 years ago
By "slow" I mean they reboot after being up for a short time approx 15 to 20 minutes.
System Event Log shows lsass.exe crashing and triggering the reboot.
I've seen another report of this issue here https://borncity.com/win/2022/01/12/patchday-windows-8-1-server-2012-r2-updates-11-januar-2022-mgliche-boot-probleme/
Uninstalling all patches released today appears to have solved this.
Confusingly this issue only started to happen once we had updated all 3 DC's at one site. Removing the patches on 2 of the DC's has solved the problem, even with the still patched third server it has stopped rebooting itself like the now unpatched other two.
Sample Event Log entries:
Log Name: System
Source: User32
Event ID: 1074
Level: Information
Keywords: Classic
User: SYSTEM
Description:
The process wininit.exe has initiated the restart of computer [name] on behalf of user for the following reason: No title for this reason could be found
Reason Code: 0x50006
Shutdown Type: restart
Comment: The system process 'C:\Windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart.
Log Name: System
Source: Application Popup
Event ID: 26
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Description:
Application popup: lsass.exe - Application Error : The instruction at 0x820d2663 referenced memory at 0x00000058. The memory could not be read.
Anonymous
Jan 12th 2022
2 years ago
Anonymous
Jan 15th 2022
2 years ago
Anonymous
Jan 19th 2022
2 years ago
I have now installed all currently offered update from MS and will hopefully not have any additional crashes.
Anonymous
Jan 20th 2022
2 years ago