Home / About / Threat Intelligence / Patch Tuesday January 2022

Overview

Microsoft January 2022 Patch Tuesday: Six zero-days, over 90 vulnerabilities fixed. Microsoft has released 96 security fixes including updates to address six zero-day vulnerabilities. Microsoft has also fixed problems including remote code execution (RCE) exploits, privilege escalation flaws, spoofing issues, and cross-site scripting (XSS) vulnerabilities.

Impact

None of the zero-day flaws have been reported to be exploited in the wild. A total of 24 vulnerabilities were patched earlier this month in Microsoft Edge (Chromium-based). This volume is unusual for the month of January, with previous years often being roughly half this number.

Products Affected

– Windows and associated components
– Edge
– Exchange Server
– Office and associated components
– SharePoint Server
– .NET Framework
– Microsoft Dynamics
– Windows Hyper-V
– Windows Defender
– Windows Remote Desktop Protocol (RDP)

Containment, Mitigations & Remediation

Updating your systems software is the best way to stay on top of things.
Make sure you go directly to the company website for specific updates.
Links have been provided in further information.

Indicators of Compromise

No specific IOCs currently.

Threat Landscape

Last month, Microsoft published 67 security fixes in the December 2021 Patch Tuesday. Included were seven critical vulnerabilities and six zero-day security flaws. One of the zero-days was a bug in the Windows AppX Installer that is being actively exploited in the wild to spread Emotet, Trickbot, and Bazaloader malware.

A month prior, 55 vulnerabilities were tackled during the November 2021 Patch Tuesday.

This month Microsoft published an emergency resolution for a bug affecting on-premise Exchange Servers. A date-check failure glitch prevented mail to move smoothly through the transport queues of Exchange Server 2016 and Exchange Server 2019.

In March last year, Microsoft fixed four Exchange vulnerabilities exploited by a China-based hacking group referred to as “Hafnium,” blamed for data thefts from US Defense contractors and private sector firms.

Mitre Methodologies

[T1068] – Exploitation for Privilege Escalation

Further Information

January 11, 2022—KB5009566 (OS Build 22000.434)