Microsoft Starts 2022 with 97 CVEs in January Patch Tuesday

Microsoft Starts 2022 with 97 CVEs in January Patch Tuesday

Microsoft began the year by publishing fixes for nearly a century of vulnerabilities, nine of which were rated critical and six of which were publicly disclosed.

The Windows OS updates issued this month will fix all of the known bugs, according to Ivanti VP of product management, Chris Goettl.

“While there are no known exploited vulnerabilities this month, the six publicly disclosed vulnerabilities may warrant more immediate attention as they could have exposed proof-of-concept code or other details that can give adversaries additional details to develop an exploit,” he warned.

These include: CVE-2022-21839, a denial of service vulnerability in the Windows event tracing discretionary access control list; an elevation of privilege flaw in Windows user profile service (CVE-2022-21919); and a Windows certificates spoofing vulnerability (CVE-2022-21836).

The remaining three publicly disclosed flaws are remote code execution bugs in Windows Security Center API (CVE-2022-21874), libarchive (CVE-2021-36976) and open source curl (CVE-2021-22947).

According to Automox, this month’s Patch Tuesday has the highest number of critical CVEs since July 2021.

There’s plenty more to keep sysadmins busy. Mozilla resolved 18 CVEs, including nine rated critical in three updates, impacting Mozilla Thunderbird, Firefox and Firefox ESR. Adobe issued five updates resolving 41 vulnerabilities, 22

Read More: https://www.infosecurity-magazine.com/news/microsoft-starts-2022-with-97-cves/