Microsoft in this month’s Tuesday patch update has addressed over 96 security vulnerabilities! This is by far the maximum the company did through a month’s Tuesday update.
The vulnerabilities include and belong to remote code execution (RCE) exploits, privilege escalation flaws, spoofing issues, and cross-site scripting (XSS) vulnerabilities. Among them, there are six zero-day vulnerabilities, and none of them were exploited in the wild, before patching.
Microsoft’s January 2022 Tuesday Update
On the second Tuesday of every month, Microsoft pushes a security update to all its Windows devices around the world. And this update should contain patches for all the known and unknown vulnerabilities in Windows systems, both old and new.
In this course, the company has patched over 96 security vulnerabilities in this month’s Tuesday update. These vulnerabilities impact Microsoft’s Exchange Server, the Office software line, Windows Defender, Windows Kernel, RDP, Cryptographic Services, Windows Certificate, and Microsoft Teams.
And among them, there were six zero-day vulnerabilities, which Microsoft stated as;
- CVE-2021-22947: HackerOne assigned CVE: An open-source Curl RCE allowing for Man-in-The-Middle (MiTM) attacks.
- CVE-2021-36976: MITRE assigned CVE: An open-source Libarchive use-after-free bug leading to RCE.
- CVE-2022-21874: A local Windows Security Center API RCE vulnerability (CVSS 7.8).
- CVE-2022-21919: A Windows User Profile Service Elevation of Privilege security issue (CVSS 7.0), PoC exploit code recorded.
- CVE-2022-21839: Windows Event Tracing Discretionary Access Control List Denial-of-Service (DoS) (CVSS 6.1).
- CVE-2022-21836: Windows Certificate spoofing, PoC code recorded (CVSS 7.8).
Though all these bugs are now patched, this is an unusual routine for Microsoft as it never had these many numbers of bugs secured in one Tuesday update. On average, the company ticks patches for roughly half this number.
Last month, the company secured 67 bugs during the Patch Tuesday update. Six among them are critical zero-day security flaws, says Microsoft. And before that, the company has patched about 55 security vulnerabilities during the November 2021 Patch Tuesday.
Besides patching, Microsoft has also unveiled a new Security Update Guide notification system, which now supports signup with a standard email address, rather than only Live IDs.
Other Trending News:- News