January 2022 Patch Tuesday Index

Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in January's Patch Tuesday Index below.

Microsoft is starting this year with a bang with 97 vulnerabilities, more than all but two months in 2021. The number of reported critical vulnerabilities is also causing ITOps and SecOps teams to start the year off with extra work. January’s 9 critical vulnerabilities is slightly higher than last year's monthly average of 8.4 and it represents the highest monthly total since July 2021. Fortunately, Microsoft did not have any exploited vulnerabilities to report for this month.

Adobe released updates for 5 of their products including Adobe Acrobat & Reader, Illustrator, Bridge, InCopy, and InDesign. All 5 bulletins were given Adobe Priority 3 except for Acrobat & Reader which earned a Priority 2. In total, there were 41 CVEs from Adobe, including 22 Critical, 6 High, and 13 Medium.

Last week, Google announced the release of Chrome 97 in the stable channel with a total of 37 security fixes. Of these, 24 vulnerabilities were uncovered by external researchers while the other 13 were uncovered by Google as part of its ongoing internal security work. There were 2 Critical vulnerabilities in the batch, with the only Critical external vulnerability being CVE-2022-0096.

Mozilla also released their first 3 security bulletins of 2022. All 3 bulletins were rated High and included a total of 18 vulnerabilities spanning across Firefox, Firefox ESR, and Thunderbird.

Last Updated 1:24 PM ET - January 11, 2021.

Google Chrome
Product	Title	Identifier	Severity
Chrome	CVE-2022-0096 Use after free in Storage	CVE-2022-0096	Critical
Chrome	CVE-2022-0097 Inappropriate implementation in DevTools	CVE-2022-0097	High
Chrome	CVE-2022-0098 Use after free in Screen Capture	CVE-2022-0098	High
Chrome	CVE-2022-0099 Use after free in Sign-in	CVE-2022-0099	High
Chrome	CVE-2022-0100 Heap buffer overflow in Media streams API	CVE-2022-0100	High
Chrome	CVE-2022-0101 Heap buffer overflow in Bookmarks	CVE-2022-0101	High
Chrome	CVE-2022-0102 Type Confusion in V8	CVE-2022-0102	High
Chrome	CVE-2022-0103 Use after free in SwiftShader	CVE-2022-0103	High
Chrome	CVE-2022-0104 Heap buffer overflow in ANGLE	CVE-2022-0104	High
Chrome	CVE-2022-0105 Use after free in PDF	CVE-2022-0105	High
Chrome	CVE-2022-0106 Use after free in Autofill	CVE-2022-0106	High
Chrome	CVE-2022-0107 Use after free in File Manager API	CVE-2022-0107	Medium
Chrome	CVE-2022-0108 Inappropriate implementation in Navigation	CVE-2022-0108	Medium
Chrome	CVE-2022-0109 Inappropriate implementation in Autofill	CVE-2022-0109	Medium
Chrome	CVE-2022-0110 Incorrect security UI in Autofill	CVE-2022-0110	Medium
Chrome	CVE-2022-0111 Inappropriate implementation in Navigation	CVE-2022-0111	Medium
Chrome	CVE-2022-0112 Incorrect security UI in Browser UI	CVE-2022-0112	Medium
Chrome	CVE-2022-0113 Inappropriate implementation in Blink	CVE-2022-0113	Medium
Chrome	CVE-2022-0114 Out of bounds memory access in Web Serial	CVE-2022-0114	Medium
Chrome	CVE-2022-0115 Uninitialized Use in File API	CVE-2022-0115	Medium
Chrome	CVE-2022-0116 Inappropriate implementation in Compositing	CVE-2022-0116	Medium
Chrome	CVE-2022-0117 Policy bypass in Service Workers	CVE-2022-0117	Low
Chrome	CVE-2022-0118 Inappropriate implementation in WebShare	CVE-2022-0118	Low
Chrome	CVE-2022-0120 Inappropriate implementation in Passwords	CVE-2022-0120	Low
Mozilla Firefox
Product	Title	Identifier	Severity
Firefox	18 security vulnerabilities fixed in Firefox 96	MFSA 2022-01	High
Firefox ESR	14 security vulnerabilities fixed in Firefox ESR 91.5	MFSA 2022-02	High
Thunderbird	14 security vulnerabilities fixed in Thunderbird 91.5	MFSA 2022-03	High
Adobe
Product	Title	Identifier	Severity
Adobe Acrobat & Reader	26 security vulnerabilities fixed in Acrobat & Reader	APSB22-01	Adobe Priority 2
Adobe Illustrator	2 security vulnerabilities fixed in Illustrator	APSB22-02	Adobe Priority 3
Adobe Bridge	6 security vulnerabilities fixed in Bridge	APSB22-03	Adobe Priority 3
Adobe InCopy	4 security vulnerabilities fixed in InCopy	APSB22-04	Adobe Priority 3
Adobe InDesign	3 security vulnerabilities fixed in InDesign	APSB22-05	Adobe Priority 3
Microsoft
Product	Title	Identifier	Severity
Open Source Software	Open Source Curl Remote Code Execution Vulnerability	CVE-2021-22947	Critical
Windows Virtual Machine IDE Drive	Virtual Machine IDE Drive Elevation of Privilege Vulnerability	CVE-2022-21833	Critical
Microsoft Office	Microsoft Office Remote Code Execution Vulnerability	CVE-2022-21840	Critical
Microsoft Exchange Server	Microsoft Exchange Server Remote Code Execution Vulnerability	CVE-2022-21846	Critical
Windows Active Directory	Active Directory Domain Services Elevation of Privilege Vulnerability	CVE-2022-21857	Critical
Windows DirectX	DirectX Graphics Kernel Remote Code Execution Vulnerability	CVE-2022-21898	Critical
Windows HTTP Protocol Stack	HTTP Protocol Stack Remote Code Execution Vulnerability	CVE-2022-21907	Critical
Windows DirectX	DirectX Graphics Kernel Remote Code Execution Vulnerability	CVE-2022-21912	Critical
Microsoft Windows Codecs Library	HEVC Video Extensions Remote Code Execution Vulnerability	CVE-2022-21917	Critical
Windows Libarchive	Libarchive Remote Code Execution Vulnerability	CVE-2021-36976	High
Windows Certificates	Windows Certificate Spoofing Vulnerability	CVE-2022-21836	High
Windows Event Tracing	Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability	CVE-2022-21839	High
Windows Defender	Windows Security Center API Remote Code Execution Vulnerability	CVE-2022-21874	High
Windows User Profile Service	Windows User Profile Service Elevation of Privilege Vulnerability	CVE-2022-21919	High
Windows User-mode Driver Framework	Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability	CVE-2022-21834	High
Windows Cryptographic Services	Microsoft Cryptographic Services Elevation of Privilege Vulnerability	CVE-2022-21835	High
Microsoft Office SharePoint	Microsoft SharePoint Server Remote Code Execution Vulnerability	CVE-2022-21837	High
Windows Cleanup Manager	Windows Cleanup Manager Elevation of Privilege Vulnerability	CVE-2022-21838	High
Microsoft Office Excel	Microsoft Excel Remote Code Execution Vulnerability	CVE-2022-21841	High
Microsoft Office Word	Microsoft Word Remote Code Execution Vulnerability	CVE-2022-21842	High
Windows IKE Extension	Windows IKE Extension Denial of Service Vulnerability	CVE-2022-21843	High
Role: Windows Hyper-V	Windows Hyper-V Denial of Service Vulnerability	CVE-2022-21847	High
Windows IKE Extension	Windows IKE Extension Denial of Service Vulnerability	CVE-2022-21848	High
Windows IKE Extension	Windows IKE Extension Remote Code Execution Vulnerability	CVE-2022-21849	High
Windows RDP	Remote Desktop Client Remote Code Execution Vulnerability	CVE-2022-21850	High
Windows RDP	Remote Desktop Client Remote Code Execution Vulnerability	CVE-2022-21851	High
Windows DWM Core Library	Windows DWM Core Library Elevation of Privilege Vulnerability	CVE-2022-21852	High
Microsoft Exchange Server	Microsoft Exchange Server Remote Code Execution Vulnerability	CVE-2022-21855	High
Windows Bind Filter Driver	Windows Bind Filter Driver Elevation of Privilege Vulnerability	CVE-2022-21858	High
Windows Account Control	Windows Accounts Control Elevation of Privilege Vulnerability	CVE-2022-21859	High
Windows AppContracts API Server	Windows AppContracts API Server Elevation of Privilege Vulnerability	CVE-2022-21860	High
Windows Task Flow Data Engine	Task Flow Data Engine Elevation of Privilege Vulnerability	CVE-2022-21861	High
Windows Application Model	Windows Application Model Core API Elevation of Privilege Vulnerability	CVE-2022-21862	High
Windows StateRepository API	Windows StateRepository API Server file Elevation of Privilege Vulnerability	CVE-2022-21863	High
Windows UI Immersive Server	Windows UI Immersive Server API Elevation of Privilege Vulnerability	CVE-2022-21864	High
Windows Connected Devices Platform Service	Connected Devices Platform Service Elevation of Privilege Vulnerability	CVE-2022-21865	High
Windows System Launcher	Windows System Launcher Elevation of Privilege Vulnerability	CVE-2022-21866	High
Windows Push Notifications	Windows Push Notifications Apps Elevation Of Privilege Vulnerability	CVE-2022-21867	High
Windows Devices Human Interface	Windows Devices Human Interface Elevation of Privilege Vulnerability	CVE-2022-21868	High
Windows Clipboard User Service	Clipboard User Service Elevation of Privilege Vulnerability	CVE-2022-21869	High
Tablet Windows User Interface	Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability	CVE-2022-21870	High
Windows Diagnostic Hub	Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability	CVE-2022-21871	High
Windows Event Tracing	Windows Event Tracing Elevation of Privilege Vulnerability	CVE-2022-21872	High
Windows Tile Data Repository	Tile Data Repository Elevation of Privilege Vulnerability	CVE-2022-21873	High
Windows Storage	Windows Storage Elevation of Privilege Vulnerability	CVE-2022-21875	High
Windows Win32K	Win32k Information Disclosure Vulnerability	CVE-2022-21876	High
Windows Storage Spaces Controller	Storage Spaces Controller Information Disclosure Vulnerability	CVE-2022-21877	High
Windows Geolocation Service	Windows Geolocation Service Remote Code Execution Vulnerability	CVE-2022-21878	High
Windows Kernel	Windows Kernel Elevation of Privilege Vulnerability	CVE-2022-21879	High
Microsoft Graphics Component	Windows GDI+ Information Disclosure Vulnerability	CVE-2022-21880	High
Windows Kernel	Windows Kernel Elevation of Privilege Vulnerability	CVE-2022-21881	High
Windows Win32K	Win32k Elevation of Privilege Vulnerability	CVE-2022-21882	High
Windows IKE Extension	Windows IKE Extension Denial of Service Vulnerability	CVE-2022-21883	High
Windows Local Security Authority Subsystem Service	Local Security Authority Subsystem Service Elevation of Privilege Vulnerability	CVE-2022-21884	High
Windows Remote Access Connection Manager	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	CVE-2022-21885	High
Windows Win32K	Win32k Elevation of Privilege Vulnerability	CVE-2022-21887	High
Windows Modern Execution Server	Windows Modern Execution Server Remote Code Execution Vulnerability	CVE-2022-21888	High
Windows IKE Extension	Windows IKE Extension Denial of Service Vulnerability	CVE-2022-21889	High
Windows IKE Extension	Windows IKE Extension Denial of Service Vulnerability	CVE-2022-21890	High
Microsoft Dynamics	Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability	CVE-2022-21891	High
Windows Resilient File System (ReFS)	Windows Resilient File System (ReFS) Remote Code Execution Vulnerability	CVE-2022-21892	High
Windows RDP	Remote Desktop Protocol Remote Code Execution Vulnerability	CVE-2022-21893	High
Windows Secure Boot	Secure Boot Security Feature Bypass Vulnerability	CVE-2022-21894	High
Windows User Profile Service	Windows User Profile Service Elevation of Privilege Vulnerability	CVE-2022-21895	High
Windows DWM Core Library	Windows DWM Core Library Elevation of Privilege Vulnerability	CVE-2022-21896	High
Windows Common Log File System Driver	Windows Common Log File System Driver Elevation of Privilege Vulnerability	CVE-2022-21897	High
Windows UEFI	Windows Extensible Firmware Interface Security Feature Bypass Vulnerability	CVE-2022-21899	High
Role: Windows Hyper-V	Windows Hyper-V Security Feature Bypass Vulnerability	CVE-2022-21900	High
Role: Windows Hyper-V	Windows Hyper-V Elevation of Privilege Vulnerability	CVE-2022-21901	High
Windows DWM Core Library	Windows DWM Core Library Elevation of Privilege Vulnerability	CVE-2022-21902	High
Microsoft Graphics Component	Windows GDI Elevation of Privilege Vulnerability	CVE-2022-21903	High
Microsoft Graphics Component	Windows GDI Information Disclosure Vulnerability	CVE-2022-21904	High
Role: Windows Hyper-V	Windows Hyper-V Security Feature Bypass Vulnerability	CVE-2022-21905	High
Windows Defender	Windows Defender Application Control Security Feature Bypass Vulnerability	CVE-2022-21906	High
Windows Installer	Windows Installer Elevation of Privilege Vulnerability	CVE-2022-21908	High
Windows Cluster Port Driver	Microsoft Cluster Port Driver Elevation of Privilege Vulnerability	CVE-2022-21910	High
.NET Framework and ASP.NET	.NET Framework and ASP.NET Denial of Service Vulnerability	CVE-2022-21911	High
Windows Local Security Authority	Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass	CVE-2022-21913	High
Windows Remote Access Connection Manager	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	CVE-2022-21914	High
Microsoft Graphics Component	Windows GDI+ Information Disclosure Vulnerability	CVE-2022-21915	High
Windows Common Log File System Driver	Windows Common Log File System Driver Elevation of Privilege Vulnerability	CVE-2022-21916	High
Windows DirectX	DirectX Graphics Kernel File Denial of Service Vulnerability	CVE-2022-21918	High
Windows Kerberos	Windows Kerberos Elevation of Privilege Vulnerability	CVE-2022-21920	High
Windows Defender	Windows Defender Credential Guard Security Feature Bypass Vulnerability	CVE-2022-21921	High
Windows Remote Procedure Call Runtime	Remote Procedure Call Runtime Remote Code Execution Vulnerability	CVE-2022-21922	High
Windows Workstation Service Remote Protocol	Workstation Service Remote Protocol Security Feature Bypass Vulnerability	CVE-2022-21924	High
Windows BackupKey Remote Protocol	Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability	CVE-2022-21925	High
Windows Resilient File System (ReFS)	Windows Resilient File System (ReFS) Remote Code Execution Vulnerability	CVE-2022-21928	High
Microsoft Dynamics	Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability	CVE-2022-21932	High
Windows Resilient File System (ReFS)	Windows Resilient File System (ReFS) Remote Code Execution Vulnerability	CVE-2022-21958	High
Windows Resilient File System (ReFS)	Windows Resilient File System (ReFS) Remote Code Execution Vulnerability	CVE-2022-21959	High
Windows Resilient File System (ReFS)	Windows Resilient File System (ReFS) Remote Code Execution Vulnerability	CVE-2022-21960	High
Windows Resilient File System (ReFS)	Windows Resilient File System (ReFS) Remote Code Execution Vulnerability	CVE-2022-21961	High
Windows Resilient File System (ReFS)	Windows Resilient File System (ReFS) Remote Code Execution Vulnerability	CVE-2022-21962	High
Windows Resilient File System (ReFS)	Windows Resilient File System (ReFS) Remote Code Execution Vulnerability	CVE-2022-21963	High
Windows Remote Desktop	Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability	CVE-2022-21964	High
Microsoft Exchange Server	Microsoft Exchange Server Remote Code Execution Vulnerability	CVE-2022-21969	High

About Automox for IT Operations

Today’s IT leaders deserve better than tedious legacy tools to manage their infrastructure. From our single cloud-native platform, automate and scale your IT operations to meet the growing business demands of the modern workforce. With complete visibility of your entire environment, you can easily monitor, identify, and respond to issues in real-time across any endpoint, regardless of OS or location.

Demo Automox to see how you can immediately gain effortless command of your endpoints.

Platform View overview

Automation

Configuration

Patching

Vulnerability Remediation

Remote Control

Reporting

Deployment

Cloud Architecture

Services & Support Plans

Security

Ratings & Reviews

Automated Cross-OS Updates

Visibility & Reporting

Automated Software Updates

Zero-Hardware IT Cloud

Automated Configuration

Cross-Platform Troubleshooting

January 2022 Patch Tuesday Index

Connect With Us

Dive deeper into this topic

Start your free trial.