Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in January's Patch Tuesday Index below.
Microsoft is starting this year with a bang with 97 vulnerabilities, more than all but two months in 2021. The number of reported critical vulnerabilities is also causing ITOps and SecOps teams to start the year off with extra work. January’s 9 critical vulnerabilities is slightly higher than last year's monthly average of 8.4 and it represents the highest monthly total since July 2021. Fortunately, Microsoft did not have any exploited vulnerabilities to report for this month.
Adobe released updates for 5 of their products including Adobe Acrobat & Reader, Illustrator, Bridge, InCopy, and InDesign. All 5 bulletins were given Adobe Priority 3 except for Acrobat & Reader which earned a Priority 2. In total, there were 41 CVEs from Adobe, including 22 Critical, 6 High, and 13 Medium.
Last week, Google announced the release of Chrome 97 in the stable channel with a total of 37 security fixes. Of these, 24 vulnerabilities were uncovered by external researchers while the other 13 were uncovered by Google as part of its ongoing internal security work. There were 2 Critical vulnerabilities in the batch, with the only Critical external vulnerability being CVE-2022-0096.
Mozilla also released their first 3 security bulletins of 2022. All 3 bulletins were rated High and included a total of 18 vulnerabilities spanning across Firefox, Firefox ESR, and Thunderbird.
Last Updated 1:24 PM ET - January 11, 2021.
Google Chrome | |||
Product |
Title
|
Identifier
|
Severity
|
Chrome | CVE-2022-0096 Use after free in Storage | CVE-2022-0096 | Critical |
Chrome | CVE-2022-0097 Inappropriate implementation in DevTools | CVE-2022-0097 | High |
Chrome | CVE-2022-0098 Use after free in Screen Capture | CVE-2022-0098 | High |
Chrome | CVE-2022-0099 Use after free in Sign-in | CVE-2022-0099 | High |
Chrome | CVE-2022-0100 Heap buffer overflow in Media streams API | CVE-2022-0100 | High |
Chrome | CVE-2022-0101 Heap buffer overflow in Bookmarks | CVE-2022-0101 | High |
Chrome | CVE-2022-0102 Type Confusion in V8 | CVE-2022-0102 | High |
Chrome | CVE-2022-0103 Use after free in SwiftShader | CVE-2022-0103 | High |
Chrome | CVE-2022-0104 Heap buffer overflow in ANGLE | CVE-2022-0104 | High |
Chrome | CVE-2022-0105 Use after free in PDF | CVE-2022-0105 | High |
Chrome | CVE-2022-0106 Use after free in Autofill | CVE-2022-0106 | High |
Chrome | CVE-2022-0107 Use after free in File Manager API | CVE-2022-0107 | Medium |
Chrome | CVE-2022-0108 Inappropriate implementation in Navigation | CVE-2022-0108 | Medium |
Chrome | CVE-2022-0109 Inappropriate implementation in Autofill | CVE-2022-0109 | Medium |
Chrome | CVE-2022-0110 Incorrect security UI in Autofill | CVE-2022-0110 | Medium |
Chrome | CVE-2022-0111 Inappropriate implementation in Navigation | CVE-2022-0111 | Medium |
Chrome | CVE-2022-0112 Incorrect security UI in Browser UI | CVE-2022-0112 | Medium |
Chrome | CVE-2022-0113 Inappropriate implementation in Blink | CVE-2022-0113 | Medium |
Chrome | CVE-2022-0114 Out of bounds memory access in Web Serial | CVE-2022-0114 | Medium |
Chrome | CVE-2022-0115 Uninitialized Use in File API | CVE-2022-0115 | Medium |
Chrome | CVE-2022-0116 Inappropriate implementation in Compositing | CVE-2022-0116 | Medium |
Chrome | CVE-2022-0117 Policy bypass in Service Workers | CVE-2022-0117 | Low |
Chrome | CVE-2022-0118 Inappropriate implementation in WebShare | CVE-2022-0118 | Low |
Chrome | CVE-2022-0120 Inappropriate implementation in Passwords | CVE-2022-0120 | Low |
Mozilla Firefox | |||
Product |
Title
|
Identifier
|
Severity
|
Firefox | 18 security vulnerabilities fixed in Firefox 96 | MFSA 2022-01 | High |
Firefox ESR | 14 security vulnerabilities fixed in Firefox ESR 91.5 | MFSA 2022-02 | High |
Thunderbird | 14 security vulnerabilities fixed in Thunderbird 91.5 | MFSA 2022-03 | High |
Adobe | |||
Product |
Title
|
Identifier
|
Severity
|
Adobe Acrobat & Reader | 26 security vulnerabilities fixed in Acrobat & Reader | APSB22-01 | Adobe Priority 2 |
Adobe Illustrator | 2 security vulnerabilities fixed in Illustrator | APSB22-02 | Adobe Priority 3 |
Adobe Bridge | 6 security vulnerabilities fixed in Bridge | APSB22-03 | Adobe Priority 3 |
Adobe InCopy | 4 security vulnerabilities fixed in InCopy | APSB22-04 | Adobe Priority 3 |
Adobe InDesign | 3 security vulnerabilities fixed in InDesign | APSB22-05 | Adobe Priority 3 |
Microsoft | |||
Product |
Title
|
Identifier
|
Severity
|
Open Source Software | Open Source Curl Remote Code Execution Vulnerability | CVE-2021-22947 | Critical |
Windows Virtual Machine IDE Drive | Virtual Machine IDE Drive Elevation of Privilege Vulnerability | CVE-2022-21833 | Critical |
Microsoft Office | Microsoft Office Remote Code Execution Vulnerability | CVE-2022-21840 | Critical |
Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2022-21846 | Critical |
Windows Active Directory | Active Directory Domain Services Elevation of Privilege Vulnerability | CVE-2022-21857 | Critical |
Windows DirectX | DirectX Graphics Kernel Remote Code Execution Vulnerability | CVE-2022-21898 | Critical |
Windows HTTP Protocol Stack | HTTP Protocol Stack Remote Code Execution Vulnerability | CVE-2022-21907 | Critical |
Windows DirectX | DirectX Graphics Kernel Remote Code Execution Vulnerability | CVE-2022-21912 | Critical |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2022-21917 | Critical |
Windows Libarchive | Libarchive Remote Code Execution Vulnerability | CVE-2021-36976 | High |
Windows Certificates | Windows Certificate Spoofing Vulnerability | CVE-2022-21836 | High |
Windows Event Tracing | Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability | CVE-2022-21839 | High |
Windows Defender | Windows Security Center API Remote Code Execution Vulnerability | CVE-2022-21874 | High |
Windows User Profile Service | Windows User Profile Service Elevation of Privilege Vulnerability | CVE-2022-21919 | High |
Windows User-mode Driver Framework | Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability | CVE-2022-21834 | High |
Windows Cryptographic Services | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | CVE-2022-21835 | High |
Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2022-21837 | High |
Windows Cleanup Manager | Windows Cleanup Manager Elevation of Privilege Vulnerability | CVE-2022-21838 | High |
Microsoft Office Excel | Microsoft Excel Remote Code Execution Vulnerability | CVE-2022-21841 | High |
Microsoft Office Word | Microsoft Word Remote Code Execution Vulnerability | CVE-2022-21842 | High |
Windows IKE Extension | Windows IKE Extension Denial of Service Vulnerability | CVE-2022-21843 | High |
Role: Windows Hyper-V | Windows Hyper-V Denial of Service Vulnerability | CVE-2022-21847 | High |
Windows IKE Extension | Windows IKE Extension Denial of Service Vulnerability | CVE-2022-21848 | High |
Windows IKE Extension | Windows IKE Extension Remote Code Execution Vulnerability | CVE-2022-21849 | High |
Windows RDP | Remote Desktop Client Remote Code Execution Vulnerability | CVE-2022-21850 | High |
Windows RDP | Remote Desktop Client Remote Code Execution Vulnerability | CVE-2022-21851 | High |
Windows DWM Core Library | Windows DWM Core Library Elevation of Privilege Vulnerability | CVE-2022-21852 | High |
Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2022-21855 | High |
Windows Bind Filter Driver | Windows Bind Filter Driver Elevation of Privilege Vulnerability | CVE-2022-21858 | High |
Windows Account Control | Windows Accounts Control Elevation of Privilege Vulnerability | CVE-2022-21859 | High |
Windows AppContracts API Server | Windows AppContracts API Server Elevation of Privilege Vulnerability | CVE-2022-21860 | High |
Windows Task Flow Data Engine | Task Flow Data Engine Elevation of Privilege Vulnerability | CVE-2022-21861 | High |
Windows Application Model | Windows Application Model Core API Elevation of Privilege Vulnerability | CVE-2022-21862 | High |
Windows StateRepository API | Windows StateRepository API Server file Elevation of Privilege Vulnerability | CVE-2022-21863 | High |
Windows UI Immersive Server | Windows UI Immersive Server API Elevation of Privilege Vulnerability | CVE-2022-21864 | High |
Windows Connected Devices Platform Service | Connected Devices Platform Service Elevation of Privilege Vulnerability | CVE-2022-21865 | High |
Windows System Launcher | Windows System Launcher Elevation of Privilege Vulnerability | CVE-2022-21866 | High |
Windows Push Notifications | Windows Push Notifications Apps Elevation Of Privilege Vulnerability | CVE-2022-21867 | High |
Windows Devices Human Interface | Windows Devices Human Interface Elevation of Privilege Vulnerability | CVE-2022-21868 | High |
Windows Clipboard User Service | Clipboard User Service Elevation of Privilege Vulnerability | CVE-2022-21869 | High |
Tablet Windows User Interface | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | CVE-2022-21870 | High |
Windows Diagnostic Hub | Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability | CVE-2022-21871 | High |
Windows Event Tracing | Windows Event Tracing Elevation of Privilege Vulnerability | CVE-2022-21872 | High |
Windows Tile Data Repository | Tile Data Repository Elevation of Privilege Vulnerability | CVE-2022-21873 | High |
Windows Storage | Windows Storage Elevation of Privilege Vulnerability | CVE-2022-21875 | High |
Windows Win32K | Win32k Information Disclosure Vulnerability | CVE-2022-21876 | High |
Windows Storage Spaces Controller | Storage Spaces Controller Information Disclosure Vulnerability | CVE-2022-21877 | High |
Windows Geolocation Service | Windows Geolocation Service Remote Code Execution Vulnerability | CVE-2022-21878 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2022-21879 | High |
Microsoft Graphics Component | Windows GDI+ Information Disclosure Vulnerability | CVE-2022-21880 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2022-21881 | High |
Windows Win32K | Win32k Elevation of Privilege Vulnerability | CVE-2022-21882 | High |
Windows IKE Extension | Windows IKE Extension Denial of Service Vulnerability | CVE-2022-21883 | High |
Windows Local Security Authority Subsystem Service | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | CVE-2022-21884 | High |
Windows Remote Access Connection Manager | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | CVE-2022-21885 | High |
Windows Win32K | Win32k Elevation of Privilege Vulnerability | CVE-2022-21887 | High |
Windows Modern Execution Server | Windows Modern Execution Server Remote Code Execution Vulnerability | CVE-2022-21888 | High |
Windows IKE Extension | Windows IKE Extension Denial of Service Vulnerability | CVE-2022-21889 | High |
Windows IKE Extension | Windows IKE Extension Denial of Service Vulnerability | CVE-2022-21890 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | CVE-2022-21891 | High |
Windows Resilient File System (ReFS) | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | CVE-2022-21892 | High |
Windows RDP | Remote Desktop Protocol Remote Code Execution Vulnerability | CVE-2022-21893 | High |
Windows Secure Boot | Secure Boot Security Feature Bypass Vulnerability | CVE-2022-21894 | High |
Windows User Profile Service | Windows User Profile Service Elevation of Privilege Vulnerability | CVE-2022-21895 | High |
Windows DWM Core Library | Windows DWM Core Library Elevation of Privilege Vulnerability | CVE-2022-21896 | High |
Windows Common Log File System Driver | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2022-21897 | High |
Windows UEFI | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | CVE-2022-21899 | High |
Role: Windows Hyper-V | Windows Hyper-V Security Feature Bypass Vulnerability | CVE-2022-21900 | High |
Role: Windows Hyper-V | Windows Hyper-V Elevation of Privilege Vulnerability | CVE-2022-21901 | High |
Windows DWM Core Library | Windows DWM Core Library Elevation of Privilege Vulnerability | CVE-2022-21902 | High |
Microsoft Graphics Component | Windows GDI Elevation of Privilege Vulnerability | CVE-2022-21903 | High |
Microsoft Graphics Component | Windows GDI Information Disclosure Vulnerability | CVE-2022-21904 | High |
Role: Windows Hyper-V | Windows Hyper-V Security Feature Bypass Vulnerability | CVE-2022-21905 | High |
Windows Defender | Windows Defender Application Control Security Feature Bypass Vulnerability | CVE-2022-21906 | High |
Windows Installer | Windows Installer Elevation of Privilege Vulnerability | CVE-2022-21908 | High |
Windows Cluster Port Driver | Microsoft Cluster Port Driver Elevation of Privilege Vulnerability | CVE-2022-21910 | High |
.NET Framework and ASP.NET | .NET Framework and ASP.NET Denial of Service Vulnerability | CVE-2022-21911 | High |
Windows Local Security Authority | Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass | CVE-2022-21913 | High |
Windows Remote Access Connection Manager | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | CVE-2022-21914 | High |
Microsoft Graphics Component | Windows GDI+ Information Disclosure Vulnerability | CVE-2022-21915 | High |
Windows Common Log File System Driver | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2022-21916 | High |
Windows DirectX | DirectX Graphics Kernel File Denial of Service Vulnerability | CVE-2022-21918 | High |
Windows Kerberos | Windows Kerberos Elevation of Privilege Vulnerability | CVE-2022-21920 | High |
Windows Defender | Windows Defender Credential Guard Security Feature Bypass Vulnerability | CVE-2022-21921 | High |
Windows Remote Procedure Call Runtime | Remote Procedure Call Runtime Remote Code Execution Vulnerability | CVE-2022-21922 | High |
Windows Workstation Service Remote Protocol | Workstation Service Remote Protocol Security Feature Bypass Vulnerability | CVE-2022-21924 | High |
Windows BackupKey Remote Protocol | Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability | CVE-2022-21925 | High |
Windows Resilient File System (ReFS) | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | CVE-2022-21928 | High |
Microsoft Dynamics | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | CVE-2022-21932 | High |
Windows Resilient File System (ReFS) | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | CVE-2022-21958 | High |
Windows Resilient File System (ReFS) | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | CVE-2022-21959 | High |
Windows Resilient File System (ReFS) | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | CVE-2022-21960 | High |
Windows Resilient File System (ReFS) | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | CVE-2022-21961 | High |
Windows Resilient File System (ReFS) | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | CVE-2022-21962 | High |
Windows Resilient File System (ReFS) | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | CVE-2022-21963 | High |
Windows Remote Desktop | Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability | CVE-2022-21964 | High |
Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2022-21969 | High |
About Automox for IT Operations
Today’s IT leaders deserve better than tedious legacy tools to manage their infrastructure. From our single cloud-native platform, automate and scale your IT operations to meet the growing business demands of the modern workforce. With complete visibility of your entire environment, you can easily monitor, identify, and respond to issues in real-time across any endpoint, regardless of OS or location.
Demo Automox to see how you can immediately gain effortless command of your endpoints.